Blocklisting Components

Application Security Policies

Components on the blocklist are third-party software code that the organization prohibits.

Users with the Security Lead role can create a list of third-party software components that are known to contain unacceptable security vulnerabilities. When Veracode finds blocklisted components in applications during a scan, the scan results report a scan policy violation. You can label the policy violations as mitigated or replace or fix the vulnerable component.

Adding Components to a Blocklist

When reviewing the components that comprise a software application, you can add any component that contains an unacceptable vulnerability to the blocklist. You must have the Security Lead role to add components to the blocklist.

To add components to a blocklist:
  1. Go to Scans & Analysis > Software Composition Analysis.
  2. Find the component that you want to blocklist, and in the Blocklist column, move the switch from OFF to ON.
  3. Optionally, in the Blocklisted Component window, you can enter the remediation advice you want to provide for fixing the vulnerability.
  4. Click Save.

Set Blocklist toggle to ON or OFF.

You can change the remediation advice for any component at any time by clicking Edit at the end of the remediation advice line, and changing the text in the Blocklisted Component window.
Enter the remediation advice in the window.