March 20, 2023
Veracode SCA Scan for VS Code 0.7.0
This update includes the following improvements:
- The extension now includes an SCA Agent. After you install the extension, you can install the SCA Agent from within the IDE and start scanning.
- You can point to a vulnerability in the VULNERABILITIES view to see whether it passes the built-in policy.
- The Vulnerability Details window now shows the policy for the selected vulnerability.
- To indicate which vulnerabilities have passed the built-in policy, the VULNERABILITIES view now groups them by Did Not Pass Policy or Passed Policy.
March 8, 2023
Java API Wrapper 23.3.11.0
This version includes the following changes:
- You can now provide a proxy host, port, and its credentials in an environment variable. The environment variable name must be
https_proxy
. - Displays error messages for code 429 if you exceed the request limit.
March 2, 2023
Veracode Azure DevOps Extension 3.19.0
This update adds support for both of the following YAML property values:
ConnectionDetailsSelection='Endpoint'
ConnectionDetailsSelection='Service Connection'
March 1, 2023
Veracode Azure DevOps Extension 3.18.0
This update includes the following changes:
- Changes the YAML property value
ConnectionDetailsSelection='Endpoint'
toConnectionDetailsSelection='Service Connection'
. When you upgrade to this new extension, you must update your YAML with the new value name. - Static Analysis work items now have a Grace Period Expiration field.
- SCA works items now have a First Found Date field and File Path field for vulnerabilities.
- The Summary Report now shows a link to the Scan Details page.
- The extension now fails the build if Development Sandbox scans find SCA vulnerabilities.
- Builds no longer fail when the
Fail build if Upload and scan build steps fails
option is cleared, but the application name contains special characters.
February 28, 2023
Veracode Greenlight for IntelliJ Supports IntelliJ v2022.2.3
Veracode Greenlight v1.8.7 adds support for IntelliJ v2022.2.3.
February 22, 2023
Updated Identity REST API
You can now use the Identity REST API to manage Veracode API credentials for API service accounts, also called API users.
February 9, 2023
Updated Veracode SCA Scan for VS Code
Veracode SCA Scan for VS Code version 0.6.0 includes the following updates:
- Adds a Create a Case link that you can use to send a support case to Veracode Technical Support.
- Adds a Leave Feedback link that you can use to provide feedback in a survey.
- Fixes an issue where the extension did not verify undefined or null values.
February 3, 2023
Mandatory Upgrade for Veracode Greenlight for IntelliJ
Veracode Greenlight for IntelliJ version 1.8.6 supports a recent change to the Greenlight API. To continue using this plugin, you must upgrade to this version by February 13, 2023.
February 2, 2023
Mandatory Upgrade for Veracode Greenlight for Eclipse
Veracode Greenlight for Eclipse version 2.9.7 includes these changes:
- Supports a recent change to the Greenlight API. To continue using this plugin, you must upgrade to this version by February 13, 2023.
- Fixes a refresh issue that flashes various status messages at the bottom of the Eclipse interface.
February 1, 2023
Updated Java API Wrapper
Veracode Java API Wrapper version 23.1.10.5 adds logic to identify and remove unicode application names from the XML response.
Veracode Mobile Application Packager Has Reached End of Life
Veracode Mobile Application Packager is now End of Life (EOL) and is no longer supported by Veracode Technical Support. To compile and package tvOS or iOS applications that you developed in the Xcode IDE, see the packaging requirements.
January 30, 2023
Mandatory Greenlight Upgrades for Eclipse and IntelliJ
Veracode has made a change to the Greenlight API that will impact the following plugins.
- Veracode Greenlight for Eclipse version 2.9.6 and earlier
- Veracode Greenlight for IntelliJ version 1.8.5.2022 and earlier
New versions of these plugins will be available on February 2, 2023 and February 3, 2023, respectively. To continue using these plugins, you must upgrade to the new versions by February 13, 2023.
January 23, 2023
Veracode Integration for Jira Supports Jira Server 9
Veracode Integration for Jira version 4.0.1 adds support for Jira Server 9. This integration no longer supports Jira Server 8.6.0 and earlier.
January 17, 2023
Introducing Veracode SCA Scan for VS Code
Veracode SCA Scan for VS Code version 0.5.0 is a new extension that integrates Software Composition Analysis (SCA) into VS Code. Developers can scan their code to detect security risks in open-source libraries, library dependencies, and licenses. The detailed scan results help developers learn about vulnerabilities, prioritize security fixes, and remediate security issues from within their IDE. Version 0.5.1 only removes an obsolete README
.
