Skip to main content

2021 updates archive

· 27 min read

This page lists the archived updates for 2021.

View the list below for highlights of previous releases.

December 20, 2021

New Veracode Static Analysis Support for Languages and Frameworks

Veracode has improved static analysis by adding support for:

  • Azure Functions used in .NET
  • Thymeleaf templates for Spring Boot

Veracode has improved static analysis by adding support for these new versions:

  • Initial support of .NET 6.0
  • Initial support of Android 12

November 18, 2021

New Veracode Static Analysis Support

Veracode has improved static analysis by adding:

  • Full support for JDK 17
  • Full support for ColdFusion 2016

October 21, 2021

New Veracode Static Analysis Support

  • Veracode has improved static analysis by adding support for Apex 52.0.

Improved Veracode Static Analysis Support

  • Veracode has further improved its accuracy in its detection of hard-coded credentials in applications. You might see a decrease in false positives related to hard-coded credentials.

September 28, 2021

New Veracode Static Analysis Support

Veracode has improved static analysis by adding:

  • Initial support for iOS 15
  • Full support for .NET 5.0

Improved Veracode Static Analysis Support

  • Veracode has improved its detection of hard-coded passwords in applications. You might see an increase in findings related to hard-coded passwords.

August 26, 2021

New Support for GCC 10 on Red Hat Enterprise Linux 8

  • Veracode has improved static analysis by adding support for the GCC 10 compiler on Red Hat Enterprise Linux.

Improved Static Analysis Support

Veracode has made several improvements to static analysis, including:

  • Prevention of reporting hard-coded credentials for variables related to mock libraries
  • Prevention of reporting hard-coded credentials for nonsensitive data in JavaScript dictionaries
  • Improved recognition of password keywords in concatenated strings
  • Improved heuristics to identify potentially sensitive data

July 22, 2021

New Veracode Static Analysis Support

  • Veracode has improved static analysis by adding support for Angular 12 applications.

Improved Veracode Static Analysis Results

  • Veracode has improved static analysis for Node.js 13 and 14 applications.

June 16, 2021

Pipeline Scan Supports Uploading Larger Files

  • Veracode Pipeline Scan now supports the analysis of applications up to 200 MB.

June 2, 2021

New Veracode Static Analysis Support

Veracode has improved static analysis by adding support for these new technologies:

  • Initial Support of Java 16
  • tvOS

Compatibility Updates for iOS and tvOS Application Packager

  • Veracode has improved the mobile application packager used for preparing iOS and tvOS applications to support the latest versions of macOS. This update also includes several usability improvements based on user feedback.

New Distribution Method for the Ruby Gem Packager

  • Veracode began distributing the Gem file required for preparing Ruby on Rails applications. For the latest updates to the Gem file, retrieve the file from rubygems.org using these Veracode instructions.

May 3, 2021

New Veracode Static Analysis Support

  • Veracode has improved static analysis by adding support for AWS SDK for .NET.

Improved Veracode Static Analysis Results

  • Veracode has improved static analysis of Java applications by identifying additional security flaws related to deserialization vulnerabilities.

April 6, 2021

Improved Veracode Static Analysis Support for Android Applications

  • Veracode has improved static analysis of Android applications by adding support for Android applications packaged as Android App Bundles (AAB).

April 1, 2021

Deprecated Support for Older Versions of Veracode Pipeline Scan

  • On April 1 2021, Veracode will no longer support versions of pipeline-scan.jar that you have downloaded before September 2020. These versions are 20.9.1 and earlier. To identify the version of the pipeline-scan.jar that you are using, you can run it with the --version option at the command line.

  • To transition to a supported version of the JAR file, replace the version that you are using with the latest one, which you can download here: https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip Veracode also provides Pipeline Scan as a Docker image on ### Docker Hub](https://hub.docker.com/r/veracode/pipeline-scan).

  • Updating to the latest version of pipeline-scan.jar ensures that you are working with the latest version of the Veracode software, which includes many new features and bug fixes.

