You can create a list of third-party software components that are known to contain unacceptable security vulnerabilities. Components on the blocklist are third-party software code that the organization prohibits.
Before you begin:
You must have the Security Lead role.
When Veracode finds blocklisted components in applications during a scan, the scan results report a scan policy violation. You can label the policy violations as mitigated or replace or fix the vulnerable component.
To complete this task:
- Go to Scans & Analysis > Software Composition Analysis.
- Find the component that you want to blocklist, and in the Blocklist column, move the switch from OFF to ON.
- Optionally, in the Blocklisted Component window, you can enter the remediation advice you want to provide for fixing the vulnerability.
- Click Save.
You can change the remediation advice for any component at any time by clicking Edit at the end of the remediation advice line, and changing the text in the Blocklisted Component window.