During security scanning, Veracode uses specific methodologies and techniques to determine the overall security score of your applications. Veracode provides the scan results in various reports, which you can review to understand the security of your applications and to determine the next steps for addressing security findings.
Understanding Veracode Methodologies
These topics explain the methodologies and techniques that Veracode uses to produce a security score of your applications:
About the Veracode Methodology
Veracode uses multiple analysis techniques to provide a consolidated application security rating.
Your application security policy is based on the business criticality for the application or the level of risk the application can tolerate based on its anticipated use.
The Veracode scoring system is based on industry-standard classifications of security findings and exploit impact.
Veracode uses the industry standard Common Weakness Enumeration (CWE) as a taxonomy for findings.
Understanding Severity and Exploitability
Severity and exploitability are different measures of the seriousness of a finding.
Veracode can detect certain uses of security best practices.
Manual assessments may provide some additional types of information about the security of an application.
These topics describe how to access different downloadable views of the application findings. The Summary Report is available for all third-party and open-source applications. The Detailed Report and Detailed XML Reports are available for internally developed and maintained applications.
Download a summary of the findings identified for your application. The summary does not contain detailed findings information.
View and download a report that evaluates your application against the latest PCI standard.
Download the Detailed XML Report
Download a copy of the detailed results for your application in XML format.
View the Dynamic Analysis Coverage Report
Get Dynamic Analysis information about the scan coverage of your application.
Share VAST vendor shared reports
VAST program vendor users can share results of their latest scans to an enterprise organization.
Download VAST vendor shared reports
VAST program enterprise users can access results from vendor application scans
If you need further assistance understanding your scan results, schedule a consultation call with Veracode Technical Support.