Scans Explore Data Dictionary

Analytics

The following definitions describe the dimensions and measures used on the scans explore in Veracode Analytics.

Applications Dimensions

Dimension Description
Application Custom Fields The metadata entered in application custom fields 1-25. Located from Application > Metadata > Asset > Custom Fields.
Application ID The unique numerical identifier associated with the application profile, provided by Veracode.
Application Name The name of the application, created by the user when creating an application on the Veracode Platform.
Application Passed Policy (Yes/No) Determines if the application did or did not pass policy compliance. Values are Yes or No.
Application Purpose The business purpose of the application, located from the application metadata.
Application Rescanned (Yes/No) Determines if the application was rescanned. Values are Yes or No.
Application Scanned (Yes/No) Determines if the application was scanned. Values are Yes or No.
Archer Application Name The application name where the data is published to Archer. Located from Application > Metadata > Archer Name.
Business Owner Email The email address associated with the business owner of the application.
Business Owner Name The first and last name of the user responsible for the application. Located from Application > Profile > Organizational Information.
Business Unit The name of the business unit.
Created Date The date the application was created.
Current Policy The current policy associated with the application.
Current Policy Compliance The application policy compliance based on the latest scan results.
Industry The type of industry for which the application is used. Located from Application > Metadata > Industry.
Initial Published Date The earliest date that a scan for the application was published.
Latest Published Date The most-recent date that a scan for the application was published.
License Account Scans licensed by this account. For third-party applications, it is the account that paid for the scan. For SDLC applications, it is the same as the scanning account.
License Type The type of license: SDLC license or Third-party license. Most applications are software delivery lifecycle (SDLC) license, third-party license type is not commonly used. Veracode offers you the ability to scan your software supplier partners through the Veracode Platform. Values are either SDLC for internal testing of first-party software or third-party for permitting a software supplier to test the code they are developing for the Veracode user.
Requested a Consultation Veracode offers the ability to schedule a consultation with application security consultants to better understand Veracode scanning and results. Values are No Readout Requested or Readout Requested based on if the application has had a consultation requested.
Scanning Account The account where scans occurred. For software delivery lifecycle (SDLC) applications, it is the same as the licensed account. For third-party applications, it is the vendor account. Third-party applications are not commonly used.
Scanning Status The scanning status for the application. Values are DynamicMP + SDLC, DynamicMP Only, No Published Policy Scans, and SDLC only.
Tags List The list of tags for the application that are added from the application metadata. Veracode allows users to provide a tag to organize their applications as part of the application metadata.
Web Application Flag Determines if the application is a web application or not. This flag is set on the application metadata page.

Applications Measures

Measure Description
Application Scan Counts The total count of applications scanned, rescanned, and not scanned in the past 90 and 365 days.
Applications with Consultations The count of applications for which security consultations have been requested.
Count The count of distinct application IDs
Percentage of Applications with Consultation Requests The percentage of applications for which a consultation call was requested.

Scan Dimensions

Dimension Description
Analysis Type The type of analysis. Values are Static, Manual, DynamicMP, DynamicDS.
Dynamic Scan Times The dynamic scan duration tiers.
First Scan Determines if the scan was or was not the first scan for the application. Values are Yes or No.
First Published Date Quarter The first date the scan was published. In the majority of cases, only Initial Published Date is used.
Is Most Recent Scan Determines if the scan is or is not the most recent scan.
Number of Flaws - General Dimensions on specific flaw data such as number of new flaws, existing flaws, mitigated flaws, reopened flaws.
Number of Severity 0 (Informational Flaws) The number of flaws that are S0 severity. You can filter on additional dimensions such as number of S0 flaws with proposed, rejected, and mitigated flaws.
Number of Severity 1 (Very Low Flaws) The number of flaws that are S1 severity. You can filter on additional dimensions such as number of S1 flaws with proposed, rejected, and mitigated flaws.
Number of Severity 2 (Low Flaws) The number of flaws that are S2 severity. You can filter on additional dimensions such as number of S2 flaws with proposed, rejected, and mitigated flaws.
Number of Severity 3 (Medium Flaws) The number of flaws that are S3 severity. You can filter on additional dimensions such as number of S3 flaws with proposed, rejected, and mitigated flaws.
Number of Severity 4 (High Flaws) The number of flaws that are S4 severity. You can filter on additional dimensions such as number of S4 flaws with proposed, rejected and mitigated flaws.
Number of Severity 5 (Very High Flaws) The number of flaws that are S5 severity. You can filter on additional dimensions such as number of S5 flaws with proposed, rejected, and mitigated flaws.
Policy or Sandbox Determines whether the scan was a policy scan or a sandbox scan.
Prescan Information Information on specific prescan end and start times by Date, Month, Week, Quarter, Year. The usage of prescan dimensions is not common.
Prescan Submitted The prescans that were submitted successfully. The usage of prescan dimensions is not common.
Published (Yes/No) Determines whether the scan was published or not published. Values are Yes or No.
Published Date The date the scan was published. Use additional dimensions to filter on Date, Month, Week, Quarter, Time, or Year.
Sandbox Name The sandbox name for the scan.
Scan ID The identifier associated of the scan.
Scan Name The scan name.
Scan Policy The policy that was assigned to the application at the time of the scan.
Scan Policy Compliance The status of whether or not the scan results passed or failed the policy that was assigned at the time of the scan.
Scan State The current state of the scan. Values are Active or Deleted.
Submitted By API Account Determines if the scan was or was not submitted by an API account. Values are API account or Human Account.
Scan Published By The user who published the scan.
Scan Submit Information Dimensions on the user or API account who submitted the scan.
Scan Submitted By The user who submitted the scan.
Scan Submitted Date The date the scan was submitted.
Scan Time The time it took for the scan to complete. Use the additional dimensions to filter on Hours, Minutes, Seconds.
Scan Time Bucket The minutes of scan time grouped in different periods of time. Values are Less than 5 minutes, 5-10 minutes, 10-15 minutes, 15-30 minutes, 30-60 minutes, 1-4 hours, 4-16 hours, 16-40 hours, 40-96 hours, 96+ hours. This dimension is calculated from the scan submitted date to the scan published date. You can use this dimension to easily graph scan time data.
Score The security quality score for the scan, including mitigations.
Score without Mitigations The security quality score without mitigations.
Static Scan - General Dimensions on specific static scan details such as lines of code scanned, prescan duration, summarized results, and primary language scanned.
Static Scan- Primary Language Scanned The primary programming language of the application that was scanned.
Total Scan Times The periods of time for how long it takes for a scan to complete. Values are 15 minutes, 30 minutes, 1 hour, 4 hours, 16 hours, 48 hours, or 3 days.
Veracode Level The Veracode Level achieved for the scan. This dimension does not include mitigations.
Veracode Level with Mitigations The Veracode Level achieved for the scan including mitigations.

