Analytics
Veracode Analytics provides the insight you need to demonstrate progress and success to stakeholders through pre-built dashboards and data visualizations, such as charts, graphs, and counts.
Use the explores to navigate and configure visualizations of your analytics data. Then, add your visualizations to existing or new dashboards, which you use to display your data and share it with your organization.
Veracode Analytics and the Veracode Platform
Veracode Analytics displays data in the Veracode Platform using Google Looker.
The analytics data in both the Veracode Platform and Veracode Analytics are correct. The underlying data model in the Veracode Platform is different from the underlying data model in Veracode Analytics, but they are equivalent. Veracode Analytics performs joins, which combine one or more tables in a relational database, on data as fast as possible to load visualizations and large amounts of data quickly. Veracode Analytics uses a modified star schema model to load data, which requires only a single join to produce any piece of data, instead of the relational data model in the Veracode Platform, which requires many joins to generate a report.
Veracode has also refined the data model in Veracode Analytics to match how users interact with data. For example, in the Veracode Platform, findings with the Open, New, and Reopened statuses are all peer statuses, indicating that Veracode does not list a new finding as Open. All three statuses indicate that the finding has the potential to be exploited and you should remediate it. In Veracode Analytics, the Open and Closed statuses are parent statuses.
Veracode Analytics does not use real-time data. It receives refreshed data every four hours. This refresh rate means that sometimes changes in the Veracode Platform are not reflected in Veracode Analytics until the next time the data refreshes.
See our guidelines on optimizing analytics performance.
What data can I see in Veracode Analytics?
Veracode Analytics includes data from:
- Veracode Static Analysis.
- Veracode DAST scans linked to applications. A limited amount of DAST data is available in the Scans explore. Because DAST data is significantly different from Static Analysis and Manual Penetration Testing data, and DAST scans aren't supported by sandbox scans, DAST data isn't available in the pre-built dashboards.
- Veracode Manual Penetration Testing.
- Veracode Software Composition Analysis (SCA).
Veracode Analytics does not currently include data from:
- Veracode eLearning.
- Veracode DAST scans not linked to applications.
- VAST applications, which are only available in the Veracode Platform. Similar to how the Veracode Platform displays third-party application data, the enterprise view of the data includes enterprise-funded applications.
- Veracode Package Firewall - see Analytics for Package Firewall.
- Veracode Risk Manager - see Using factors.
How can I use Veracode Analytics?
You can access and use Veracode Analytics in the Veracode Platform and using the Veracode APIs. You can only access data for application profiles to which you have access.
Ensure you meet the prerequisites.
Using the Veracode Platform
To use Veracode Analytics in the Veracode Platform, see the following sections:
- Manage dashboards
- Customize visualizations
- Explore your data
- Generate and download reports using data exports
Using the APIs
Access analytics data using the Veracode APIs.
REST APIs
XML APIs
- Flaw Report API
- Summary Report API
- Summary Report PDF API
- Detailed Report API
- Detailed Report PDF API
Prerequisites
Access to analytics data is based on your user roles and team memberships. If you have a team-limited role, such as Reviewer, you can only view applications from the teams of which you're a member.
To access Veracode Analytics data, your user account must have one of the following roles:
- All teams: Security Lead or Executive
- User teams only: Security Insights
To manage dashboards and visualizations, your user account must have the Analytics Creator role.
Data refresh times
Veracode Analytics receives refreshed data from the Veracode Platform every four hours. Veracode Analytics does not use real-time data.
The data refresh process takes about two hours in the United States Commercial Region and one hour in the European Region. When the process finishes, it immediately restarts and gathers data from when the prior process was running. Data is, at most, four hours old in the Commercial Region and two hours old in the European Region.
For the United States Federal region, the data refreshes on the following schedule.
| Platform data refresh times | Analytics update times |
|---|---|
| 12:00 AM ET | 1:00 AM - 3:59 AM ET |
| 4:00 AM ET | 5:00 - 7:59 AM ET |
| 8:00 AM ET | 9:00 - 11:59 AM ET |
| 12:00 PM ET | 1:00 - 3:59 PM ET |
| 4:00 PM ET | 5:00 - 7:59 PM ET |
| 8:00 PM ET | 9:00 - 11:59 PM ET |
Optimize analytics performance
Veracode Analytics uses the Looker platform for data analytics, dashboards and visualizations. Dashboards might take a long time to load when their SQL queries take longer to run. In addition, some components can consume significant memory, leading to performance issues.
To optimize the performance of Veracode Analytics, follow these best practices for creating and using dashboards:
- Avoid displaying too much data in a single dashboard element. This reduces memory usage and improves performance.
- Limit the number of elements in a dashboard. This reduces the number of queries run when the dashboard loads.
- If a dashboard uses only filters, disable Run on load.
- Use required filters wherever possible.
- Remember that post-query processing features, such as merged results, custom fields, and table calculations, consume memory.
- Because pivoted dimensions increase processing load, filter at the dashboard or Look level to allow the user to select the dimension values that they are most interested in comparing.
- Aim to have fewer columns and rows to improve browser performance. The default row limit for tiles is 500. You can increase it to 5000 rows. We recommend limiting the amount of data you view at any one time to ensure that the data you're using is actionable. Apply filters, such as Application, Team, or Business Unit, to narrow the data to within 5000 rows.
- Use filters at the dashboard or Look level to reduce the number of results displayed in each element.
To quickly create a report for any set of data, use the Reporting API.
The following resources provide best practices for building and optimizing Looker dashboards: