Skip to main content

Access scan results shared by a vendor

Veracode customers (enterprise) can access reports of the scan results of a third-party application shared by the application vendor.

Access shared reports

Shared reports are listed on the Shared Reports page and remain available until the vendor chooses to unshare them.

You can also access shared results using the VAST XML API.

Before you begin:

  • You must have completed a Veracode scan of an application.
  • The vendor must have shared the reports with enterprise clients.
  • Only the vendor who owns the application and enterprise users with the Security Lead, Executive, or Reviewer role can access a vendor's shared reports.

To complete this task:

To access shared reports for any application in the Veracode Platform, select the application name on the Applications page or the report name on the Shared Reports page.

Fom the application overview page, the enterprise client can view the following items:

  • Policy evaluation score for the latest scans of the application
  • List of reports currently shared with your organization for this application

To view and save the report, select the report name or the Download link.

Access shared SCA reports

If both the enterprise and vendor have subscriptions to Software Composition Analysis (SCA), when the vendor shares a report, a link to the SCA report for the scanned application is also included in the Shared Reports list.

In the Veracode Platform, select the SCA Report link to open the report on the Software Composition Analysis page.

Edit vendor application profiles

To collect specific metadata to include in the reports, enterprise clients can edit the Profile and Metadata sections of a vendor application profile.

Enterprise users who have the Creator or Security Lead role can edit the following fields in the application profile page of a vendor application:

  • Application Name
  • Description
  • Tags
  • Business Unit
  • Business Owner
  • Owner Email
  • Visibility
  • Archer Application Name
  • Custom fields
note

The Veracode APIs don't support editing the application profile for a vendor application.

Last updated on