Skip to main content

· 9 min read

The updates on this page apply to Veracode Static Application Security Testing (SAST) in the Commercial Region.

note

Veracode delivers the same Static Analysis language and framework support in both the European Region and the Commercial Region. For language support specific to Veracode Pipeline Scan, see Pipeline Scan Supported Languages.

September 11, 2023

Fixed bug causing false positives for CWE-798

In last month’s release, Veracode added improved support for CWE-798 (Use of Hard-coded Credentials) detection. However, a bug in the pattern matching caused a significant number of false positives for some users. Veracode has resolved this issue and the improvement should result in significantly fewer CWE-798 false positives.

August 23, 2023

Updated language and framework support

  • Added Kotlin 1.9 support
  • Added TypeScript 5.x support
  • Added GCC 12 (RHEL 8) support
  • Improved CWE-1174 (ASP.NET Misconfiguration: Improper Model Validation) detection on controller-derived classes
  • Improved support for JavaScript URLSearchParams API
  • Improved support for Spring produces annotation attribute
  • Improved third-party detection for JavaScript
  • Improved third-party detection for Android
  • Improved third-party detection for Java
  • Improved hardcoded password/credential detection (CWE-259 and 798)
  • Improved .NET CWE-80 basic XSS detection
  • Improved JavaScript detection of document elements
  • Improved performance for Vue applications
  • Improved .NET Entity Framework support
  • Added ability to allow third-party PHP software if the entire upload is third-party
  • Improved detection of Java CWE-611 XXE
  • Improved support for Python Django views

July 25, 2023

New Veracode Static Analysis Support for Languages and Frameworks

Veracode has added support for Quarkus, a Kubernetes-native Java stack tailored for OpenJDK HotSpot and GraalVM.

Veracode has improved static analysis by adding support for these new versions of supported technologies:

Improved Detection of CWE-259 and CWE-798

Improvements to the detection methods Veracode uses to identify CWE-259 (Use of Hard-coded Password), and CWE-798 (Use of Hard-coded Credentials) vulnerabilities should reduce the number of false positives during static analysis. Improved CWE-259 coverage for Python language submissions.

June 22, 2023

New Veracode Static Analysis Support for Languages and Frameworks

Veracode has added support for Micronaut 3.8.x, which is a JVM-based framework you use to build lightweight, modular applications.

Veracode has improved static analysis by enhancing support for Android 12.

Veracode has improved static analysis by adding support for these new versions of supported technologies:

Improved CWE-259 (Use of Hard-coded Password) and CWE-798 (Use of Hard-coded Credentials) Detection

Improvements to the detection methods utilized to identify CWE-259 and CWE-798 vulnerabilities should reduce the number of false positives found during static analysis.

Additional CWE-693 Coverage for Android

Veracode has added an additional CWE-693 (Protection Mechanism Failure) check for Android applications to ensure that the Play Integrity API is used appropriately.

May 23, 2023

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these new versions of supported technologies:

Improved CWE-89 Coverage for Java and JavaScript/TypeScript

The improved coverage increases the number of potential CWE-89 flaws that Veracode discovers in Java and JavaScript/TypeScript applications, which might affect your scan results.

Added CWE-451 Coverage for Android

Veracode has added CWE-451 (Tapjacking) coverage for Android applications.

May 18, 2023

Pipeline Scan Adds Support for Module Selection

Pipeline Scan adds a new --include parameter. You use this parameter to specify the top-level modules to include during scanning. The scan results now show both the modules that Veracode identified during prescan and the modules included in the scan.

This update is available with Veracode CLI version 23.4.3-0 and Veracode Docker image version 23.4.3.

April 27, 2023

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these new versions of supported technologies:

Improved Static Analysis for Python Language Submissions

Static analysis of Python applications inaccurately reports certain CWE-918 (Server-Side Request Forgery (SSRF)) flaws as CWE-201 (Insertion of Sensitive Information Into Sent Data) flaws. This update recategorizes these incorrectly reported flaws as CWE-918. This update might impact existing flaw matching and you might need to apply new mitigations to these flaws.

After you apply this update, any Python applications that contain CWE-201 flaws and have any of the following policy requirements might fail your security policy:

  • Security Standard rule for Auto-Update CWE Top 25

  • Findings by Severity rule for Medium or higher

  • Minimum Scan Score rule

March 23, 2023

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these new versions of supported technologies:

Improved Static Analysis for WebMethodAttribute use in ASP.NET Classic

Veracode has improved static analysis for WebMethodAttribute use in ASP.NET Classic (non MVC and/or MVC Core) WebForms and WebServices. This will affect the flaws found and associated policy results for customers by reducing the number of FPs found.

February 23, 2023

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these new versions of supported technologies:

Improved COBOL Parser Error Handling

Veracode no longer reports parser errors in standalone copybook files that COBOL files do not include. These files are not relevant for security scanning unless COBOL files reference them.

January 26, 2023

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these new versions of supported technologies:

Veracode has improved static analysis by adding support for:

  • Server-side request forgery (SSRF) reporting for JavaScript

Veracode has released a new version of our new iOS packaging tool:

December 15, 2022

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these new versions of supported technologies:

Veracode improved static analysis by adding support for these new languages and frameworks:

Veracode has improved static analysis by adding a new iOS packaging tool to support Xcode 14 without the Enable_Bitcode setting:

November 17, 2022

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these languages and frameworks:

October 27, 2022

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these languages and frameworks:

October 19, 2022

New Packaging Guidance Tool

You can use the new Veracode Packaging Cheat Sheet to generate language-specific packaging guidance for Static Analysis.

October 4, 2022

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these languages and frameworks:

August 25, 2022

New Veracode Static Analysis Support for Languages and Frameworks

Veracode has improved static analysis by adding:

August 1, 2022

New Veracode Static Analysis Support for Languages and Frameworks

Veracode has improved static analysis by adding:

June 24, 2022

New Veracode Static Analysis Support for Languages and Frameworks

Veracode has improved static analysis by adding:

April 28, 2022

New Veracode Static Analysis Support for Languages and Frameworks

Veracode has improved static analysis by adding:

March 28, 2022

New Veracode Static Analysis Support for Languages and Frameworks

Veracode has improved static analysis by adding:

February 24, 2022

New Veracode Static Analysis Support for Languages and Frameworks

Veracode has improved static analysis by adding:

Veracode has improved static analysis by adding support for these new versions:

February 3, 2022

New Veracode Static Analysis Support for Languages and Frameworks

Veracode has improved static analysis by adding:

Veracode has improved static analysis by adding support for these new versions:

Veracode Static Analysis Improvements

Veracode has improved accuracy of hard-coded Passwords. You can expect:

  • Fewer false positives where local files are in known valid locations
  • Better identification of sensitive variable names

Veracode has improved modeling for TypeScript support. You can expect:

  • Fewer false positives, and more true positives in TypeScript applications where type information is specified.

