Some applications may be subject to Payment Card Industry (PCI) criteria such as PCI-DSS and PA-DSS. Veracode provides the ability to evaluate any application against the PCI standards via the PCI report.
Veracode provides support for testing applications under the scope of PCI-DSS Version 3.2.1, sections 6.1, 6.3.2, 6.5, 6.6, and 11.3.2 and PCI PA-DSS Version 3.2, sections 5.1.4, 5.2, 7.1.1, 7.1.2, and 7.1.3. Veracode implements the guidance provided in these sections in the PCI 3.2.1 standard, which recommends evaluating applications against the OWASP Top 10, CWE Top 25, CERT Secure Coding, and other standards, and which expressly requires that an application be free of High or Very High-severity flaws. You can view the details of how an application is evaluated against these standards in the Policy section of the PCI Report.
To complete this task:
- In the Veracode Platform, select My Portfolio > Applications.
- Select View in the Results column of the Applications list to open the results page for your application.
- Select PCI Compliance Report at the top of the page. The Veracode Platform opens the PCI Report view.
- To download a PDF copy of the report, select the download icon at the top-right of the page.
- Select Veracode PCI 3.2.1 Report (PDF) from the Download Report window and, if necessary, select the scan type to include in the report.
- Select Download.