Scan Measures

Measure Description
Application Scan Counts The measure of specific scan count details such as count of applications, count of non-rescanned applications, count of non-scanned applications.
Count of Applications - Past 365 Days The number of applications that have been scanned in the past 365 days.
Count of Applications - Past 90 Days The number of applications that have been scanned in the past 90 days.
Count of Applications Rescanned - Past 365 Days The number of applications that have been rescanned in the past 365 days.
Count of Applications Scanned - Past 365 Days The number of applications that have been scanned in the past 365 days.
Count of Applications Scanned - Past 90 Days The number of applications that have been scanned in the past 90 days.
Count of Non-Scanned Applications The number of applications that have not been scanned.
Count of Non-Rescanned Applications The number of applications that have not been scanned more than once.
Count of Rescanned Applications. The number of applications that have been rescanned.
Count of Rescanned Applications - Past 90 Days The number of applications that have been rescanned in the past 90 days.
Count of Scanned Applications The number of applications that have been scanned.
Average Dynamic Scan Duration - Hours The average time in hours a dynamic scan takes to complete.
Average Dynamic Scan Duration - Minutes The average time in minutes a dynamic scan takes to complete.
Average Dynamic Scan Duration - Seconds The average time in seconds a dynamic scan takes to complete.
Average Flaws Per MB The average flaws per MB found in the scan. Calculated by total number of static flaws divided by total analysis size.
Average Prescan Duration - Hours The average time in hours a prescan takes to complete.
Average Prescan Duration - Minutes The average time in minutes a prescan takes to complete.
Average Prescan Duration - Seconds The average time in seconds a prescan takes to complete.
Average Static Scan Duration - Hours The average time in hours a static scan takes to complete.
Average Static Scan Duration - Minutes The average time in minutes a static scan takes to complete.
Average Static Scan Duration - Seconds The average time in seconds a static scan takes to complete.
Average Total Scan Duration - Hours The average time in hours a scan takes to complete.
Average Total Scan Duration - Minutes The average time in minutes a scan takes to complete.
Average Total Scan Duration - Seconds The average time in seconds a scan takes to complete.
Count of Dynamic URLs The number of URLs associated with a dynamic scan.
Count of Sandbox Scans The number of sandbox scans.
Count of First Scans The number of initial scans.
Count of Scans Submitted by API The number of scans submitted by an API account.
Count of Scans Submitted by User Account The number of scans submitted by a user account.
Legacy Flaws Per MB The flaws per MB found in the scan. This is a historical calculation from legacy analytics that is available for consistency but is not recommended for regular use due to the inclusion of multiple scan types and the method by which the calculation is done.
Median Dynamic Scan Duration - Hours The central data point of hours it takes for a dynamic scan to complete.
Median Dynamic Scan Duration - Minutes The central data point of minutes it takes for a dynamic scan to complete.
Median Dynamic Scan Duration - Seconds The central data point of seconds it takes for a dynamic scan to complete.
Median Prescan Duration - Hours The central data point of hours it takes for a prescan to complete.
Median Prescan Duration - Minutes The central data point of minutes it takes for a prescan to complete.
Median Prescan Duration - Seconds The central data point of seconds it takes for a prescan to complete.
Median Static Scan Duration - Hours The central data point of hours it takes for a static scan to complete.
Median Static Scan Duration - Minutes The central data point of minutes it takes for a static scan to complete.
Median Static Scan Duration - Seconds The central data point of seconds it takes for a static scan to complete.
Median Total Scan Duration - Hours The central data point of hours it takes for a scan to complete.
Median Total Scan Duration - Minutes The central data point of minutes it takes for a scan to complete.
Median Total Scan Duration - Seconds The central data point of seconds it takes for a scan to complete.
Percentage of Applications Without Rescans The percentage of applications that only have one scan.
Percentage of Passed Scans The percentage of scans that passed policy.
Scan Count The total number of scans.
Scan Count - Past 365 Days The total number of scans in the past 365 days.
Scan Count - Past 90 Days The total number of scans in the past 90 days.
Scan Counts The measures of specific scan type and policy scans such as dynamic, policy, rescanned, passed scans, sandbox scan counts.
Scan Counts Per Month The number of scans that occur per month.
Scan Counts Per Week The number of scans that occur per week.
Total Analysis Size The total analysis size in MB of the scan.
Total Lines of Static Code (LOC) The total number of lines of static code scanned. This number is an estimate based on the information provided in the debug symbols of the scan.
Total Number of Flaws The total number of flaws for the scan. Use the measures below to filter on specific flaw severity and status.
Total Number of Static Flaws The total number of static flaws.