ISM Glossary of Terms

Internal Scanning Management

This table of terms provides the basic concepts and terminology associated with Veracode Internal Scanning Management (ISM).

Term Definition
Veracode Dynamic Analysis The Veracode Dynamic Application Security Testing (DAST) solution that enables broad scan coverage for internal and external web applications. Only Veracode Dynamic Analysis users have access to ISM.
Endpoint JAR file that establishes the necessary connection between the gateway and the applications to scan. You must deploy endpoints behind your firewall in a location in your network that has access to the applications you want to scan.
Endpoint Activity Indicates when scans are in progress or when Veracode is providing scan support using an endpoint.
Endpoint Installer Tool that supports the simple installation of your endpoints and creates a service that runs your endpoints continuously. Veracode recommends you use it to install your endpoints.
Endpoint Status Status of the connection between the endpoint and gateway: Ready, Pending, or Offline.
Gateway The access point to the Veracode cloud. It provides information to endpoints upon request, acting as the intermediate system between endpoints and the Veracode scan machines. You should create only one gateway for your ISM configuration.
Gateway Status The availability status of the gateway for scanning: Ready, Initializing, or Offline.
Veracode Support Engineer Provides multiple levels of support for your ISM project, such as:
  • Troubleshooting login issues
  • Configuring dynamic scanners to support uncommon settings
  • Removing false positives from scan results
You have the option to grant Veracode Support Engineers limited access to your environment to perform these functions.