Review a Third-party Application as the Vendor

Results and Reports

In a third-party application scan request, a Veracode customer (enterprise) requests summary results of an application scan from another party (the vendor). The vendor receives the detailed results from Veracode, and may propose and approve mitigations for any flaws in the report at any time. If the enterprise has already received the summary results, their report is automatically updated with new approved mitigations.

In some cases, the vendor and enterprise may agree to let the vendor review and mitigate results before the enterprise receives the summary results. In these cases, the vendor may be asked to publish the results to the enterprise once they are ready.

A security lead in the vendor account can publish results to the enterprise.

Steps

  1. In the Veracode Platform, select My Portfolio > Applications.
  2. Click the name of the application whose results are to be published to the enterprise.
  3. Click Publish to Enterprise. The application status changes to Published to Enterprise.