Static Analysis

Audience: Administrator, AppSec manager, Developer, Security leader

For a quick demo of this learning path, see the quickstart.

Prerequisites

• You have a user account and an application profile.

Learning objectives

Upon completion of this module, you'll be able to:

• Scan your application in the Veracode Platform.
• Review, prioritize, and download a report of your security findings in the Veracode Platform.
• Optionally, fix a flaw with Veracode Fix in the Veracode CLI.

Scan your application
~25 min

Learn how to package your application code and run a Static Analysis.

1. Manually package a Java application
   6.5 min
2. Manually package a .NET application
   8.5 min
3. Upload, prescan, and scan your packaged application
   8 min

Review and download findings
~15 min

Learn how to review findings and download reports.

1. Review findings
   ~10 min
2. Download reports
   ~4 min

Work with findings
~45 min

Learn how to prioritize, mitigate, and remediate findings.

1. Develop a remediation plan
   5 min
2. Prioritize findings to fix
   5 min
3. Rescan your application to verify fixes
   2 min
4. Mitigate findings you will not fix
   8 min
5. Avoid inconsistencies in future scans
   5 min
6. Optional. Fix a finding with Veracode Fix in the CLI
   ~20 min

Next steps

• Learn about auto-packaging.
• Learn more about Static Analysis.
• Learn more about managing findings.