January 10, 2023
Renaming the ConnectionDetailsSelection='Endpoint'
YAML Property
In February 2023, Veracode will release a new Azure DevOps Extension that uses the YAML property value ConnectionDetailsSelection='Service Connection'
rather than the current value ConnectionDetailsSelection='Endpoint'
. When upgrading to this new extension, you must update your YAML with the new value name.
January 5, 2023
Improved Veracode Azure DevOps Extension
Veracode Azure DevOps Extension version 3.17.0 includes the following improvements:
- Renamed the Veracode Analysis Center link to Veracode Platform.
- The extension no longer fails a pipeline build if it has a policy assessment of Conditional Pass, even if the Fail build if application fails security policy checkbox is selected.
- Fixed a minor error-handling issue when the build artifact directory is empty.
- The Flaw Import task now fails the build when importing flaws with an unsupported process template and the Fail build if flaw importer build step fails checkbox is selected.
January 3, 2023
Improved Veracode Integration for Jira Cloud
Veracode Integration for Jira Cloud version 4.7.0 now successfully loads the Findings Import page when importing large Jira projects.
December 19, 2022
Improved Veracode Integration for Jira Server
Veracode Integration for Jira Server version 3.38.0 includes the following improvements:
- Jira tickets from imported Static Analysis flaws now show the detected CWEs with a dash instead of an underscore. This CWE format matches the results in the Veracode Platform. For example, CWE_123 is now CWE-123.
- Jira tickets from imported SCA vulnerabilities now support the Mitigation Status and Mitigation Status Description fields.
December 15, 2022
Veracode Mobile Application Packager is Deprecated
Veracode Mobile Application Packager is now deprecated and will be obsolete on February 1, 2023.
December 14, 2022
Veracode for VS Code Renamed to Veracode Greenlight for VS Code
Veracode for VS Code version 1.6.0 includes the following updates:
- Changed the name of the extension to Veracode Greenlight for VS Code.
- Using File > Save on a single file now saves only that file, not all unsaved files.
December 13, 2022
Veracode Azure DevOps Extension Fixes Link to Veracode Platform
Veracode Azure DevOps Extension version 3.16.0 fixes the link on the Veracode Scan Summary tab. The link now opens the scan results in the Veracode Platform instead of the Application page.
December 6, 2022
Updated Veracode Static for Visual Studio
Veracode Static for Visual Studio version 1.7.0 fixes an issue where the extension could not authenticate with Veracode from a European Region instance.
November 16, 2022
Updated Veracode Integration for Jira
Veracode Integration for Jira version 3.37.0 fixes an issue where the plugin ignores all remaining applications after attempting to import findings from an application with COTS enabled.
November 14, 2022
Updated C# API Wrapper
Veracode C# API wrapper version 22.10.8.6 includes these updates:
- Fixed an error that can occur if the filename of an uploaded file contains certain characters or symbols. For example,
~ ^ ' { }
- The
-debug
parameter now logs timestamped messages that identify connectivity issues, error conditions, and the status of various composite actions.
Improved Veracode Greenlight for IntelliJ
Veracode Greenlight for IntelliJ version 1.8.5 adds support for IntelliJ IDEA 2022.2.3.
October 27, 2022
Java API Wrapper Has Improved Error Handling
Veracode Java API Wrapper version 22.10.10.4 now cancels any scans that exceed the upload limit.
October 21, 2022
Veracode Azure DevOps Extension Now Supports Automatic Deletion of Incomplete Scans
Veracode Azure DevOps Extension version 3.15.0 adds options for deleting incomplete scans in your pipeline. When configuring the extension, you can add -deleteincompletescan
as an optional argument or add -deleteIncompleteScan
as a YAML property.
Updated Veracode Static for Visual Studio
Veracode Static for Visual Studio (New) version 1.6.0 includes these changes:
- Fixed an issue where web projects inside folders did not publish.
- Fixed an issue where the scan progress bar in the IDE displayed as incomplete after clicking Custom Workflow.
- Run Scan button in the IDE is now disabled when the scan status is in a failed state. In the Veracode Platform, you also see a warning message to resolve this issue.
September 29, 2022
Updated Greenlight for Eclipse
Greenlight for Eclipse version 2.9.6 includes minor security and documentation updates.
September 22, 2022
Improved Finding Import Performance for Veracode Integration for Jira Cloud
Veracode Integration for Jira Cloud version 4.6.0 adds a new filter that only imports findings with new scan data, policy changes, or changes to applied mitigations since the last import.
September 13, 2022
Java API Wrapper JavaDoc Update
In Veracode Java API Wrapper version 22.9.10.3 the documentation available in the wrapper installation file now describes the Credentials
class.
August 29, 2022
Veracode Azure DevOps Extension Has Improved Flaw Importer Task
Veracode Azure DevOps Extension version 3.14.0 includes the following improvements to the Flaw Importer Task.
- Uses fewer calls to complete flaw imports.