· 20 min read

The updates on this page apply to the Veracode integrations and APIs in the Commercial Region. For updates relevant to the SCA integrations, see the SCA updates.

September 6, 2023

Veracode Greenlight for IntelliJ 1.9.0

This updates includes minor performance improvements.

August 31, 2023

Veracode Integration for Jira Server 4.3.0

This update includes the following improvements:

  • The Monitoring and Troubleshooting page now shows details about the last four imports.
  • The Monitoring and Troubleshooting page now includes an option for you to retry downloading Detailed Reports that failed to download during import.

August 17, 2023

Java API Wrapper 23.8.12.0

You can now send requests to the Identity REST API from within the Java API wrapper.

August 16, 2023

Veracode Azure DevOps Extension 3.23.0

This update includes the following improvements:

  • You can now add an iteration path to the work item settings in the Flaw Importer task.
  • Adds support for Azure DevOps version 2022 RC2.

August 10, 2023

Veracode SCA Scan for JetBrains 0.7.0

This update fixes a minor performance issue.

Veracode Integration for Jira Cloud 4.11.0

This update includes the following improvements:

  • If an imported story for an open-source component with vulnerabilities changes projects, the integration now creates subtasks for SCA vulnerabilities in that story under the new project.
  • To avoid failed imports, if the integration encounters errors when it searches for linked Veracode fields, it now skips issue creation for any new findings.

August 8, 2023

Veracode SCA Scan for VS Code 1.2.0

This update includes the following improvements:

July 28, 2023

Veracode Greenlight for IntelliJ 1.8.8

This update includes the following improvements:

  • Adds support for IntelliJ version 1.8.7.
  • Exception errors no longer appear during Greenlight scans at the file or folder level.

July 27, 2023

Veracode SCA Scan for JetBrains 0.6.1

Veracode SCA Scan for JetBrains version 0.6.1 adds support for IntelliJ IDEA version 2023.2.

July 21, 2023

Introducing Veracode SCA Scan for JetBrains

Veracode SCA Scan for JetBrains version 0.6.0 is a new extension that integrates Software Composition Analysis (SCA) into the IntelliJ IDEA and PyCharm IDEs. Developers can scan their code to detect security risks in open-source libraries, library dependencies, and licenses. The detailed scan results help developers learn about vulnerabilities, prioritize security fixes, and remediate security issues from within their IDE.

July 20, 2023

Veracode SCA Scan for VS Code 1.1.0

This update includes the following improvements:

  • You can now select a project to scan when you have multiple projects in VS Code.
  • The SCAN OVERVIEW view now shows the name of the project you scanned.
  • In the extension settings, you can now enable or disable recursive scanning.
  • If your API credentials or the local SCA agent are invalid, the SETUP view now opens after you select Start Scanning or Rescan.
  • Spaces in the USER_HOME directory no longer result in an error.

July 14, 2023

Veracode Integration for Jira Server 4.2.0

This update fixes an issue where IssueCreatorImpl errors on the Monitoring and Troubleshooting page caused unexpected failures.

Veracode Jenkins Plugin 23.7.22.0

This update includes the following improvements:

July 6, 2023

Veracode Static for Visual Studio (New) 1.8.0

This update includes the following improvements:

  • In the Static Findings window, when you double-click a finding, or right-click a finding and select Go to Line, the selected finding now remains selected.
  • After you add a new application to a project and scan it, the extension now adds the details about the new application to the file veracode-project-user.json.

Veracode Integration for Jira Server 4.1.0

This update includes the following improvements:

  • The Import Automation now provides an option that attempts to import any flaws that failed to import. If an import fails, the Import Automation no longer uses the last import date of the failed import.
  • The Troubleshooting page now provides a diagnostic dashboard that shows details about the latest import, including information about any errors.

June 26, 2023

Veracode Greenlight for Visual Studio (New) 1.4.0

This update improves error handling.

June 15, 2023

Veracode Greenlight for VS Code Adds Support for .NET 7

See Veracode Greenlight for VS Code.

June 13, 2023

C# API Wrapper 23.5.8.8

You can now provide a proxy host, port, and its credentials in an environment variable. The environment variable name must be https_proxy.

June 5, 2023

Veracode Azure DevOps Extension 3.22.0

This update includes the following changes:

  • The Upload and Scan task now supports the optional parameter scanpollinginterval.
  • You can now configure the Flaw Import task to only import findings from Static Analysis and SCA.
  • Minor security improvements.

Veracode SCA Scan for VS Code 1.0.0

This update adds security improvements.

June 1, 2023

Veracode Jenkins Plugin 23.5.21.0

This update includes the following changes:

  • Adds a Show Unstable Status for Failed Policy Evaluation option. Select this option to show the job status as Unstable if the scan succeeds but fails the security policy.
  • Minor security improvements.

May 22, 2023

Veracode Integration for Jira Cloud 4.10.0

This update includes the following changes:

  • Findings you import with the Import Automation feature now show the date of the last successful import, instead of the last import.
  • When you configure a Selective Import and select the left/right arrows to switch between pages, the selected flaws are no longer cleared.
  • Minor security fixes.

May 4, 2023

Veracode Azure DevOps Extension 3.21.0

This update includes the following changes:

  • Adds support for the lifecyclestage parameter as an optional argument in the Upload and Scan task. This parameter is not supported in YAML.
  • The scan polling interval for the Upload and Scan task is no longer twice the expected default value of 120 seconds.

April 27, 2023

Veracode SCA Scan for VS Code 0.8.0

This update includes the following improvements:

  • You can now filter the VULNERABILITIES view based on direct or transitive libraries.
  • The Rescan button is now located at the top of the SCAN OVERVIEW view.
  • The SCAN OVERVIEW view is no longer empty when the scan does not find vulnerabilities.
  • In the Library Details window, the Last published field now shows the months and days since the vendor last published the library or it shows Unknown.

April 19, 2023

Veracode Jenkins Plugin 23.4.20.0

This version includes the following updates:

  • Adds Dynamic Analysis scan statuses STOPPED_VERIFYING_PARTIAL_RESULTS and STOPPED_PARTIAL_RESULTS_AVAILABLE.
  • Fixes an issue where the scan poll interval for upload and scan was twice the expected default value of 120 seconds.

April 13, 2023

Veracode Integration for Jira Cloud 4.9.0

The integration now imports findings from scanned applications with COTS (commercial off-the-shelf) enabled.

