Improving Application Security

Results and Reports

After you have the report for your application, you can improve its security quality using the Veracode Platform:

Develop a remediation plan

The Veracode Triage Flaws page and associated reports provide actionable guidance on which flaws to fix in which order to get the fastest improvements in security.

Review static flaws

A developer can use the Triage Flaws page to review static flaws in the context of the application source.

Search for a specific flaw in the Triage Flaws page

You can use many criteria to find subsets of flaws in the Triage Flaws page.

Mitigate flaws

Development teams can use the flaw mitigation workflow to manage the process of fixing security vulnerabilities.

Review a third-party application as the vendor

Request the scan results for a third-party application.

Evaluate your third-party components

Use Software Composition Analysis to review the vulnerabilities in your third-party components.

Submit a new scan for confirmation

After you make the improvements, you should submit a new scan request for the application to verify your fixes.

Verify fixed flaws through reports

Specific features in Veracode reports help you verify that you have fixed the flaws.

Use Veracode Analytics to manage application risk

Veracode Analytics provides a view of your application risk and compliance across your entire application portfolio. It also allows you to compare your results to those of other Veracode users.

Supported cleansing functions

Use one of the cleansing functions that Veracode static scans recognize if you want Veracode to verify your fix.

Download an Archer feed of your application data

Use the Archer API to integrate your Veracode application risk data with the Archer dashboard.