Skip to main content

Review a third-party application as the vendor

In a third-party application scan request, a Veracode customer (enterprise) requests summary results of an application scan from another party (the vendor). The vendor receives the detailed results from Veracode, and may propose and approve mitigations for any flaws in the report at any time. If the enterprise has already received the summary results, their report is automatically updated with new approved mitigations.

In some cases, the vendor and enterprise may agree to let the vendor review and mitigate results before the enterprise receives the summary results. In these cases, the vendor may be asked to publish the results to the enterprise once they are ready.

A security lead in the vendor account can publish results to the enterprise.

To complete this task:

  1. In the Veracode Platform, select My Portfolio > Applications.
  2. Select the name of the application whose results are to be published to the enterprise.
  3. Select Publish to Enterprise. The application status changes to Published to Enterprise.