April 5, 2023

Java API Wrapper 23.4.11.2

This update includes the following changes:

March 31, 2023

Veracode Static for Eclipse 3.8.0

This update adds support for Eclipse IDE version 2023-03.

March 30, 2023

Veracode Integration for Jira Cloud 4.8.0

This version includes the following changes:

  • Adds additional logs for troubleshooting.
  • To ensure your imported flaws are current, the integration re-imports them after you fix any configuration issues.
  • On the Selective Import page, the Flaws Per Page and Next Page options no longer show an error message.

March 27, 2023

Veracode Jenkins Plugin 23.3.19.0

This version includes the following changes:

  • Addresses the low severity information disclosure issues detailed in CVE-2023-25721 and CVE-2023-25722. For more information, go to the Veracode Community.
  • Correctly escapes the -ppassword parameter for a proxy password.

Veracode Azure DevOps Extension 3.20.0

This version addresses the low severity information disclosure issue detailed in CVE-2023-25722. For more information, go to the Veracode Community.

March 20, 2023

Veracode SCA Scan for VS Code 0.7.0

This update includes the following improvements:

  • The extension now includes an SCA Agent. After you install the extension, you can install the SCA Agent from within the IDE and start scanning.
  • You can point to a vulnerability in the VULNERABILITIES view to see whether it passes the built-in policy.
  • The Vulnerability Details window now shows the policy for the selected vulnerability.
  • To indicate which vulnerabilities have passed the built-in policy, the VULNERABILITIES view now groups them by Did Not Pass Policy and Passed Policy.

March 8, 2023

Java API Wrapper 23.3.11.0

This version includes the following changes:

March 2, 2023

Veracode Azure DevOps Extension 3.19.0

This update adds support for both of the following YAML property values:

  • ConnectionDetailsSelection='Endpoint'
  • ConnectionDetailsSelection='Service Connection'

March 1, 2023

Veracode Azure DevOps Extension 3.18.0

This update includes the following changes:

  • Changes the YAML property value ConnectionDetailsSelection='Endpoint' to ConnectionDetailsSelection='Service Connection'. When you upgrade to this new extension, you must update your YAML with the new value name.
  • Static Analysis work items now have a Grace Period Expiration field.
  • SCA works items now have a First Found Date field and File Path field for vulnerabilities.
  • The Summary Report now shows a link to the Scan Details page.
  • The extension now fails the build if Development Sandbox scans find SCA vulnerabilities.
  • Builds no longer fail when the Fail build if Upload and scan build steps fails option is cleared, but the application name contains special characters.

February 28, 2023

Veracode Greenlight for IntelliJ Supports IntelliJ v2022.2.3

Veracode Greenlight v1.8.7 adds support for IntelliJ v2022.2.3.

February 22, 2023

Updated Identity REST API

You can now use the Identity REST API to manage Veracode API credentials for API service accounts, also called API users.

February 9, 2023

Updated Veracode SCA Scan for VS Code

Veracode SCA Scan for VS Code version 0.6.0 includes the following updates:

  • Adds a Create a Case link that you can use to send a support case to Veracode Technical Support.
  • Adds a Leave Feedback link that you can use to provide feedback in a survey.
  • Fixes an issue where the extension did not verify undefined or null values.

February 3, 2023

Mandatory Upgrade for Veracode Greenlight for IntelliJ

Veracode Greenlight for IntelliJ version 1.8.6 supports a recent change to the Greenlight API. To continue using this plugin, you must upgrade to this version by February 13, 2023.

February 2, 2023

Mandatory Upgrade for Veracode Greenlight for Eclipse

Veracode Greenlight for Eclipse version 2.9.7 includes these changes:

  • Supports a recent change to the Greenlight API. To continue using this plugin, you must upgrade to this version by February 13, 2023.
  • Fixes a refresh issue that flashes various status messages at the bottom of the Eclipse interface.

February 1, 2023

Updated Java API Wrapper

Veracode Java API Wrapper version 23.1.10.5 adds logic to identify and remove unicode application names from the XML response.

Veracode Mobile Application Packager Has Reached End of Life

Veracode Mobile Application Packager is now End of Life (EOL) and is no longer supported by Veracode Technical Support. To compile and package tvOS or iOS applications that you developed in the Xcode IDE, see the packaging requirements.

January 30, 2023

Mandatory Greenlight Upgrades for Eclipse and IntelliJ

Veracode has made a change to the Greenlight API that will impact the following plugins.

  • Veracode Greenlight for Eclipse version 2.9.6 and earlier
  • Veracode Greenlight for IntelliJ version 1.8.5.2022 and earlier

New versions of these plugins will be available on February 2, 2023 and February 3, 2023, respectively. To continue using these plugins, you must upgrade to the new versions by February 13, 2023.

January 23, 2023

Veracode Integration for Jira Supports Jira Server 9

Veracode Integration for Jira version 4.0.1 adds support for Jira Server 9. This integration no longer supports Jira Server 8.6.0 and earlier.

January 17, 2023

Introducing Veracode SCA Scan for VS Code

Veracode SCA Scan for VS Code version 0.5.0 is a new extension that integrates Software Composition Analysis (SCA) into VS Code. Developers can scan their code to detect security risks in open-source libraries, library dependencies, and licenses. The detailed scan results help developers learn about vulnerabilities, prioritize security fixes, and remediate security issues from within their IDE. Version 0.5.1 only removes an obsolete README.

January 10, 2023

Renaming the ConnectionDetailsSelection='Endpoint' YAML Property

In February 2023, Veracode will release a new Azure DevOps Extension that uses the YAML property value ConnectionDetailsSelection='Service Connection' rather than the current value ConnectionDetailsSelection='Endpoint'. When upgrading to this new extension, you must update your YAML with the new value name.

January 5, 2023

Improved Veracode Azure DevOps Extension

Veracode Azure DevOps Extension version 3.17.0 includes the following improvements:

  • Renamed the Veracode Analysis Center link to Veracode Platform.
  • The extension no longer fails a pipeline build if it has a policy assessment of Conditional Pass, even if the Fail build if application fails security policy checkbox is selected.
  • Fixed a minor error-handling issue when the build artifact directory is empty.
  • The Flaw Import task now fails the build when importing flaws with an unsupported process template and the Fail build if flaw importer build step fails checkbox is selected.

January 3, 2023

Improved Veracode Integration for Jira Cloud

Veracode Integration for Jira Cloud version 4.7.0 now successfully loads the Findings Import page when importing large Jira projects.

December 19, 2022

Improved Veracode Integration for Jira Server

Veracode Integration for Jira Server version 3.38.0 includes the following improvements:

  • Jira tickets from imported Static Analysis flaws now show the detected CWEs with a dash instead of an underscore. This CWE format matches the results in the Veracode Platform. For example, CWE_123 is now CWE-123.
  • Jira tickets from imported SCA vulnerabilities now support the Mitigation Status and Mitigation Status Description fields.

