Reviewing and Accepting a Third-Party Scan Request
If a Veracode customer requests an assessment of your code through the third-party scan process, you must first review the request. Ensure that you can provide the code requested before uploading code for static analysis and providing information for Dynamic Analysis.
Before you begin:
Before you can review third-party scan requests, you must:
- Have requested a third-party application scan
- Have the Creator, Submitter, or Security Lead role to create and upload files for a scan
- Have the Security Lead role or be a member of the team associated with the application to accept a third-party scan request
If you do not have these roles, contact Veracode Technical Support.
Locate the Third-Party Scan Request
When you log into the Veracode Platform, go to My Portfolio > Applications. The requested application is in your applications list with a status of Agreement Pending. To accept the third-party scan request, click the application name to open the application overview.
Accept the Third-Party Terms
If you are fulfilling a third-party scan request for the first time:
To complete this task:
- Review all the information in the Accept Third-Party Request page and click the checkbox that indicates that you agree to the scan results being shared with the requesting customer.
- Click Continue to proceed with the application scan request.
Accept the Third-Party Scan Request
After accepting the third-party terms, you can accept the scan request.
To complete this task:
Click Accept Request.
If you have more than one scan type requested, you must also select the type of scan. The Accept Third-Party Request page opens, showing the information requested by the Veracode customer. The page includes information about the policy against which the application will be assessed. You can view details about the policy by clicking the help icon next to the policy name.
Review all the information and select the Sharing Results checkbox.
Depending on which type of scan you request, the relevant scan configuration page opens.
If the application information is incorrect or if you have questions about the Veracode Assessment Agreement, contact Veracode Technical Support. For example, the Veracode customer might request an incorrect version or platform for the application.