Resolve findings
To resolve findings, remediate them by fixing the code where the flaws exist or replacing vulnerable open-source components with safe versions. You can also mitigate flaws or mitigate vulnerabilities you won't resolve, or use the Triage Flaws page in the Veracode Platform to prioritize SAST and DAST findings you will resolve.
To resolve flaws from Veracode Pipeline Scan, we recommend using Veracode Fix to apply AI-generated code patches to flaws.
For examples of resolving vulnerabilities from SCA Agent-based Scan, see Find and resolve vulnerabilities.
Get help from Veracode
For help with resolving and mitigating findings, schedule a consultation with Veracode.
Verify your fixes
After fixing findings in your application, perform subsequent scans of your application to verify that the fixes were effective and that additional security flaws were not introduced by the fixes. The first step in verifying your fixes is to submit a new scan of your application. Once the scan is complete, a number of features are provided in the Veracode Platform and in the application report.
For Static Analysis scans, we provide cleansing functions that these scans use to verify your fix.
Review the score trend
The score trend chart, which is available in the PDF reports, shows the trend of the application score over time and provides quick, at-a-glance feedback to indicate whether the changes made have improved the security of the application.
Identify new findings
Findings that were not present in the prior scan of the application are flagged with a NEW badge in the PDF reports.
Only static flaws are flagged as new.
Identify resolved findings
The appendix in the PDF reports lists flaws that were present in prior scans that were not found in the scan currently being verified.
The list of flaws not found might include flaws that were not fixed in some circumstances, for example, when a module of the application is not re-uploaded for scanning. For best results, the same modules should be uploaded during the verification scan that were uploaded for the initial scan.