December 15, 2022

Veracode Mobile Application Packager is Deprecated

Veracode Mobile Application Packager is now deprecated and will be obsolete on February 1, 2023.

December 14, 2022

Veracode for VS Code Renamed to Veracode Greenlight for VS Code

Veracode for VS Code version 1.6.0 includes the following updates:

December 13, 2022

Veracode Azure DevOps Extension version 3.16.0 fixes the link on the Veracode Scan Summary tab. The link now opens the scan results in the Veracode Platform instead of the Application page.

December 6, 2022

Updated Veracode Static for Visual Studio

Veracode Static for Visual Studio version 1.7.0 fixes an issue where the extension could not authenticate with Veracode from a European Region instance.

November 16, 2022

Updated Veracode Integration for Jira

Veracode Integration for Jira version 3.37.0 fixes an issue where the plugin ignores all remaining applications after attempting to import findings from an application with COTS enabled.

November 14, 2022

Updated C# API Wrapper

Veracode C# API wrapper version 22.10.8.6 includes these updates:

  • Fixed an error that can occur if the filename of an uploaded file contains certain characters or symbols. For example, ~ ^ ' { }
  • The -debug parameter now logs timestamped messages that identify connectivity issues, error conditions, and the status of various composite actions.

Improved Veracode Greenlight for IntelliJ

Veracode Greenlight for IntelliJ version 1.8.5 adds support for IntelliJ IDEA 2022.2.3.

October 27, 2022

Java API Wrapper Has Improved Error Handling

Veracode Java API Wrapper version 22.10.10.4 now cancels any scans that exceed the upload limit.

October 21, 2022

Veracode Azure DevOps Extension Now Supports Automatic Deletion of Incomplete Scans

Veracode Azure DevOps Extension version 3.15.0 adds options for deleting incomplete scans in your pipeline. When configuring the extension, you can add -deleteincompletescan as an optional argument or add -deleteIncompleteScan as a YAML property.

Updated Veracode Static for Visual Studio

Veracode Static for Visual Studio (New) version 1.6.0 includes these changes:

  • Fixed an issue where web projects inside folders did not publish.
  • Fixed an issue where the scan progress bar in the IDE displayed as incomplete after clicking Custom Workflow.
  • Run Scan button in the IDE is now disabled when the scan status is in a failed state. In the Veracode Platform, you also see a warning message to resolve this issue.

September 29, 2022

Updated Greenlight for Eclipse

Greenlight for Eclipse version 2.9.6 includes minor security and documentation updates.

September 22, 2022

Improved Finding Import Performance for Veracode Integration for Jira Cloud

Veracode Integration for Jira Cloud version 4.6.0 adds a new filter that only imports findings with new scan data, policy changes, or changes to applied mitigations since the last import.

September 13, 2022

Java API Wrapper JavaDoc Update

In Veracode Java API Wrapper version 22.9.10.3 the documentation available in the wrapper installation file now describes the Credentials class.

August 29, 2022

Veracode Azure DevOps Extension Has Improved Flaw Importer Task

Veracode Azure DevOps Extension version 3.14.0 includes the following improvements to the Flaw Importer Task.

  • Uses fewer calls to complete flaw imports.
  • Fixes an issue where flaws without comments did not sync or close.
  • Fixes an issue where development sandbox findings did not import.

August 12, 2022

Veracode TeamCity Plugin Now Supports Automatic Deletion of Incomplete Scans

Veracode TeamCity Plugin version 2.7.0 adds configuration options for deleting incomplete scans.

August 9, 2022

Veracode Integration for Jira Server Now Retries Downloading the Detailed XML Report

Veracode Integration for Jira version 3.36.0 fixes an issue where the integration did not create tickets of imported flaws if it could not retrieve the Detailed XML Report. The integration now attempts to retrieve the Detailed XML Report during the next import cycle.

July 27, 2022

Updated C# API Wrapper

Veracode C# API wrapper version 22.8.8.5 includes these updates:

  • Supports the -debug parameter.
  • Fixes an issue to filter out Dynamic Analysis results.
  • Adds transaction ID header to uploadandscan.

July 20, 2022

Veracode Azure DevOps Extension Now Supports Importing SCA Vulnerabilities as Work Items

Veracode Azure DevOps Extension version 3.13.0 updates the Flaw Importer task to support importing Software Composition Analysis (SCA) vulnerabilities as work items.

July 14, 2022

Veracode Jenkins Plugin Now Supports Automatic Deletion of Incomplete Scans

Veracode Jenkins Plugin version 22.6.18.0 adds configuration options for deleting incomplete scans.

June 27, 2022

Improved Finding Import Performance for Veracode Integration for Jira Server

Veracode Integration for Jira Server version 3.35.0 adds a new filter that only imports findings with new scan data, policy changes, or changes to applied mitigations since the last import.

June 22, 2022

Deprecation of Admin XML APIs

Veracode has deprecated the Admin XML APIs for user and team management. End-of-support for these APIs is scheduled for June 30, 2023. Veracode recommends that you begin updating your automations to use the Identity REST APIs. Also, enabling the Single Sign-on and Just-in-Time Provisioning feature automatically disables the Admin XML APIs for user management. Before enabling this feature, ensure all of your automations are using the Identity APIs.

June 8, 2022

Updated Veracode Static for Visual Studio (New)

Veracode Static for Visual Studio (New) version 1.5.0 includes these changes:

May 18, 2022

Java API Wrapper Updates -deleteincompletescan Parameter with Backward Compatibility

Java API Wrapper version 22.5.10.1 updates the -deleteincompletescan parameter to be backward compatible with Java API wrapper versions earlier than 22.5.10.0, which released on May 4, 2022. After upgrading the wrapper, the parameter value automatically changes from boolean to an integer:

  • If set to true, the value changes to 1.
  • If set to false, the value changes to 0.

May 4, 2022

Java API Wrapper Has Improved -deleteincompletescan Parameter

Java API Wrapper version 22.5.10.0 includes changes to the -deleteincompletescan parameter for deleting incomplete scans when running the uploadandscan action. This parameter now accepts an integer value, rather than boolean, for deleting an incomplete scan based on the scan status.

note

These changes are not backward compatible with the -deleteincompletescan parameter available in earlier versions of the Java API Wrapper. If you currently use this parameter, after upgrading the wrapper you must change the value from boolean to one of the accepted integer values.

April 15, 2022

Introducing New Veracode Static Extensions for Visual Studio 2019 and 2022

Veracode Static for Visual Studio version 1.4.0 is a new extension for adding Static Analysis to Visual Studio 2019 and 2022. The new extension for Visual Studio 2019 provides major improvements compared to our current legacy extension for version 2019, which Veracode continues to support.

