Veracode Scan Workflows

Static Analysis

Veracode supports scan processes for these two types of workflows:

Internally developed scan workflow

In this scenario, you own the intellectual property for the application that you want to scan and have access to the source code to remediate any detected flaws. You receive a detailed list of flaws in the application with remediation guidelines.

Third-party scan workflow

In this scenario, you are purchasing or have purchased the application from a third-party vendor who controls the intellectual property for the application. The vendor has access to the source code to remediate any flaws found. You receive a summary report with a security rating and a summary of the top flaw categories found in the application, and the vendor receives a detailed list of the detected flaws with remediation guidelines.

To request a scan of your internally developed application, you must perform the procedures described in these topics in this sequence:

  1. Create an Application Profile
  2. Specify Which Teams Can Access an Application
  3. Choose a Scan Type
  4. Upload a Packaged Application
  5. Checking the Scan Status
  6. Reviewing the Estimated Completion Time for a Static Scan

To request a scan of an application developed by a third party, you must perform these procedures in this sequence:

  1. Request a Third-Party Scan
  2. Choose a Scan type
  3. Checking the Scan Status

If you are a vendor receiving a third-party scan request, you must perform these procedures in this sequence:

  1. Reviewing and Accepting a Third-Party Scan Request
  2. Upload a Packaged Application
  3. Vendor Rescanning and Publishing