Add Components to a Blocklist

Application Security Policies

Publication
Application Security Policies
Edition date
2022-11-29
Last publication
2022-11-29T16:32:07.191998

You can create a list of third-party software components that are known to contain unacceptable security vulnerabilities. Components on the blocklist are third-party software code that the organization prohibits.

Before You Begin

You must have the Security Lead role.

Overview

When Veracode finds blocklisted components in applications during a scan, the scan results report a scan policy violation. You can label the policy violations as mitigated or replace or fix the vulnerable component.

Steps

  1. Go to Scans & Analysis > Software Composition Analysis.
  2. Find the component that you want to blocklist, and in the Blocklist column, move the switch from OFF to ON.
  3. Optionally, in the Blocklisted Component window, you can enter the remediation advice you want to provide for fixing the vulnerability.
  4. Click Save.

Next Steps

You can change the remediation advice for any component at any time by clicking Edit at the end of the remediation advice line, and changing the text in the Blocklisted Component window.