Customizing Severities for a Policy

Application Security Policies

When creating a policy, you can customize the severity levels by giving them a higher or lower severity than the Veracode standard. Custom severities apply immediately, changing the results of the latest scan for all applications assigned to this policy.



When you click Add New Custom Severity on the Rules page, the CWEs table lists the standard Veracode severity for each supported CWE ID. From the Custom Severity dropdown menu, select the new severity for the CWE ID you want to customize.

After you click Save, the custom severities appear in the Rules section of the Add New Policy page.

Note: Existing applications assigned to this policy automatically have custom severity additions applied to the latest static and dynamic scan results. This change may impact policy compliance status for these affected applications.