March 31, 2021

New Veracode Static Analysis Support

  • Veracode has improved static analysis by adding support for Blazor WebAssembly for.NET applications.

Improved Veracode Static Analysis Results

  • Veracode has improved static analysis of .NET Core 3.1 applications.

Remediation Guidance Added to Pipeline Scan Results

  • The Pipeline Scan results now include links to the Veracode Knowledge Base, which provides suggestions for remediating issues.

March 2, 2021

New Veracode Static Analysis Support for Languages and Frameworks

Veracode has improved static analysis by adding support for these new versions of supported technologies:

  • Transact-SQL 15.x
  • Ember.js 3.x for JavaScript

Veracode has improved static analysis by adding initial support for these versions of supported technologies:

  • .NET 5
  • Kotlin 1.4
  • Groovy 3

Improved Veracode Static Analysis Support for iOS

  • Veracode has provided additional security checks for applications built using iOS 14. You may see additional findings for applications as a result of these improvements.

Improved Results for Cryptography Findings for Java Applications

  • Veracode has improved static analysis of Java applications by updating the list of acceptable cryptography algorithms.

February 4, 2021

New Veracode Static Analysis Support

Veracode has improved static analysis by adding support for these new technologies:

  • C++ applications built with GCC 9 on RedHat 8
  • Koa.js version 2.13
  • Hibernate framework version 5
  • Autofac framework. Static analysis of .NET applications that use Autofac may report additional findings as a result of these improvements.

Improved Veracode Static Analysis Results

Veracode provides these improvements for supported technologies:

  • Additional security checks for applications built using functions specific to Android 10. You may see additional findings for applications as a result of these improvements.
  • Enhanced accuracy of scan results of PHP and Python applications. The scan results now provide more emphasis on custom first-party components rather than third-party libraries.

Improved Prescan Warning Messages

  • Veracode has improved warning messages to identify applications that do not meet Veracode packaging requirements.

  • Veracode has also improved the accuracy of warning messages for several languages and file types by providing more descriptive error resolution recommendations.

Improved Results Consistency for Java Applications

  • Veracode has improved static analysis of Java web applications packaged as WAR and EAR files. Veracode provides more consistent results between subsequent scans and more accurately recognizes first-party components in the applications.

  • You may notice a one-time change to scan results as a result of this improvement.

Improved Results Accuracy Within JSP Files

  • Veracode has improved static analysis of JSP applications to prevent static analysis from reporting duplicate flaws.

January 12, 2021

Compilation Guide Renamed

  • To more accurately describe its contents, the Compilation Guide is now called Veracode Packaging Requirements.

January 7, 2021

Pipeline Scan Integration with Veracode Security Policies

  • Veracode has improved the Pipeline Scan to support the use of policy rules defined in the Veracode Platform. This enhancement allows you to assess applications against consistent rules for pass or fail.

Dynamic Analysis

View the list below for highlights of previous releases.

December 21, 2021

ISM Endpoint Upgraded to Log4j 2.17

  • An updated Veracode Dynamic Analysis Internal Scanning Management (ISM) endpoint version is now available. Updates include an upgrade to Log4j 2.17 to address known vulnerabilities CVE-2021-44228 and CVE-2021-45046.

November 18, 2021

Introducing Veracode API Scanning

  • Veracode API Scanning is a new scan type for performing a dynamic analysis of common API specification files. You can quickly test the security of your API endpoints and get results. As an extension of the existing Veracode Dynamic Analysis, API Scanning uses the same powerful dynamic analysis scan engine to identify vulnerabilities in both public and private APIs and provide remediation guidance. The remediation guidance helps you secure your APIs before integrating them into applications.

November 10, 2021

Dynamic Analysis Scan Engine Updated

The Veracode Dynamic Analysis scan engine has been upgraded, including:

  • Fixed logic in timing-based attacks to reduce the reporting of false positives.
  • Corrected authentication failures when using browser authentication.
  • The Dynamic Analysis engine is updated to use Chromium version 95.0.4638.69.

