Troubleshoot DAST Essentials target errors
This section explains how to troubleshoot target errors.
How should I interpret the error messages during my scans, and what should I do?
If the scan configuration is not done correctly, or there is a problem with one of the scanners, you will receive an error message while the scan runs, or after it finishes. For help with any scan errors, see troubleshooting.
What should I do when I receive error message "Failed to verify the scan targets"?
First, check if the verification file has been uploaded correctly. If this is not the case, ensure the website is accessible to the scanner by the following:
- The website should be publicly accessible.
- If protected by a firewall, ensure that the required IP addresses are on your allowlist (check the IP addresses provided previously).
- The credentials must be first configured when the application has an HTTP basic authentication.
What should I do when I receive error message "Scanner could not log in"?
You have to ensure that the website is accessible to the scanner. Check the following actions to make this possible.
- The website should be publicly accessible.
- If protected by a firewall, ensure the required IP addresses are on your allowlist (check the IP addresses provided previously).
- If the application has an HTTP basic authentication, check that the credentials are correct.
- If protected by a login form, ensure that the credentials are correct.
- If the authentication is token-based, ensure they are valid long enough to run a scan (ideally 24h+).
What should I do when I receive the error message "Scan failed for unknown reasons"?
There might be several reasons causing this error. First, check the following:
- The application is available.
- Login credentials are correct.
- IP addresses are on your allowlist.
If all of these are checked, but are not working, contact Veracode Technical Support.
Why is my scan taking so long?
The full, invasive vulnerability scan might take longer than usual if you have an extensive application or have a vast number of pages. This can also happen if the crawler cannot group the paths to the pages due to their complex structure. Avoid this issue by the following actions:
- Group your pages in the Grouped URL setting. The pattern for grouping uses the asterisk as a placeholder for parts of the path.
- Add URLs to the Denied URLs section, so you can reduce the scan scope manually before the start.
If your web application is relatively small and usually scans, this might need an expert review. For assistance, contact Veracode Technical Support.