Promote a Sandbox Scan

Developer Sandbox

After completing a sandbox scan, you have the option to promote the sandbox scan to a policy scan that counts toward your policy compliance score. You can promote a sandbox as part of integration testing, to validate the security of your application before you promote it to policy.

About this task

Among the sandboxes you use to test different versions of code or components of the application,Veracode recommends that you designate one sandbox to use for promotion purposes. Apply all mitigations on the sandbox designated for promotion to achieve policy compliance, and only promote from this sandbox. You can only promote the most recent scan, and you must have completed at least one policy scan of the application before you can promote a sandbox scan of that application.

Note: Before promoting a scan, verify that you have uploaded all the modules of the full application.

To promote a sandbox scan:


  1. From the application overview page, click Sandboxes on the left navigation menu.
  2. Click the name of the sandbox you use for promotion.
  3. Click the name of the most recent scan.
    Note: If the most recent scan is in progress or incomplete, you cannot promote an earlier scan from the same sandbox.
  4. Click and select Promote Scan.
  5. Click Continue to promote the scan.
    After you promote the scan, it appears in the Policy Evaluation section of the application page and in the list of completed policy scans. The name of the scan is appended with (Promoted) to indicate that you promoted it from a sandbox to a policy scan. Flaw data in promoted sandbox scans appears in all data exports and in Veracode Analytics.