Skip to main content

Understand the scan results

Review the scan results for web application scans or API scans in the Veracode Platform. View your targets and their scan history, analyze findings by severity, assess coverage across scanned URLs and their performance metrics, and access reports.

To review DAST scan results, including results from Static Analysis scans, collaboratively, with your teams, we recommend the Triage Flaws page.

View the list of all targets

The Target list page displays all configured targets for DAST scanning. The table displays your targets with the following information including the target name, the highest severity of vulnerabilities found, the URL being scanned, the scan type, the date of the last analysis, and the current status of each target.

Before you begin

  • You must have a Veracode account with the Creator, Reviewer, or Security Lead role.
  • You have created and run a web application scan or an API specification scan.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. To see the DAST Target list page, select Scans and Analysis > DAST.

View target details and scan history

The Target details page displays the scan history and results for a specific target. A bar chart provides a visual representation of past scans, where each bar represents a scan and the color segments indicate the number of findings grouped by severity.

The table below the chart displays all scans performed on the target, including the URL, scan type, severity level, target type, start date and time, current status, duration, and who initiated the scan.

Before you begin

  • You must have a Veracode account with the Creator, Reviewer, or Security Lead role.
  • You have created and run a web application scan or an API specification scan.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. To see the DAST Target list page, select Scans and Analysis > DAST.
  3. Locate the web application you want and select the hyperlink in the Name column.

Review scan results

The Analysis run page provides a comprehensive view of your DAST scan results through three main tabs. The Status tab displays scan performance metrics and overview information, the Findings tab shows all discovered vulnerabilities with severity assessments, and the Coverage tab shows detailed insights into the URLs scanned and their performance characteristics.

Review scan status and scanner performance

The Status tab displays an overview of the scan results and scanner performance. The Overview section at the top shows key information about the scan, including the scan type, target type, severity level, number of findings, who initiated the scan, when the scan started, the current status, and the scan duration.

The Scanner section displays a table of all scanners used in the scan. The table shows each scanner name, its current status, the number of attack requests made, and detailed information about the scan results. Select the expand icon next to a scanner row to view more details about that scanner's activity.

Before you begin

  • You must have a Veracode account with the Creator, Reviewer, or Security Lead role.
  • You have created and run a web application scan or an API specification scan.
  • The analysis must be complete.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. To see the DAST Target list page, select Scans and Analysis > DAST.
  3. Locate the web application you want and select the hyperlink in the Name column.
  4. On the Target details page, select the row for which you want to review the scan status.
  5. On the Analysis run page, ensure you have selected the Status tab.

View and analyze vulnerabilities found

The Findings tab displays all vulnerabilities discovered during the scan. At the top, summary cards show the number of vulnerabilities having highest severity rating, total number of findings, and a pie chart that represents the findings grouped by severity level.

The findings table displays all discovered vulnerabilities with the following information: vulnerability category, CWE severity, CVSS score, and a detailed description of each finding. Use the search field to find specific findings, and use the filter dropdown to filter results by severity level. Select a row to view additional remediation details.

Before you begin

  • You must have a Veracode account with the Creator, Reviewer, or Security Lead role.
  • You have created and run a web application scan or an API specification scan.
  • The analysis must be complete.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. To see the DAST Target list page, select Scans and Analysis > DAST.
  3. Locate the web application you want and select the hyperlink in the Name column.
  4. On the Target details page, select the row for which you want to review the scan status.
  5. Select the Findings tab.

Review scan coverage

The Coverage tab displays a detailed table of all URLs scanned during the analysis. The table shows the HTTP method used, the URL that was scanned, the HTTP response code received, and the response time for each request. You can sort the table by selecting any column header.

This tab provides insights into the scope and performance of your scan, helping you understand which areas of your application were tested.

Before you begin

  • You must have a Veracode account with the Creator, Reviewer, or Security Lead role.
  • You have created and run a web application scan or an API specification scan.
  • The analysis must be complete.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. To see the DAST Target list page, select Scans and Analysis > DAST.
  3. Locate the web application you want and select the hyperlink in the Name column.
  4. On the Target details page, select the row for which you want to review the scan status.
  5. Select the Coverage tab.

Review crawled URLs

Review the scope of the scan and identify the URLs that were successfully analyzed.

Before you begin

  • You must have a Veracode account with the Creator, Reviewer, or Security Lead role.
  • You have created and run a web application scan or an API specification scan.
  • The analysis must be complete.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Scans and Analysis > DAST.
  3. Locate the web application or API specification scan you want to review and select the target using the hyperlink.
  4. To review the scan results, in the URL column of the table, select the hyperlink.
  5. Select the Coverage tab.
  6. To download a report of the crawled URLs, select DOWNLOAD, then select Crawled URLs. The report downloads in JSON format.

Review unique URLs scanned

Extract details about the unique URLs discovered during the scan.

Before you begin

  • You must have a Veracode account with the Creator, Reviewer, or Security Lead role.
  • You have created and run a web application scan or an API specification scan.
  • The analysis must be complete.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Scans and Analysis > DAST.
  3. Locate the web application or API specification scan to review and select the target using the hyperlink.
  4. In the URL column of the table, select the hyperlink of the scan.
  5. Select the Coverage tab.
  6. To download a report of the unique URLs discovered, select DOWNLOAD, then select Unique found URLs. The report downloads in ZIP format.

Review scan activity log

Access the scan activity log to view a chronological record of the scan process. This log provides insights into scanner behavior, timing, and issues encountered during the scan.

Before you begin

  • You must have a Veracode account with the Creator, Reviewer, or Security Lead role.
  • You have created and run a web application scan or an API specification scan.
  • The analysis must be complete.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Scans and Analysis > DAST.
  3. Locate the web application or API specification scan to review and select the target using the hyperlink.
  4. In the URL column of the table, select the hyperlink for the scan.
  5. Select the Coverage tab.
  6. To download a report of the scan activity, select DOWNLOAD, then select Scan activity log. The report downloads in ZIP format.
Last updated on