October 7, 2021

Dynamic Analysis Pause and Resume Temporarily Disabled

  • Veracode has temporarily disabled the ability to pause or resume Dynamic Analysis scans to fix underlying architectural issues.

Dynamic Analysis Engine Updated to New Chromium Version

  • The Veracode Dynamic Analysis engine is updated to use Chromium version 94.0.4606.71.

September 23, 2021

Dynamic Analysis Engine Updated to New Chromium Version

  • The Veracode Dynamic Analysis engine is updated to use Chromium version 93.0.4577.82.

September 15, 2021

Custom HTTP Headers

  • Veracode Dynamic Analysis now supports custom HTTP headers as an authentication option when configuring a scan. You can configure one or more custom headers with specific names and values for each scan.

August 23, 2021

Dynamic Analysis Scan Engine Updated

The Veracode Dynamic Analysis scan engine has been upgraded, including:

  • Several stability improvements and crash fixes
  • Corrections for a few cases of over-reporting CSRF flaws
  • Security updates
  • Fix for missing some XSS flaws
  • Adjusted payloads for code-injection tests to reduce false negatives

March 30, 2021

Improved Coverage Report and Removed Show Password Option

Veracode Dynamic Analysis includes these changes:

  • Improved the Coverage Report to provide a summary view of both normal and attack traffic that Dynamic Analysis discovered during a scan.
  • Removed the Show password checkbox for all authentication methods from the Veracode Platform page on which you create a Dynamic Analysis. You must now re-enter your credentials after changing a Dynamic Analysis configuration.

March 16, 2021

Updated Engine and New Limit on Discovered Flaws

Veracode Dynamic Analysis includes these changes:

  • Updated the Dynamic Analysis engine to use Chromium version 88.0.4324.182.
  • Set a limit on the number of flaws that Dynamic Analysis can discover during each analysis. If an analysis discovers more than 1000 flaws, it now exits automatically. This scenario is rare and typically indicates an error.

February 23, 2021

Updated Video - Create and Run an Unauthenticated Dynamic Analysis

  • This video shows you how to create, configure, and schedule an unauthenticated Dynamic Analysis.

February 18, 2021

Dynamic Analysis REST API Scan Engine Variables

  • Veracode Dynamic Analysis has a new feature that allows you to centrally manage credentials for login scripts by using variable names and storing the values centrally via the Dynamic Analysis API. This feature enables you to update credentials without having to re-upload your login script, and gives you the ability to separate credentials from your login scripts by using variable names in the files instead of the actual values. In addition, this functionality eliminates having to access the Veracode Platform to access credentials.

January 22, 2021

Changes to Reporting of CWE-829

  • The Veracode Dynamic Analysis engine is improved to no longer map findings concerning missing or misconfigured CSP headers to CWE-829 when responses have no body.

Application Security Platform

View the list below for highlights of previous releases.

December 9, 2021

OWASP Top 10 2021

  • The Auto-Update OWASP requirement available for application security policies now reflects the 2021 version of the OWASP Top 10.

November 5, 2021

New Veracode Documentation URL

Deprecation of Veracode Documentation PDFs

  • Veracode has deprecated the PDF files of publications available on the Veracode Documentation website. By December 2021, you will no longer be able to download these PDFs, but you can create custom PDFs using the print feature in your browser. To create a custom PDF, click Print (printer icon) in a publication title bar or to the right of a topic title, select the topics to include or exclude, then click Print.

September 28, 2021

API Rate Limit Enforcement

  • Veracode is now enforcing API rate limiting to ensure optimal performance and availability of Veracode services.

September 15, 2021

Updated Subprocessor List

  • Veracode has updated the list of subprocessors used to process customer personal information.

August 31, 2021

2021 CWE Top 25 Support

  • The Auto-Update CWE Top 25 policy rule in Veracode security policies now reflects the 2021 CWE Top 25 standard. In a future release, Veracode will add the option to specifically select the 2021 CWE Top 25 standard in policy rules.

