Skip to main content

Veracode scan workflows

Veracode supports scan processes for two types of workflows:

Internally developed scan workflow

In this scenario, you own the intellectual property for the application you want to scan and have access to the source code to remediate any detected flaws. You receive a detailed list of flaws in the application along with remediation guidance.

To request a scan of your internally developed application, follow these steps in order:

  1. Create an application profile
  2. Specify which teams can access the application
  3. Choose a scan type
  4. Upload a packaged application
  5. Check the scan status
  6. Review the estimated completion time for a static scan

Third-party scan workflow

In this scenario, you are purchasing or have purchased the application from a third-party vendor who retains ownership of the intellectual property. The vendor has access to the source code and is responsible for remediating any detected flaws. You receive a summary report that includes a security rating and a list of the top flaw categories. The vendor receives a detailed flaw report with remediation guidance.

To request a scan of a third-party application, follow these steps in order:

  1. Request a third-party scan
  2. Choose a scan type
  3. Check the scan status

If you are a vendor responding to a third-party scan request, follow these steps:

  1. Review and accept a third-party scan request
  2. Upload a packaged application
  3. Rescan and publish results
Last updated on