Requesting a Scan
Veracode supports scan processes for the following two types of applications:
- Internally developed scan workflow
- In this scenario, you own the intellectual property for the application that you want to scan and have access to the source code to remediate any detected flaws. You receive a detailed list of flaws in the application with remediation guidelines.
- Third-party scan workflow
- In this scenario, you are purchasing or have purchased the application from a third-party vendor who controls the intellectual property for the application. The vendor has access to the source code to remediate any flaws found. You receive a summary report with a security rating and a summary of the top flaw categories found in the application, and the vendor receives a detailed list of the detected flaws with remediation guidelines.
To request a scan of your internally developed application, you must perform the procedures described in the following topics, in this sequence:
- Create an Application Profile
- Specify Which Teams Can Access an Application
- Choose a Scan Type
- Upload a Packaged Application
- Checking the Scan Status
- Reviewing the Estimated Completion Time for a Static Scan
To request a scan of an application developed by a third party, you must perform these procedures, in this sequence:
If you are a vendor receiving a third-party scan request, you must perform these procedures, in this sequence: