Analytics
Veracode Analytics provides the insight you need to demonstrate progress and success to stakeholders through pre-built dashboards and data visualizations. You can create and customize the following:
- Organization dashboards
- Personal dashboards
You can generate reports from Veracode Analytics data on the Veracode Platform or with the REST API.
Access Veracode Analytics
You can view Veracode Analytics data only for applications to which you have access in the Veracode Platform. Veracode bases your access on your user roles and team memberships. If you have a team-limited role such as Reviewer, you can only view applications from the teams that include you as a member.
These roles grant access to Veracode Analytics data:
- All teams: Security Lead or Executive
- User teams only: Security Insights
To access analytics for Veracode Package Firewall, see Analytics for Package Firewall.
Export data from the Veracode Platform
You can generate and download reports of your Veracode account data to analyze your application security program.
You must have the Security Lead or Administrator role to access data exports. The reports on the Data Exports page run asynchronously. When you generate a new report, the Veracode Platform creates it server-side and saves it until you download it. Veracode refreshes account data twice daily, at 6 AM and 6 PM ET. For the most accurate data, wait until after the refresh to generate and download a report.
The data export process might take several minutes to complete. You can download a previously generated version of the report at any time using the download button 
, but it might not contain the most recent information until you generate a new version.
To complete this task:
- Go to Analytics > Reports > Data Exports.
- To generate a new export, select Generate Data Export
. The Last Generated column updates when the new export is ready. - To download the data export, select the download icon. The report downloads in CSV format to your browser.
License consumption
The Veracode Platform provides four reports that provide consumption data associated with your Veracode licenses: the License Used Report, Largest Scan Report, the All Scans Report, and the License Used Tier Model report. These reports track scan activity that uses your licenses for Veracode Static Analysis and Dynamic Analysis.
Before you begin:
- You must have the Security Lead or Administrator role.
- Your organization must use a licensing model that the reports support.
To complete this task:
- In the Veracode Platform, select Analytics > Data Exports.
- Locate the report you want to generate.
- To generate the report, select generate
. - When the report is available, Select download
to download it.
If you do not see the automated consumption data in these reports, you may have a legacy contract term inhibiting automation. In this case, contact your Veracode account manager for assistance with managing usage reporting.
The license consumption reports in the Veracode Platform provide consumption data associated with your Veracode licenses. Each report provides different details about the Static Analysis and Dynamic Analysis scan activity that uses your license.
License Used Report
The License Used Report provides visibility into your overall usage during a specific subscription year. It includes these details:
| Field | Description |
|---|---|
| Account Name | Name of your account. |
| Contract | Internal Veracode contract ID. |
| Start Date | Start date of your contract. If you have a multi-year contract, there is a row for each year of your subscription. |
| End Date | End date of the subscription year. |
| Is Active | Indicates if the contract is active. All subscription years of an active multi-year contract are considered active. |
| Licenses Purchased | Number of licenses purchased in the associated contract. |
| MB Purchased | Number of megabytes purchased in the associated contract. |
| Licenses Used | Number of licenses used during the subscription year. |
| MB Used | Number of megabytes used during the subscription year. |
Largest Scan Report
The Largest Scan Report represents the largest analysis size for each application scanned during the contract term and shows which applications consumed licenses during a specific contract year. It includes these details:
| Field | Description |
|---|---|
| Licensed Account | Veracode Platform account that performed the scan. |
| Application ID | Unique ID for your application. |
| Application Name | The name of your application. |
| License Type | Indicates if the license type is SDLC or third party. |
| Scanning Account | Same as the licensed account unless it has a vendor scanning under the enterprise account. |
| 3rd Party State | Indicates if the scan was deleted or is active. Only populated if a third-party vendor performs the scan. |
| Build ID | Unique ID for a scan. |
| Scan Name | The name of your scan. |
| Sandbox Type | Indicates if a scan is a sandbox or policy scan. |
| Scan State | Indicates if the scan is active or was deleted. |
| Scan Type | Indicates if the scan is a Veracode Static Analysis or Dynamic Analysis scan. |
| Largest Scan Publish Date | The date that the largest scan occurred for the application during the subscription year. |
| Published to Vendor Date | The date the scan results were published to a third-party vendor. This field is only populated if a third-party vendor performs the scan. |
| Published to Enterprise Date | The date the scan results were published to the enterprise account. This field is only populated if a third-party vendor performs the scan. |
| Language | The predominant language in the application. |
| Total Analysis Size | Size of the application analyzed in that scan. |
| Licenses Used | Largest scan of each application during that subscription year divided by the application size definition. |
