Skip to main content

Link Dynamic Analysis results to an application profile

The Dynamic Analysis application linking feature allows you to link scan results to an application profile in the Veracode Platform.

You can manually or automatically link analysis results to an application. You can also use the REST API.

The application linking feature allows you to:

  • View the results of all types of scans aggregated in a single report.
  • Access reports in the Veracode Platform to identify crawled and attacked links.
  • Save results from each subsequent scan without overriding the results of the previous scan.
  • Use the Veracode Platform to review the application policy evaluation.
  • Review the application policy evaluation.
  • Access the Links Report for the Dynamic Analysis.
  • Download a PDF of the results.

Linking to a scan requires an existing application profile in the Veracode Platform.

Veracode recommends following these guidelines when linking Dynamic Analysis scans to a Veracode application profile:

Application profile restrictions

  • By default, Dynamic Analysis does not automatically create applications during the linking process. If you want Veracode to create applications, use the respective auto-linking option.
  • You can link one URL to one application. This manual step requires you to map each URL to an existing application profile.

Prerequisites

  • Application linking succeeds only if a Dynamic Analysis request in an application profile is complete. Verify the status of any Dynamic Analysis requests within the profile. If you have permission, delete an incomplete request before attempting to link the application. Incomplete statuses include:

    • Prescan Complete
    • Scan in Progress
    • Prescan Failed

  • You cannot link an application profile that contains an in-progress Dynamic Analysis. You must delete the in-progress Dynamic Analysis and unlink the application profile. You can then link another application profile.

Scan Frequency

Veracode recommends that you configure recurring schedules to ensure that the results automatically link to the application profiles for future scans.

note

If you configure a recurring schedule but do not link the URLs to the application profiles, the next time the scan runs using that schedule, the new results override the previous results.

Application profile scan actions

Do not use any actions under the application profile menu for Dynamic Analysis scans linked to an application.

You can link the results from a Dynamic Analysis to an application profile in the Veracode Platform or with the REST API.

By linking the results, you can evaluate them against policy and aggregate the results from multiple scan types, such as Static Analysis and Software Composition Analysis (SCA), in a single report for the same application.

You can only link the results from one URL or API specification to one application in a single analysis. You cannot link the results from multiple URLs or API specifications to an application. To link results that are currently linked to an application, you must create the link in a different analysis.

Before you begin:

You must have the Administrator, Security Lead, Creator, or Submitter role to be able to manually link results.

To complete this task:

  1. In the Veracode Platform, select the Dynamic Analysis Results tab of the analysis summary page, and select Actions > Link to Application.

    The Link to Application window opens.

  2. Select the application you want to link to from the list. You cannot select an application that is already linked to a URL configuration.

  3. Select Save.

Results:

The linked application appears in the Additional Information section on the Scan Details page.

Linked Dynamic Analysis results are now available from the application overview. Select Completed in the left navigation menu of the Veracode Platform to see your completed Dynamic Analysis scans. You can review the results in the Coverage Report for the Dynamic Analysis.

You can unlink results when you no longer want to associate them with a specific application profile or when you want to link them to a different application. You can perform this in the Veracode Platform or with the REST API.

After unlinking results from an application profile, all future scan results are no longer associated with that application. The results from previous scans remain available, and you can link them to the same or a different application profile.

Before you begin:

You must have the Administrator, Security Lead, Creator, or Submitter role.

To complete this task:

  1. In the Veracode Platform, select Scans & Analysis > Dynamic Analysis.
  2. In the All Dynamic Analyses table, select the name of the analysis from which to unlink an application profile.
  3. In the URLs List table or the API Specifications List table, next to a URL or API specification, select Actions > Unlink from Application.
  4. In the Unlink from Application window, select Unlink.
  5. To unlink additional URLs or API specifications, repeat steps 3 and 4.

The Dynamic Analysis auto-linking feature automatically links URL scans from Dynamic Analyses to applications that already exist in the Veracode Platform. The matching process searches for URLs previously associated with the existing application that match the target URL in the Dynamic Analysis.

Auto-publishing results of concurrent scans improves Dynamic Analysis scans. When Veracode links Dynamic Analysis scans to an application profile, Veracode matches flaw results that do not require any additional verification on a subsequent scan. This practice reduces the publishing time of results while maintaining a low false-positive rate.

Before you begin:

You must have the Administrator or Security Lead role to enable the auto-linking feature for your organization. After enabling auto-linking, any users in your organization who have the appropriate permissions can view linked results.

To complete this task:

  1. Select the gear icon in the top-right of the Veracode Platform and select Dynamic Analysis Auto-Linking.

    The Dynamic Analysis Auto-Linking Options page opens.

  2. Select an auto-linking option:

  • Do not auto-link: do not auto-link any URL scan results or create any new applications.
  • Auto-link but do not create applications: search existing applications for previously associated URLs that match the target URL and auto-link future URL scan results to the application.
  • Auto-link and create applications: search existing applications for previously associated URLs that match the target URL and auto-link future scan results to the application. For each target URL that does not match any URLs in an existing application, create a new application based on the information you enter in the New Application Name, Business Criticality, Policy, and Visibility Settings fields.

The selected option applies to all future analyses and results that are not yet published.

You can only link one target URL to an application at a time. If you have multiple Dynamic Analysis scans that have the same target URL, you can link them to the same application. If you have previously linked a target URL to multiple applications, the auto-linking feature selects the most recently published scan to link to in the future. You can also manually unlink results.

  1. Select Save.

The linked application appears in the Additional Information section on the Scan Details page.

Linked Dynamic Analysis results are now available from the application overview. Select Completed in the left navigation menu of the Veracode Platform to see your completed Dynamic Analysis scans. You can review the results in the Coverage Report for the Dynamic Analysis.

Last updated on