Reports
Access and download reports of scan results and findings for your scanned applications.
Use and distribution of these reports is governed by the agreement between Veracode and its customer. In particular, these reports and the results in the report cannot be used publicly in connection with Veracode without written permission.
Access reports
You can access reports in the Veracode Platform, using the APIs, and within Veracode integrations.
Using the Veracode Platform
In the Veracode Platform, go to the Results page for a scanned application. You can view the Veracode and PCI Compliance reports to gain insights into your application security program activity and a better understanding of the business risk of vulnerabilities in your application.
To download reports of data from Veracode Analytics, select Analysis > Data Exports. Then, generate and download a report.
Using the integrations
After running a scan using a Veracode integration that accesses the Veracode Platform, such as integrations that support Veracode Upload and Scan or Veracode DAST, you can access the results in the Veracode Platform interface and download reports.
For scan types that don't access the Veracode Platform, such as integrations that use Pipeline Scan for Static Analysis scans, you typically access the scan results and reports within the integration interface, such as a website or application, or using the Veracode APIs.
REST APIs
XML APIs
Share reports as a vendor
Vendors who want to share scan results can generate reports for enterprise organizations. To enable the sharing of Veracode reports, contact Veracode Technical Support.
As a vendor, as soon as scan results are available, you can send a copy of the results to an organization of your choice.
- In the Veracode Platform, from the left navigation menu of the application page, select Results.
- To share the results of the latest scans of each scan type, select Share in the top right to open the Share this Report window. If this icon is disabled, contact Veracode Technical Support to establish the relationship between you and the enterprise organization.
- Select the enterprise organization with whom you want to share the report. This dropdown list is based on vendor relationships you have with other organizations. To add more organizations to this list, contact Veracode Technical Support.
- Select the policy against which you want to calculate the results of the report. The policy details appear, showing you the description, rules, and scan requirement of the policy.
- Select Save and Continue.
The generated report is listed in the Shared Reports page, which you access from the left navigation menu. At a glance you can see which reports you generated and when. The color of the shield icon in the Generated For column indicates whether the policy compliance is a pass (green), conditional pass (orange), or fail (red).
When you are ready to send the generated report to the selected organization, select Share Now. You receive a prompt to confirm that you are ready to share.
You are only sharing the Summary Report, as well as the SCA Report, if you have subscribed to the Software Composition Analysis (SCA) feature that Veracode offers for examining the components that comprise a software application. The Detailed Report is specifically for your information only.
To access shared reports for any application, select the application name on the Applications page or the report name on the Shared Reports page. Only the vendor who owns the application and the security lead, executive, and reviewer members of the enterprise team can access a vendor's shared reports.
To unshare a report you have already shared with an organization, select Undo to revoke the shared action. When prompted to confirm your choice, select Yes.
The report is no longer available to view or download by the enterprise recipient.