| MB Used | Sum of the total analysis size, rounded to the nearest whole number. |
| Applied SKU per Scan | The contracted SKU to which the scan applies. |
| Contract | Internal Veracode contract ID. |
| Subscription Start Date | Start date of your contract. If you have a multi-year contract, consumption metrics start at 0 at the beginning of each subscription year. |
| Times App Scanned Within Year | Number of times Veracode scanned the application during the subscription year. |
All Scans Report
The All Scans Report shows all scans associated with your account, including sandbox scans and deleted scans, for a specific contract year. The report includes these details:
| Field | Description |
|---|---|
| Licensed Account | Veracode Platform account that performed the scan. |
| Application ID | Unique ID for your application. |
| Application Name | The name of your application. |
| License Type | Indicates if the license type is SDLC or third party. |
| Scanning Account | Same as the licensed account unless it has a vendor using the enterprise account to perform scans. |
| 3rd Party State | Indicates if the scan is active or was deleted. This field is only populated if a third-party vendor performs the scan. |
| Build ID | Unique ID for a scan. |
| Scan Name | The name of your scan. |
| Sandbox Type | Indicates if a scan is a sandbox or policy scan. |
| Scan State | Indicates if the scan is active or was deleted. |
| Scan Type | Indicates if the scan is a Veracode Static Analysis or Dynamic Analysis scan. |
| First Publish Date | The date that the largest scan occurred for the application during the subscription year. |
| Published to Vendor Date | The date the scan results were published to a third-party vendor. This field is only populated if a third-party vendor performs the scan. |
| Published to Enterprise Date | The date the scan results were published to the enterprise account. This field is only populated if a third-party vendor performs the scan. |
| Language | The predominant language in the application. |
| Total Analysis Size | Size of the application analyzed in that scan. |
| Potential Licenses Used | Largest scan of each application during that subscription year, divided by the application size definition. |
| Potential MB Used | Sum of the total analysis size, rounded to the nearest whole number. |
| Applied SKU per Scan | The contracted SKU to which the scan applies. |
| Contract | Internal Veracode contract ID. |
| Subscription Start Date | Start date of your contract. If you have a multi-year contract, consumption metrics start at 0 at the beginning of each subscription year. |
| Times App Scanned Within Year | Number of times the application was scanned during the subscription year. |
License Used Tier Model Report
The License Used Tier Model report identifies how many licenses you have used from the number you purchased. This license report type is available only if you use the tier licensing model. The report includes these details:
| Field | Description |
|---|---|
| account name | Account name of the organization that purchased licenses from Veracode. |
| contract | ID of the contract in use. |
| contract year | For multi-year contracts, the ID for the year of the contract. One contract might have different subscriptions allocated to different years of the contract. |
| subscription (sku) | Product subscription code purchased in the contract. |
| start date (of contract year) | Start date for the contract year. |
| end date (of contract year) | End date for the contract year. |
| quantity licenses purchased | Number of products purchased. For Standard and Small, this value reflects the number of application profiles. |
| quantity licenses used | Number of products used. For Standard and Small, this value reflects the number of application profiles. |
| most recent scan date during contract year | Date of most recent scan for each application profile counted. |
Greenlight scan usage
In the Veracode Platform, you can access two reports for reviewing summaries of Greenlight scan usage. You must have the necessary role to access these reports.
Go to Reports > Export Data. Select to initiate the report and then select when it is available, indicating that the report has finished generating.
Daily Scan Usage Summary
This summary logs a row for the scan activity of each user that scanned with Veracode Greenlight on each day. If the user did not scan on a particular day, there is no entry in the report. The fields reported are:
- Email Address: email of the user who performed the scan.
- Created Day: date the scan occurred.
- Successful Active Scans: number of successful scans the users initiated from their IDE.
- Successful Auto-Scans: number of successful scans automatically initiated when the IDE saved the file.
- Successful API Scans: number of scans initiated by the Veracode Greenlight API in the build/CI workflow.
- Total Unsuccessful Scans: number of unsuccessful active, auto-scan, or API scans.
- Total Successful Scans: number of successful and unsuccessful, active, auto-scan, or API scans.
Technology Usage Summary
This summary logs the information about the IDE and plugin used during the Greenlight scan. The fields in the report are:
- Email Address: email address of the user who performed the scan.
- IDE: IDE used, either Eclipse, IntelliJ or Visual Studio.
- IDE Version: version of the IDE use when the scan was submitted.
- Plugin Version: Veracode Greenlight plugin version when the scan was submitted.
- Language: language of the code scanned, either:
- net: C#, VB.NET, ASP.NET
- js: JavaScript
- java: Java
- Scan Count: total number of scans submitted plus the information for the IDE, IDE version, plugin version, and language.
If you perform Veracode Greenlight scans using the API, the IDE, IDE version, and plugin version columns are blank in the Veracode Greenlight Technology Usage Summary report.