CWE 4.5 Support

  • Veracode CWE support now reflects the changes MITRE introduced in version 4.5 of the CWE list.

August 12, 2021

Updated Video - Create a Policy in the Veracode Platform

  • This video shows you how to create a custom policy in the Veracode Platform.

July 20, 2021

Improved Veracode Onboarding Experience

  • Veracode has improved the onboarding experience to help developers and application security managers get started with Veracode. In the Veracode Platform, select Resource Center > Getting Started to open the new Getting Started with Veracode guidance, which provides a walk-through of Veracode products and training offerings.

July 8, 2021

Updated Video - Create a New Application Profile in the Veracode Platform

  • This video shows you how to create a new application profile in the Veracode Platform.

June 29, 2021

Improved Veracode Platform Homepage

  • The homepage in the Veracode Platform is updated to make it easier to perform several common functions, such as generating API credentials.

May 25, 2021

Automatically Update to Latest Version of Security Standards in Policy Rules

  • You can set rules in your application security policies that automatically update to use the most recent version of the supported security standards. With this update, you can require applications to comply with the latest version of security standards, such as OWASP Top 10 or CERT, as soon as Veracode supports them.

2020 CWE Top 25 Standard Available in Policy Rules

  • Veracode now supports using the 2020 version of the CWE Top 25 standard as a requirement in application security policies.

PCI Standard Includes 2020 CWE Top 25 Most Dangerous Software Weaknesses

  • A new version of the PCI security standard, which includes the 2020 CWE Top 25 most dangerous software weaknesses, is now available as a requirement in application security policies.

PCI Report Now Evaluated Against the Auto-Update PCI Standard

  • The PCI report available from the Veracode Platform is now evaluated against the Auto-Update version of the PCI security standard. This update ensures that the report always uses the latest version of the PCI standard.

April 8, 2021

Access the Veracode Community from the Veracode Platform

  • You can now access the Veracode Community directly from the Veracode Platform without logging in to a separate Community account. The Veracode Community provides best practice documentation, new feature previews, and a forum for asking questions about how to most effectively use Veracode products and services.

April 7, 2021

Evaluation Timeframe for Security Policies

You can now include evaluation timeframes in Veracode application security policies to define when findings can impact policy compliance. In your policies, you can:

  • Disallow findings opened after a specific date to ignore technical debt.
  • Disallow findings opened before a specific date to ignore new findings that are out of scope for an audit requirement.

April 6, 2021

End of Browser Support for Legacy Versions of Safari and Android

Veracode no longer supports these legacy versions of Safari and Android because of their use of weak ciphers (TLS 1.2):

  • Safari 6 on iOS 6.0.1

  • Safari 7 on iOS 7.1

  • Safari 8 on iOS 8.4

  • Safari 7 on OS X 10.9

  • Safari 8 on OS X 10.10

  • Android 5.0.0

  • Android 6.0

You cannot access analysiscenter.veracode.com using these browsers.

Administrators Cannot Assign Applications to Teams

  • Administrators in the Veracode Platform can no longer assign applications to teams unless they have another role that grants them permission to edit application profiles. Veracode removed this rarely used functionality to provide a more consistent experience for users.

Allow Access to New URL for Penetration Testing Services

  • Veracode has introduced a new URL for a future feature that will support better reporting of our penetration testing services. If you restrict access to public internet sites for your organization, add pt.analysiscenter.veracode.com to your allowlist.

March 31, 2021

Changes to Email Addresses Require Verification

  • If you update the email address in your Veracode Platform user account, Veracode sends you an email to confirm the new address. You must confirm the email address to complete the update.

March 26, 2021

New Analytics Dimension for Findings and Scans

  • Veracode Analytics provides you with the ability to filter findings and scans based on their archive status. You can use these filters to easily find findings and scans that Veracode deleted as part of the sandbox scan retention process.

March 22, 2021

Improved User Management in The Veracode Platform

  • Veracode has improved the usability of the user management options in the Veracode Platform. Administrators and Team Admins can now search for users by name, email address, username, or API ID.