The extensions include these features:

  • Improved user experience for developers.
  • Powerful Summary View grid for reviewing and managing findings.
  • Streamlined workflow for building, packaging, and scanning your code.
  • Support for policy and sandbox scans.

An extension for each Visual Studio version is available from the Visual Studio Marketplace.

April 12, 2022

Veracode Greenlight Now Supports the New Visual Studio 2019 and 2022

Veracode Greenlight for Visual Studio version 1.3.184.96 is a new extension for adding Greenlight scanning to the newer versions of Visual Studio 2019 and 2022. An extension for each Visual Studio version is available from the Visual Studio Marketplace.

March 9, 2022

Updated Azure DevOps Extension

Veracode Azure DevOps Extension version 3.10.0 includes these changes:

  • TFS 2017 is no longer supported.
  • TFS 2018 support now requires Azure Pipeline Agent 2.196.2 or later.
  • Flaw Importer task can now import custom fields when using custom process templates.
  • Flaw Importer task can now overwrite the area path in work items when importing flaws.

· 8 min read

The updates on this page apply to Veracode Software Composition Analysis (SCA) in the Commercial Region.

August 28, 2023

Agent-Based Scan UI Now Displays CVSS v3

Because the National Vulnerability Database stopped supporting CVSS v2 in July 2022 and most users have moved to v3, the Library and Vulnerability pages of SCA's agent-based scan user interface now display CVSS v3 scores, instead of v2. You must clear the cache in your web browser to see these changes.

To also display CVSS v3 on the workspace Issue pages and the project Issue tab, you must update your agent rules to use CVSS v3.

August 16, 2023

Enhancements to SCA Agent Dependency Graph Traversal

Veracode has improved the performance of the SCA agent by optimizing how it handles dependencies with very complicated and intertwined dependency graphs.

August 8, 2023

Exploit Probability Added to SCA Agent APIs

Veracode has added data from the Exploit Prediction Scoring System (EPSS) to the SCA Agent REST APIs. Developed by FIRST.org, who also created the Common Vulnerability Scoring System (CVSS), the EPSS model produces a score between 0 and 1 (0 and 100%) that estimates the probability that a software vulnerability will be exploited in the wild. The data also includes the percentile of the current score, which shows the percentage of all vulnerabilities with the same or lower EPSS score. Veracode encourages customers to use EPSS data to prioritize which vulnerabilities to fix first.

July 21, 2023

Enhancements to .NET Scanning

Veracode has added the following enhancements to SCA scanning for .NET applications:

  • Reduced false positives and false negatives in SCA upload scans by adding support for deps.json and project.asset.json files.
  • Enhanced SCA Agent scans by adding ability to perform --quick scans on NuGet projects.

July 28, 2023

API to Retrieve List of SCA Agent Projects Linked to an Application

Veracode has released the getApplicationProjects API to allow users to retrieve a list of SCA agent projects that are linked to a specific application. Users who have rights to call the getApplications API may also call the getApplicationProjects API.

July 11, 2023

Additional Roles Can Call SBOM APIs

Veracode has expanded the list of roles that are allowed to call the CycloneDX Software Bill of Materials (SBOM) API and the SPDX SBOM API. See the SBOM API instructions for application profiles and agent-based projects for details.

June 28, 2023

SCA Agent CLI Now Displays CVSS v3 Severities

The Vulnerabilities section of the Summary Report that appears in your CLI after an SCA agent-based scan now displays CVSS v3 severities, instead of v2.

The Issues section still displays CVSS v2 severities by default, but you can edit the severity in your agent-based scanning rules to reflect v3. If you have not modified your rules to use CVSS v3, Veracode recommends setting up organization-level rules to avoid having to edit rules on every workspace individually.

June 20, 2023

Support for v3 Format of NPM Lockfiles

Veracode has added support for NPM lockfile format version 3. See Run an Agent-Based Scan for NPM or JavaScript and TypeScript Packaging for details.

May 15, 2023

Fixed Agent Error for Yarn Scans

Veracode has fixed an issue causing SCA agent-based scans of Yarn projects to erroneously fail.

May 9, 2023

Upgraded JRE for SCA Agent

Veracode has upgraded the Java Runtime Environment (JRE) for the SCA agent from version 11 to 17.

Added GNU Privacy Guard to SCA Agent Downloads

Veracode has added GNU Privacy Guard (GPG) signature files to all SCA agent downloads to verify you are downloading a valid version.

May 3, 2023

Fixed Scope Parameter for NPM Scans

Veracode has resolved an issue impacting the scope parameter for SCA agent-based scans of NPM projects.

April 14, 2023

SCA Agent Enhancements

Veracode has added the following enhancements to the SCA agent:

Temporarily Ignore Issues from Agent-Based Scans

You can now specify a date for Veracode to stop ignoring issues from SCA agent-based scans.

April 6, 2023

Enhancements to Go Scanning

Veracode has added the following enhancements to SCA scanning for Go projects:

  • Reduced false positives.
  • Reduced false negatives.
  • Increased scan speed.
  • Fixed an issue that removed component names when agent-based scan results were linked to an application.
  • Fixed an issue that caused indirect dependencies to appear in agent-based scan results as direct libraries instead of transitive libraries.

April 4, 2023

Enhanced SCA Agent Support for Java 17 Features

Veracode SCA has improved agent-based scan support for projects that contain Java 17 features.

April 3, 2023

NVD Severity Ratings for SCA Upload Scans

Veracode Software Composition Analysis (SCA) upload scans now support displaying updated severity ratings that more closely match the National Vulnerability Database (NVD) severity ratings. To enable this feature for your account, contact Veracode Technical Support.

March 16, 2023

New Mitigation Type Available for SCA Upload Scans

You can now choose to accept the risk of specific vulnerabilities and licenses as part of your mitigation process for Veracode SCA upload scans. This mitigation type is already available for Veracode Static Analysis and Dynamic Analysis.

February 3, 2023

Region Flag for Agent-Based Scans

Veracode SCA agent-based scans now provide a region flag that you can use to configure accounts in the European Region and United States Federal Region.

February 2, 2023

JRE Upgrade for SCA Agent

Veracode has upgraded the Java Runtime Environment (JRE) that is bundled with the Software Composition Analysis (SCA) agent.

January 13, 2023

Improved SCA Support for Python 3

Veracode Software Composition Analysis (SCA) agent-based scans now more effectively locate local Python 3 installations.

December 21, 2022

Generate SBOM in SPDX Format

You can now use the Veracode SCA Agent REST API to create a software bill of materials (SBOM) in SPDX JSON format from the results of your Veracode SCA upload scans.

