Permissioning Veracode Static for Visual Studio


You must have Veracode API credentials and specific account types to be able to use Veracode Static for Visual Studio.

You must have one of these account types:
  • A user account with these roles:
    • Creator or Security Lead role to create builds of your applications with the necessary Veracode settings
    • Submitter role to upload scans to Veracode
    • Sandbox User role to create sandboxes to use with the extension
    • Reviewer role to check scan completion, propose mitigations, and import results to Visual Studio
    • Mitigation Approver role to approve mitigations
  • An API service account with these API roles:
    • Upload and Scan API to create application profiles, create sandboxes, and upload and scan applications
    • Upload API - Submit Only to submit scans
    • Mitigation API to mitigate flaws found in applications
    • Results API to download, import, and view Veracode results
If you do not have an account with these roles, you receive access denial errors.