March 9, 2021

Veracode Analytics Updates to the SCA Findings Dashboard

  • Veracode has updated the SCA Findings dashboard to improve the visualization of data and provide more information on how fixing code libraries impacts findings.

February 9, 2021

New Static Analysis Findings Information in Veracode Analytics

  • Veracode Analytics now provides more details about findings that relate to your Static Analysis scans, including the function name, class path, and most recent line number in which Veracode discovers the findings. This data enables you to recreate a similar view as the Triage Flaw view in the Veracode Platform, but across multiple application profiles.

February 8, 2021

New Security Program Overview Dashboard in Veracode Analytics

  • Veracode Analytics provides a new dashboard that contains data to help you track and understand how your AppSec program is trending, based on your target goals. With this dashboard, you can see current and historical trends for policy compliance, as well as better understand policy compliance behavior. New information available to you includes details such as how an application is meeting compliance over time.

January 26, 2021

Improved User Interface for Managing Applications

  • Veracode has updated the user interface in the Veracode Platform for creating, viewing, updating, and deleting applications to improve usability.

January 19, 2021

Improved Email Notifications for Expiring API Credentials

  • Veracode sends an email notification when your Veracode API credentials are about to expire. The email now displays your API username for quickly identifying the account for which you need to generate new credentials.

Software Composition Analysis

View the list below for highlights of previous releases.

November 12, 2021

SCA Component License Rules in Policies

You can now apply these configurations to the component license rules in your application security polices:

  • Allow or disallow non-OSS licenses
  • Specify how to classify components with multiple licenses
  • Add a blocklist or allowlist of specific licenses

If an application does not pass the component license rule, the Veracode Platform displays the requirement that caused the component to violate policy.

October 28, 2021

Agent-Based Scan Project Table Displays Multiple Languages

  • The Project List table on the Agent-Based Scan page of the Veracode Platform now indicates if projects use multiple programming languages or operating systems. The Language/OS column displays the full list of languages and operating systems in use in the project repository.

October 7, 2021

Extended Support for Maven Libraries

  • Veracode Software Composition Analysis (SCA) has improved the Veracode Vulnerability Database to include library support for Google Maven, Spring Maven, and Cloudera Maven.

September 23, 2021

New API Endpoint for Listing Libraries by Project

  • The Veracode SCA Agent REST API includes a new endpoint for querying libraries by the project ID. This endpoint enables you to view libraries in a specific project in an agent-based scan workspace.

September 22, 2021

Decimal Values for CVSS Scores in Policy Rules

  • Veracode security policies now support using values that include decimals when specifying the allowable CVSS score for vulnerabilities in Veracode Software Composition Analysis (SCA) scans. For example, you can set policies to not allow vulnerabilities with a CVSS score of 6.1 or above.

July 15, 2021

My Workspace

  • My Workspace provides developers a personal testing space for up to three agent-based scan projects without requiring administrative setup or permission configuration. If you currently use Software Composition Analysis (SCA) upload and scan, Veracode recommends using My Workspace to explore the additional features available with agent-based scanning, such as dependency mapping, vulnerable methods, and automated pull requests.

  • My Workspace is available for all Veracode SCA users.

June 21, 2021

New Grace Periods for SCA Policy Rules

  • Veracode supports configuring new grace periods in policy rules for Veracode Software Composition Analysis (SCA) scans. The new grace periods are independent of the grace periods you can configure for Veracode Static Analysis and Dynamic Analysis. You can use this feature to manage the different compliance needs of first-party code and open-source libraries in your security program within the same security policy.

April 6, 2021

License Risk Mitigations

  • License risk mitigations are now available for Veracode Software Composition Analysis (SCA) upload scans. You can use a new set of mitigation actions relevant to licenses to mitigate license risk findings based on your assessment of the license in use.

Improved Visibility into SCA Upload Scans

  • You can now view the status of initialized, in progress, and failed Software Composition Analysis upload scans in the Veracode Platform. If a scan fails, you can restart the SCA scan without restarting the associated Static Analysis.