December 14, 2022

SCA Support for Android

Veracode Software Composition Analysis (SCA) now supports scanning Android projects. This support includes AAR files for agent-based scans and APK and AAB files for upload scans.

September 15, 2022

SCA Support for Go Aliases

Veracode Software Composition Analysis (SCA) now supports aliases in Go projects. This support includes agent-based and upload scans.

Vulnerable Method Support for Java 17

Veracode SCA agent-based scanning now supports vulnerable method analysis for Java 17.

August 22, 2022

Set SCM URI as Project Name

You can now set the source code management (SCM) URI as your project name using the --uri-as-name option in your Veracode SCA agent-based scans.

July 22, 2022

SBOM API Support for SCA Agent-Based Scans Linked to Application Profiles

You can now use the Veracode SCA Agent REST API to create a software bill of materials (SBOM) from the results of your Veracode SCA agent-based scans that you have linked to an application profile. The API generates an SBOM in CycloneDX JSON format.

June 6, 2022

Generate SBOMs for SCA Agent-Based Scans with the REST API

You can now use the Veracode SCA Agent REST API to create a software bill of materials (SBOM) from the results of your Veracode SCA agent-based scans. The API generates an SBOM in CycloneDX JSON format.

May 9, 2022

SBOM API Support for Promoted Sandbox Scans

You can now generate a software bill of materials (SBOM) for Veracode SCA upload scans that have been promoted from sandbox to policy scans. The Veracode SCA Agent REST API includes promoted sandbox scan results when it returns a CycloneDX SBOM for an application.

SCA Upload and Scan Table Update

Veracode has removed the Number of Known Vulnerabilities by Severity column from the Applications table on the Upload and Scan page in the Veracode Platform. This update significantly reduces load times for the page. You can still view the number of known vulnerabilities by severity for each application in the application profile.

April 26, 2022

Generate SBOMs for SCA Upload Scans with the REST API

You can now use the Veracode SCA Agent REST API to create a software bill of materials (SBOM) from the results of your Veracode SCA upload scans. The API generates an SBOM in CycloneDX JSON format.

January 20, 2022

JSON Output for Agent-Based Scans Includes CVSS v3 Score

Veracode Software Composition Analysis (SCA) now provides the CVSS version 3 score in the JSON CLI output of your agent-based scan results. To use this feature, you must upgrade your Veracode SCA agent to version 3.7.77 or later.

· 3 min read

The updates on this page apply to the Veracode Platform in the Commercial Region.

July 19, 2023

Upgrade to Looker 22.20

Veracode has upgraded Analytics to use version 22.20 of the Looker platform. All existing dashboards now reflect the new Looker experience.

This upgrade introduces a known issue that prevents you from scrolling in the Timeline visualization. Additionally, you may experience an issue that automatically enables the Row Totals column in some pivot tables, which can cause rows to be double counted in stacked visualizations. To fix this issue, edit the dashboard and visualization, clear the Row Totals option, and save your changes.

Updated Security Program Overview Dashboard

The default number of applications displayed in the What is my policy compliance over time? section of the Security Program Overview dashboard in Veracode Analytics has decreased from 100 to 25.

To view additional applications, customize the visualization and adjust the Application Rank by Published Date Descending filter.

July 15, 2022

CWE Top 25 Now Reflects 2022 Version

The Auto-Update CWE Top 25 security standard that you use in Veracode policies now reflects the 2022 CWE Top 25 list.

June 28, 2022

Updated Single Sign-On and Just-In-Time Provisioning

New single sign-on (SSO) and Just-In-Time (JIT) provisioning capabilities in the Veracode Platform improve reliability and supportability and extend the roles that JIT provisioning supports. Before using this feature, you must update your SSO settings in your identity provider.

To begin the process of enabling these capabilities, contact Veracode Support.

May 19, 2022

The Issues Vulnerability Count Measure Changed

Issues Vulnerability Count now includes only issues where the Issue Type is a Vulnerability Issue. In the past, this measure included the count of Vulnerability, License, and Library issues. The calculation of Issues Vulnerability Count is still based on the filters you select.

  • Issues Issue Count: count of issues, regardless of type
  • Issues Vulnerability Count: count of vulnerability issues
  • Issues Libraries with Issues: total number of unique libraries with at least one issue

May 10, 2022

Sandbox Information Available in Unsubmitted Static Scans Data Export

Veracode has added sandbox information to the Unsubmitted Static Scans data export to make it easier to find the incomplete static scans for an application.

May 6, 2022

End of Support for Internet Explorer 11

Veracode will no longer support Microsoft Internet Explorer 11 after June 30, 2022. This change follows the Microsoft updates to its support model for Internet Explorer. Veracode recommends that you switch to a supported browser to avoid issues.

Official Support for Microsoft Edge

The Veracode Docs are updated to confirm that Microsoft Edge is a supported browser.

April 4, 2022

Improved Team Management in the Veracode Platform

Veracode has improved the usability of the team management options on the Administration page in the Veracode Platform.

March 22, 2022

View Applications by Policy Evaluation Date

You can now view the date and time of the most recent event that triggered a policy evaluation for an application in a new field in the Applications REST API and the Applications list in the Veracode Platform. You can use this field to search for applications that have had new scans or approved mitigations since the listed date.

· One min read

The updates on this page apply to the Veracode CLI in all Veracode Regions.

June 28, 2023

Introducing Veracode Fix

Veracode Fix is a new generative AI feature of the Veracode CLI. It uses the results from a Veracode Pipeline Scan to generate suggested code fixes that you can apply to flaws in your application source code. This feature is currently only available in the Commercial Region. To get started, see the quickstart.

December 30, 2022

Released Veracode Container Security

Veracode Container Security is available. Container Security is a feature of the Veracode CLI that does the following:

  • Scans for container vulnerabilities
  • Scans for infrastructure as code misconfigurations
  • Scans for improperly stored secrets
  • Helps developers secure their cloud native applications

For more information about Veracode Container Security, contact your Veracode account representative.

· 6 min read

The updates on this page apply to Veracode Security Labs and Veracode eLearning. Security Labs is only supported in the Commercial Region. eLearning is supported in all Veracode regions.

May 3, 2023

New Security Labs Lessons

OWASP Top 10 2021 Labs

New OWASP 10: Get There From Here (Python, Go)

April 5, 2023

New Security Labs Lessons

OWASP Top 10 2021 Labs

New OWASP 10: Get There From Here (.NET, Flask)

OWASP API Security Top 10 Labs

  • New API 5: Neglected Endpoints (Java)
  • New API 6: Bad Design Compromises Security (Java)
  • New API 6: Bad Design Compromises Security (.NET) (revamped!)

