Requesting a Scan

Static Analysis

Requesting a Scan

Veracode supports scan processes for the following two types of applications:

Internally developed scan workflow
In this scenario, you own the intellectual property for the application that you want to scan and have access to the source code to remediate any detected flaws. You receive a detailed list of flaws in the application with remediation guidelines.
Third-party scan workflow
In this scenario, you are purchasing or have purchased the application from a third party (vendor) who controls the intellectual property for the application. The vendor has access to the source code to remediate any flaws found. You receive a summary report with a security rating and a summary of the top flaw categories found in the application, and the vendor receives a detailed list of the detected flaws with remediation guidelines.

To request a scan of your internally developed application, you must do the following:

  1. Create an application profile
  2. Specify which teams can access an application
  3. Choose a scan type
  4. Upload binaries, including dependencies (if you are doing a static scan)
  5. Provide DynamicDS scan parameters (if you are doing a DynamicDS scan)
  6. Check the status of a scan in progress
  7. Review the expected turnaround time

To request a scan of an application developed by a third party, you must do the following:

  1. Request a third-party scan
  2. Choose a scan type
  3. Check the status of a scan in progress

If you are a vendor receiving a third-party scan request, you must do the following:

  1. Accept the third-party scan request
  2. Upload binaries (if you are doing a static scan)
  3. Provide DynamicDS scan parameters (if you are doing a DynamicDS scan)
  4. Rescan or publish results to the enterprise customer