If a Veracode customer requests an assessment of your code through the third-party scan process, you must first review the request. Ensure that you can provide the code requested before uploading code for static analysis and providing information for Dynamic Analysis.
Before you begin:
Before you can review third-party scan requests, you must have:
- Requested a third-party application scan.
- The Creator, Submitter, or Security Lead role to create and upload files for a scan.
- The Security Lead role or be a member of the team associated with the application to accept a third-party scan request.
If you do not have these roles, contact Veracode Technical Support.
Locate the scan request
When you log into the Veracode Platform, go to My Portfolio > Applications. The requested application is in your applications list with a status of Agreement Pending. To accept the third-party scan request, select the application name to open the application overview.
Accept the third-party terms
If you are fulfilling a third-party scan request for the first time:
To complete this task:
- Review all the information in the Accept Third-Party Request page and select the checkbox that indicates that you agree to the scan results being shared with the requesting customer.
- Select Continue to proceed with the application scan request.
Accept the scan request
After accepting the third-party terms, you can accept the scan request.
To complete this task:
Select Accept Request.
If you have more than one scan type requested, you must also select the type of scan. The Accept Third-Party Request page opens, showing the information requested by the Veracode customer. The page includes information about the policy against which the application will be assessed. You can view details about the policy by selecting the help icon next to the policy name.
Review all the information and select the Sharing Results checkbox.
Depending on which type of scan you request, the relevant scan configuration page opens.
If the application information is incorrect or if you have questions about the Veracode Assessment Agreement, contact Veracode Technical Support. For example, the Veracode customer might request an incorrect version or platform for the application.