March 26, 2021

Unified Documentation for Veracode SCA

  • All Help Center documentation for Veracode Software Composition Analysis (SCA), including agent-based scanning and static upload scanning, now appears in a single Veracode Software Composition Analysis section. Additionally, new content is available with information about getting started with Veracode SCA.

  • If you bookmarked any URLs for Veracode SCA Help Center content, this update may impact them.

Jan 21, 2021

New API Endpoint for Listing Issues by Project

  • The Veracode SCA Agent REST API includes a new endpoint for querying issues by the project ID. This endpoint enables you to view issues specific to a project in an agent-based scan workspace. If the project is a container, the API also lists all issues linked to projects inside the container.

Veracode Integrations

View the list below for highlights of previous releases.

December 10, 2021

Veracode Integration for CA Agile Central/Rally Now End-of-Life

  • The Veracode Integration for CA Agile Central/Rally is now end-of-life and no longer supported. The plugin and documentation are no longer available. To avoid potential security vulnerabilities, Veracode strongly recommends that you uninstall this integration. To integrate with other ticketing systems, visit the Veracode Integrations Hub.

November 22, 2021

Java API Wrapper Now Retries Requests

  • Veracode Java API Wrapper version 21.11.9.0 updates the maxretrycount parameter to now retry requests that fail due to certain error conditions. Previously, this parameter polled for failed build status and only applied to the uploadandscan action.

October 18, 2021

Veracode Greenlight for IntelliJ Supports Additional IntelliJ IDEA Versions

  • Veracode Greenlight for IntelliJ version 1.7.0 adds support for IntelliJ IDEA 2019.3–2021.2.3. If you are using IntelliJ IDEA 2020 or later, you must install JavaFX Runtime for Plugins.

October 8, 2021

Improved Veracode Greenlight for IntelliJ

  • Veracode Greenlight for IntelliJ version 1.6.0 adds support for IntelliJ IDEA 2019.3–2021.1.3. If you are using IntelliJ IDEA 2020 or later, you must install JavaFX Runtime for Plugins.

July 8, 2021

New Video - Use the Jenkins Credentials Binding Plugin to Protect Your Veracode Credentials

This video shows you how to:

  • Use the Jenkins Credentials Binding plugin to bind your Veracode API credentials to environment variables
  • Generate a script containing the bound environment variables
  • Add this script to your Jenkins pipeline script

June 23, 2021

Veracode Integration for Jira Supports the Jira Select List Field Type for Multiple Choices

  • The Veracode Integration for Jira version 3.30.0 adds support for the Select List (multiple choices) field type. You can use this field type to map data from Veracode custom fields or a Veracode Detailed XML report to standard or custom fields in Jira Server issues.

May 18, 2021

Veracode Integration for Jira Cloud Supports the Select List Field Types

  • The Veracode Integration for Jira Cloud version 3.7.0 adds support for the Select List (single choice) and Select List (multiple choices) field types. You can use these field types to map data from Veracode custom fields or a Veracode Detailed XML report to standard or custom fields in Jira Cloud issues.

April 30, 2021

Veracode Azure DevOps Extension Has Renamed YAML Property and Improved Logging

Veracode Azure DevOps Extension version 3.5.0 includes these changes:

  • For YAML pipelines with the Flaw Importer task, Veracode renamed the optargs property to proxySettings. This new name more accurately identifies the valid values for this property. Ensure you update your pipelines with this new property name.
  • Added logs, with error messages, for invalid or missing values. The errors apply to both standard and YAML pipelines.

April 22, 2021

Java API Wrapper Adds Parameter for Deleting Incomplete Scans Automatically

Veracode Java API Wrapper version v21.2.7.5 includes these changes:

  • New deleteincompletescan parameter for automatically deleting scans that did not complete due to one or more errors.
  • Additional debug logs for troubleshooting upload and scan issues.

