Before starting a Veracode Dynamic Analysis, you must meet these prerequisites:
- Provide access to the Veracode IP address: to enable Veracode to perform scans, your application must be accessible from the Veracode IP address
220.127.116.11. This access may require creating a staging or test environment to host your application, making configuration changes to your firewall rules, and performing other IT activities. When running a Dynamic Analysis, you see traffic coming from this IP address, therefore, you must add it to your allowlist.
- Verify connectivity: ensure the target URLs you want to scan are externally accessible and, if your site requires authentication, the login and password for access to the websites are accurate before you start a Dynamic Analysis. After you submit the scan, Veracode performs a connection and login verification if a login is configured.
- Verify user roles: you must have the Creator, Submitter, or Security Lead role to be able to create, configure, or submit a Dynamic Analysis. Any member of the team associated with the Dynamic Analysis is able to view the analysis and its results.