Veracode Internal Scanning Management

Veracode Internal Scanning Management (ISM) provides a simplified approach to scanning web applications or REST APIs that are hosted within a corporate firewall, and not accessible from the public internet. ISM enables consistent scanning of both internal and external applications and APIs for Veracode DAST and Veracode Dynamic Analysis.

We specifically designed ISM to not expose you to any security risks. All scanning and support occur in the Veracode Platform cloud, and you can disable access between your applications or APIs and the Veracode Platform cloud at any time.

How ISM works

In the Veracode Platform, you create a gateway and endpoint that securely connect your internal applications or APIs to the Veracode Platform cloud for scanning and analysis.

Benefits

ISM provides the following benefits.

Benefit	Description
Usability	Set up ISM using a simple workflow. Configure Dynamic Analysis or DAST scans for your internal applications and REST APIs in the same way you do for external ones. ISM does not restrict where you can host your internal applications or APIs. With ISM, you can perform scans of applications and REST APIs hosted in containers, virtual machines, bare-metal servers, or in the cloud.
Compliance	With ISM, you have full control of your environment. You can grant and revoke Veracode access to scan or provide support for your applications or REST APIs. The only software you need to maintain is a JAR file that you run in your environment.
Stability	ISM does not require you to regularly update any software, eliminating the need for reboots and extensive downtime.
Scalability	You can run several scans simultaneously on a single ISM deployment.
Patching	ISM uses AWS Patch Manager to automatically patch your Amazon EC2 instances. There is a maintenance window for applying patches every Tuesday at 7:00 AM Coordinated Universal Time (UTC).

Prerequisites

To set up and use ISM, you must have:

• A Veracode Dynamic Analysis subscription.
• A Veracode account with the Administrator or Security Lead role.

Endpoint requirements

The machine on which you install endpoints must meet the following requirements. These requirements are based on the minimum requirements to run a Java Virtual Machine (JVM) on Java 21 or greater.

Requirement	Description
Operating system	You can install an ISM endpoint on the following operating systems: Windows 7 or later Windows Server macOS Lion or later Linux with one of these distributions: RHEL, CentOS, or Ubuntu. To install an ISM endpoint on Ubuntu, you must use the manual deployment method.
Java version	Java 21 or later.
Memory	Minimum of 8 GB.
Disk space	Minimum of 4 GB.
Network	Reliable internet access Reliable connection between the endpoint server and the Veracode gateway, and the Veracode gateway domain or IP address is on the allowlist for your organization Reliable connection between the endpoint server and your target URLs
Port	Requires one-way communication over port 443 to the Veracode Platform URL, based on the region domain for your Veracode account.
WebSocket	Your firewall must allow WebSocket traffic.