April 20, 2021

Veracode Integration for Jira Supports the Select List Field for a Single Choice

  • The Veracode Integration for Jira version 3.29.0 adds support for the Select List (single choice) field type. You can use this field type to map data from Veracode custom fields or a Veracode Detailed XML report to standard or custom fields in Jira issues.

March 24, 2021

Veracode Greenlight for VS Code Now Requires the JRE

  • Veracode Greenlight for VS Code version 1.4.0 introduces a change that requires you to install a current version of the Java Runtime Environment (JRE) and set your Java PATH.

March 19, 2021

New Video - Create and Manage API Service Accounts with the Identity API]

This video shows you how to:

  • Create an API service account
  • Create teams
  • Assign user roles and teams to API service accounts
  • Update an API service account

February 23, 2021

Updated Video - Working with Scan Results Using Veracode Static for Visual Studio

  • This video shows you how to download, import, and view Veracode scan results using Veracode Static for Visual Studio. You can also learn how to mitigate findings discovered during the scan in Visual Studio.

Veracode Jenkins Plugin No Longer Encrypts Non-Sensitive Data for Build Jobs

  • Starting with Veracode Jenkins Plugin version 21.2.12.0, the plugin no longer encrypts non-sensitive data stored in the config.xml file for a build job. This change enables you to import jobs between Jenkins instances.

February 5, 2021

Updated Veracode Azure DevOps Extension

Veracode Azure DevOps Extension version 3.4.0 includes these updates:

  • Use YAML to add Veracode analysis to build pipelines.
  • Use YAML to import findings as work items into Azure DevOps.
  • Include mitigation and annotation comments when importing new findings as work items.
  • Set a timeout to fail a build if Veracode analysis does not complete within a specified time.

Developer Training

View the list below for highlights of previous releases.

April 28, 2021

New Video - Access and Navigate the Veracode Security Labs Interface

This video shows you how to:

  • Access and navigate the lab interface
  • Access and interact with the web application, when applicable
  • Communicate with teammates who have completed the lab
  • Save lab progress or restart the lab

New Video - View and Filter Labs in Veracode Security Labs

This video shows you how to:

  • View new, required, and in progress labs
  • Filter labs by programming language

New Video - Edit and Assign Security Labs Roles to Users

  • This video shows you how to edit roles, assign roles to users, and create managers for those roles in Veracode Security Labs.

New Video - Create a Campaign and Assign Content to Roles in Security Labs

  • This video shows you how to create a new campaign and assign content to roles in Veracode Security Labs.

New Video - Customize Lab Content in Veracode Security Labs

Watch this video to learn how to:

  • Customize lab content by modifying or writing your own conclusion
  • Write your own labs using Security Labs as a sandbox
  • Create an example application using your own code

New Video - Add and View Due Dates for Assignments in Veracode Security Labs

Watch this video to learn how to:

  • Add and view a due date for an assignment
  • Enable competition mode as an administrator

New Video - View and Report on User Progress in the Veracode Security Labs Reporting Page

  • This video shows you how to report on user progress in Veracode Security Labs and the API.

April 27, 2021

Automated User Progress Notifications

You can configure automated email notifications to accomplish these tasks for Veracode Security Labs:

  • Inform managers of their team progress in a campaign or assignment
  • Remind users when they have required labs that are incomplete

You can define the schedule and customize the message for each notification type.

April 2, 2021

New Video - Create Users Within Veracode Security Labs or by Using Your Company SSO

  • This video shows you how to create users from within the Security Labs interface.

March 4, 2021

Enable Team-Based Competition in Security Labs

  • You can create Veracode Security Labs campaigns that allows users to collaborate and compete between groups. If you enable competition mode and assign different roles to users, the leader board for the campaign adds the scores by role and displays the collective team totals.

Continuous Learning Paths in Security Labs

  • You can assign Security Labs users to continuous campaigns that automatically provide the next assignment after the user completes the required labs of the previous assignment.

Allow Step Omissions in Security Labs

  • You can configure Security Labs to allow users to skip steps in a lab that they cannot complete. Users do not receive points for skipped steps.

  • This feature only applies to Java OWASP labs.