Skip to main content

Veracode Pipeline Scan

You can use Veracode Pipeline Scan to evaluate the security of your applications within a development pipeline.

The Pipeline Scan directly embeds into team development pipelines, and you can configure scanning to run based on various triggers, such as commits, merge requests, or code builds. You can use it to break the build based on flaw severity and CWE category. You can evaluate the changes in your results compared to previous scans, enabling you to identify security flaws present in your application before you release the application into production environments.

To add security testing to other CI/CD solutions, see the Veracode integrations Pipeline Scan does not support flaw mitigations or flaw matching. If you require these features, you can use security policies or development sandboxes to perform a Veracode Static Analysis of your applications.