March 1, 2023

New Security Labs Lessons

Getting Started Labs

New Getting Started - Lesson Zero (Flask, Go, Python)

OWASP Top 10 2021 Labs

  • New OWASP 1: Broken Access Control - Secrets in the Log (Java)
  • New OWASP 4: Making Secure Decisions (Flask, Go, Python)

OWASP API Security Top 10 Labs

  • New API 4: Slow Down (Java)
  • New API 4: Brute Force (Java)
  • New API 4: Denial of Service (Java)

February 1, 2023

New Security Labs Lessons

OWASP Top 10 2021 Labs

  • New OWASP 1: Broken Access Control - Loose Lips Sink Servers (Dotnet)
  • New Beyond OWASP Top 10: Other Web App Risks - Know Your Limits (Java)

OWASP API Security Top 10 Labs

  • New API 3: Bugs in Debug (Java)
  • New API 3: Revealing Schemas (Java)

January 4, 2023

New Security Labs Lessons

OWASP Top 10 2021 Labs

New Beyond OWASP Top 10: Other Web App Risks - Do You Remember? (Dotnet)

OWASP API Security Top 10 Labs

  • New API 2: Really, Really Bad Passwords (Java)
  • New API 2: Terrible Password (Java)

December 6, 2022

New Security Labs Lessons

OWASP Top 10 2021 Labs

  • New OWASP 4: Insecure Design - Insecure Decisions (Dotnet, Java)
  • New OWASP 4: Making Secure Decisions (Java)

OWASP API Security Top 10 Labs

  • New API 1: One ID to Access All Objects (Java)
  • New API 1: Stronger IDs (Java)

Getting Started Labs

New Getting Started - Lesson Zero (Java, Node)

November 1, 2022

New Security Labs Lessons

OWASP Top 10 2021 Labs

  • New OWASP 1: Broken Access Control - Loose Lips Sink Servers (Node)
  • New OWASP 4: Insecure Design - Valid Deficit (Dotnet)

OWASP API Security Top 10 Labs

New API 4: Lack of Resources & Rate Limiting - Denial of Service

October 4, 2022

New Security Labs Lessons

OWASP Top 10 2021 Labs

  • New OWASP 4: Insecure Design - Valid Deficit (Node)
  • New OWASP 9: Security Logging and Monitoring Failures - Hold the Line (Dotnet, Java)

September 26, 2022

Topic Progress Bar Now Focused on Required Labs

In Security Labs, the progress bar for a topic now shows the completion status for required labs only. If all required labs in a topic are complete, the progress bar shows 100% completion, even when there are incomplete optional labs.

September 6, 2022

One New Security Labs Lesson

OWASP Top 10 2021 Labs

New OWASP 9: Security Logging and Monitoring Failures - Hold the Line (Node)

August 24, 2022

New Click-Through Tour

August 3, 2022

Three New API Security Labs Lessons

OWASP API Security Top 10 Labs

July 6, 2022

Seven New API Security Labs Lessons and One Updated OWASP Course

OWASP API Security Top 10 Labs

  • New API 7 Security Misconfiguration - Jot down this key (.NET)
  • New API 7 Security Misconfiguration - Secret Admins (.NET)
  • New API 7 Security Misconfiguration - eXternal Entity (injection) (.NET)
  • New API 7 Security Misconfiguration - XML is always a Challenge (.NET)
  • New API 8 Injection - Own the database (.NET)
  • New API 8 Injection - Parameterize all the things (.NET)
  • New API 8 Injection - Bobby Tables (.NET)

OWASP Top 10:2021:10 Server-Side Request Forgery

New Get There From Here (Node)

June 30, 2022

Updated One eLearning Learner Level Course and Added Two New AppSec Tutorials

  • Updated the OWASP 2017 course to OWASP 2021 on Learner Level 1
  • Added two new AppSec Tutorials on Learner Level 2

June 1, 2022

The Security Training Team Released Two New API Security Courses and Updated Eight OWASP Courses

OWASP API Security Top 10 Labs

OWASP Top 10 2021 Labs

See the Course Catalog for more details.

  • A01:2021 Broken Access Control
  • A02:2021 Cryptographic Failures
  • A03:2021 Injection
  • A05:2021 Security Misconfiguration
  • A06:2021 Vulnerable and Outdated Components
  • A07:2021 Identification and Authentication Failures
  • A08:2021 Software and Data Integrity Failures
  • A09:2021 Security Logging and Monitoring Failures

May 19, 2022

The Security Training Team Released Three New eLearning Courses and Updated One Course

  • Updated A04: eLearning Secure Architecture and Design
  • New OWASP Top 10 2021
  • New A10: Server-Side Request Forgery AppSec Tutorial
  • New A08: Software and Data Integrity Failures AppSec Tutorial

May 4, 2022

The Security Training Team Released Seven Labs

OWASP API Security Top 10 Labs:

OWASP Top 10 2021 Labs:

April 6, 2022

Two New Labs

· 6 min read

The updates on this page apply to the following Veracode Dynamic Application Security Testing (DAST) features in the Commercial Region:

May 9, 2023

ISM Endpoint 23.5.0

Added executable scripts that update the JAVA_HOME path for the endpoint.

April 25, 2023

ISM Endpoint 23.4.2

  • The endpoint now supports environments where the target host is on the same host as the client.
  • Source code files now include a copyright header.

February 27, 2023

Set URL Scan Settings at the Organization Level

You can now use the Dynamic Analysis REST API to set URL scan settings for all analyses and scans in an organization.

February 17, 2023

New Manual Resume Feature for Paused Analyses

Veracode Dynamic Analysis adds a new feature that enables you to manually resume a scheduled analysis from a paused state. This feature is only available upon request. To add this feature to your account, contact Veracode Technical Support.

January 20, 2023

Renamed URL Scan Status Messages

Veracode has renamed and changed the descriptions for the following URL scan status messages for Dynamic Analysis. The new names more accurately describe the issues that caused these status messages to appear in the Veracode Platform.

  • Killed - Partial Results Available is now Lockout - Partial Results Available.
  • Killed - Verifying Partial Results is now Lockout - Verifying Partial Results.

December 19, 2022

ISM Endpoint 22.12.3

  • Fixed an endpoint issue that caused threads to lock up until the ISM tunnel closes.
  • Improved endpoint logging that Veracode Technical Support can use for troubleshooting.

October 18, 2022

API Scanning Adds Support for Scriptable Request Modification

Veracode API Scanning adds a new option for using JavaScript to modify an HTTP request, at runtime, when authenticating with a remote host.

October 5, 2022

New Similarity Threshold for Web Applications

When configuring an analysis of a web application, you can now set a threshold for ignoring similar web pages during the analysis.