- Fixes an issue where flaws without comments did not sync or close.
- Fixes an issue where development sandbox findings did not import.
August 12, 2022
Veracode TeamCity Plugin Now Supports Automatic Deletion of Incomplete Scans
Veracode TeamCity Plugin version 2.7.0 adds configuration options for deleting incomplete scans.
August 9, 2022
Veracode Integration for Jira Server Now Retries Downloading the Detailed XML Report
Veracode Integration for Jira version 3.36.0 fixes an issue where the integration did not create tickets of imported flaws if it could not retrieve the Detailed XML Report. The integration now attempts to retrieve the Detailed XML Report during the next import cycle.
July 27, 2022
Updated C# API Wrapper
Veracode C# API wrapper version 22.8.8.5 includes these updates:
- Supports the
-debug
parameter. - Fixes an issue to filter out Dynamic Analysis results.
- Adds transaction ID header to uploadandscan.
July 20, 2022
Veracode Azure DevOps Extension Now Supports Importing SCA Vulnerabilities as Work Items
Veracode Azure DevOps Extension version 3.13.0 updates the Flaw Importer task to support importing Software Composition Analysis (SCA) vulnerabilities as work items.
July 14, 2022
Veracode Jenkins Plugin Now Supports Automatic Deletion of Incomplete Scans
Veracode Jenkins Plugin version 22.6.18.0 adds configuration options for deleting incomplete scans.
June 27, 2022
Improved Finding Import Performance for Veracode Integration for Jira Server
Veracode Integration for Jira Server version 3.35.0 adds a new filter that only imports findings with new scan data, policy changes, or changes to applied mitigations since the last import.
June 22, 2022
Deprecation of Admin XML APIs
Veracode has deprecated the Admin XML APIs for user and team management. End-of-support for these APIs is scheduled for June 30, 2023. Veracode recommends that you begin updating your automations to use the Identity REST APIs. Also, enabling the Single Sign-on and Just-in-Time Provisioning feature automatically disables the Admin XML APIs for user management. Before enabling this feature, ensure all of your automations are using the Identity APIs.
June 8, 2022
Updated Veracode Static for Visual Studio (New)
Veracode Static for Visual Studio (New) version 1.5.0 includes these changes:
- Change the scan name from the name that Veracode generates and assigns during scanning.
- Import and review XML scan results from Veracode Detailed Reports.
May 18, 2022
Java API Wrapper Updates -deleteincompletescan
Parameter with Backward Compatibility
Java API Wrapper version 22.5.10.1 updates the -deleteincompletescan
parameter to be backward compatible with Java API wrapper versions earlier than 22.5.10.0, which released on May 4, 2022. After upgrading the wrapper, the parameter value automatically changes from boolean to an integer:
- If set to
true
, the value changes to1
. - If set to
false
, the value changes to0
.
May 4, 2022
Java API Wrapper Has Improved -deleteincompletescan
Parameter
Java API Wrapper version 22.5.10.0 includes changes to the -deleteincompletescan
parameter for deleting incomplete scans when running the uploadandscan
action. This parameter now accepts an integer value, rather than boolean, for deleting an incomplete scan based on the scan status.
These changes are not backward compatible with the -deleteincompletescan
parameter available in earlier versions of the Java API Wrapper. If you currently use this parameter, after upgrading the wrapper you must change the value from boolean to one of the accepted integer values.
April 15, 2022
Introducing New Veracode Static Extensions for Visual Studio 2019 and 2022
Veracode Static for Visual Studio version 1.4.0 is a new extension for adding Static Analysis to Visual Studio 2019 and 2022. The new extension for Visual Studio 2019 provides major improvements compared to our current legacy extension for version 2019, which Veracode continues to support.
The extensions include these features:
- Improved user experience for developers.
- Powerful Summary View grid for reviewing and managing findings.
- Streamlined workflow for building, packaging, and scanning your code.
- Support for policy and sandbox scans.
An extension for each Visual Studio version is available from the Visual Studio Marketplace.
April 12, 2022
Veracode Greenlight Now Supports the New Visual Studio 2019 and 2022
Veracode Greenlight for Visual Studio version 1.3.184.96 is a new extension for adding Greenlight scanning to the newer versions of Visual Studio 2019 and 2022. An extension for each Visual Studio version is available from the Visual Studio Marketplace.
March 9, 2022
Updated Azure DevOps Extension
Veracode Azure DevOps Extension version 3.10.0 includes these changes:
- TFS 2017 is no longer supported.
- TFS 2018 support now requires Azure Pipeline Agent 2.196.2 or later.
- Flaw Importer task can now import custom fields when using custom process templates.
- Flaw Importer task can now overwrite the area path in work items when importing flaws.