September 7, 2022

Dynamic Analysis Now Creates Screenshots for Consecutive Login Failures

The Veracode scan engine now creates a verification screenshot if it is unable to log in to a target application after 50 attempts. The screenshot image shows when and where in the scanning process the failed login attempts occurred. You can use this information for troubleshooting.

August 2, 2022

New Historical Details for Dynamic Analyses and Scans

You can now view detailed information about all past occurrences of both a dynamic analysis and its scans.

May 18, 2022

Re-Enabled Pause and Resume for Scheduled Analyses

When scheduling a Dynamic Analysis, you can now set it to pause and resume scanning at specific days and times. Veracode disabled this option on October 7, 2021.

April 28, 2022

New Status Messages for Partial Scan Results

Dynamic Analysis now provides status messages that indicate when Veracode is verifying partial results and when partial results are available for review. Partial results can occur when a scan stops prematurely due to:

  • Errors during scanning
  • Users stopping the scan early
  • The scan exceeding its configured duration

March 23, 2022

API Scanning Adds Support for OpenID Connect to OAuth 2.0

Veracode API Scanning adds a new option to specify an OpenID Connect URL when configuring OAuth 2.0 authentication.

March 10, 2022

Dynamic Analysis Adds Support for Concurrent Browsers Running Dynamic Analysis Scans

Veracode Dynamic Analysis now supports concurrent browsers for running multiple Dynamic Analysis scans at the same time. When configuring a web application scan, you can specify up to 12 concurrent browsers.

March 8, 2022

API Scanning Adds OAuth 2.0 Authentication and Analysis History Options

Veracode API Scanning includes these changes:

  • New option to configure OAuth 2.0 authentication for the API endpoints in your API specifications. You can select to use either the Client Credentials or Password Credentials grant type.
  • New Associated Analysis field on the API Specification Details page for a given API specification. This field provides options for viewing, reconfiguring, and rerunning previous scans.

March 3, 2022

Dynamic Analysis Now Detects Log4j Vulnerability CWE-115

Veracode Dynamic Analysis can now detect Log4j vulnerability CWE-115 when scanning web applications or API specifications.

February 4, 2022

Updated Dynamic Analysis Scan Engine

The Dynamic Analysis scan engine includes these updates:

  • Updated Chromium to version 98.0.4758.80
  • Log4j security updates
  • Improved connectivity when authenticating with Veracode
  • Fix for insecure cookies that prevented flaw matching

January 25, 2022

ISM Endpoint 22.1.10

  • Endpoint upgraded to Log4j 2.17.1 to address security findings.
  • Improved thread management for connection stability.
  • Advanced memory usage diagnostics.

December 21, 2021

ISM Endpoint 21.12.13

  • Endpoint upgraded to Log4j 2.17 to address known vulnerabilities CVE-2021-44228 and CVE-2021-45046.
  • Additional libraries upgraded to address security findings.

August 10, 2020

ISM Endpoint 20.8.5

  • Endpoint now supports not resolving the hostname when accessing the ISM gateway via proxy. This support enables you to only allow the gateway hostname for outbound HTTPS calls.
  • Endpoint now supports not resolving the hostname when accessing scanned URLs via proxy. This support simplifies proxy configuration if you do not want to access external sites, such as Okta, during the scan.
  • Improved interface for configuring a proxy for the endpoint installer.
  • Endpoint installer supports configuring hostname resolution properties.
  • Java WebSocket library for the endpoint upgraded to version 1.5.1.
  • Endpoint supports specifying non-default network interface via endpoint properties, including the option to see a list of available network interfaces.
  • Endpoint process name on Linux includes a Veracode identifier.
  • Improved endpoint logging.

March 9, 2020

ISM Endpoint 20.3.5

  • Endpoint installer supports client-side Java and 32-bit Java.
  • Endpoint installer supports proxy gateway-only property.
  • Endpoint supports running diagnostics through a DSE tunnel.
  • Endpoint supports new advanced diagnostics options.
  • Consolidated direct diagnostic options and diagnostics options that run through a DSE tunnel.
  • The ISM service from the Windows installer runs under the less privileged LocalService account instead of LocalSystem.
  • Proxy configuration in the installer no longer requires web access to veracode.com.
  • Resolved issue with property merge in the endpoint installer.
  • Improved endpoint memory management and out of memory protection.

· One min read

Review the product updates for the latest features, enhancements, important announcements, and release notes for Veracode products and services. Subscribe to all posts with the RSS feed.

To the left, under Updates by region, the latest posts are at the top of the list.

The update sections are categorized by product area and Veracode region, such as Commercial (the default). Your Veracode account is in one of these regions. If you do not know the region for your account, contact the Veracode Administrator for your organization.

Downloads

To download the latest Veracode integrations, see Integrate with Veracode or go to Community Integrations.

Archives

The following sections are archived updates for older releases. Veracode no longer maintains these sections.

· One min read

The updates on this page apply to the Veracode Dynamic Analysis Security Testing (DAST) features in the European Region:

Discovery Scans is not supported in the European Region.

October 21, 2022

ISM available for Dynamic Analysis

Internal Scanning Management (ISM) is now available for Veracode Dynamic Analysis of web applications and API specifications in the European Region.

July 28, 2022

Dynamic Analysis available for European Region

Veracode Dynamic Analysis is now available in the European Region. If you have a Veracode Dynamic Analysis subscription, you can now perform dynamic analysis security testing and API testing against public facing web applications and APIs.

· One min read

The updates on this page apply to Veracode Static Analysis Security Testing (SAST) in the European Region.

note

Veracode delivers the same Static Analysis language and framework support to both the European Region and the Commercial Region. For information about static language and framework updates, see the Static Analysis updates.

October 20, 2021

Veracode European Region now available

The Veracode European Region is now available for new customers. This region, which initially supports Veracode Static Analysis and Veracode Software Composition Analysis, provides European data residency for Veracode customers.

· One min read

The updates on this page apply to the Veracode Platform in the European Region.

September 29, 2022

New Application Security Platform features available in European Region

The following features are now available in the European Region.

May 10, 2022

SCA dashboards available in Analytics

Data from Veracode Software Composition Analysis (SCA) agent-based scans and upload scans is now available in Veracode Analytics for the European Region. The predefined Veracode dashboards, including the SCA Findings dashboard, now contain SCA scan data. You can also use the Findings, SCA Agent-Based Scans, and SCA Agent-Based Scan Issues data explores for custom reporting.

May 3, 2022

Support cases and scheduled consultations now available

You can now raise a support case and schedule a consultation from the Veracode Platform in the European Region.

Veracode Platform services updated to current versions

Applications and policies for the European Region now run on the current versions in the Veracode Platform.