Integrations updates
The updates on this page apply to the Veracode integrations and APIs. Updates that apply to specific Veracode regions show a region icon. Veracode Greenlight is not supported in the European region.
For updates specific to Veracode Fix, such as language and CWE support, see Fix updates. For updates specific to the SCA integrations, see SCA updates.
December 18, 2024
Veracode Scan for VS Code v1.13.1
This update includes the following improvements:
- Adds auto SCA scanning. Turn on this option to automatically scan all open-source libraries when you open a project or when the libraries change.
- After you run an SCA scan, the extension now highlights vulnerable libraries in the package manager file for projects that use Maven, npm, or Yarn.
December 13, 2024
Veracode TeamCity Plugin v2.8.0
This update includes the following improvements:
- Added the Optional Argument field. You can now enter optional parameters for Optional Argument in the Upload and Scan task.
- Minor security improvements.
December 12, 2024
Veracode Workflow App v0.2.15 for GitHub
This update includes the following improvements:
- Fixes Pipeline Scan errors caused by an application profile override or an invalid profile.
- Fixes issues due to the workflow app including helper files as build artifacts.
Veracode Scan for VS Code v1.12.0
This update adds an option to skip vulnerable method analysis during SCA scans. When turned on, this option can reduce SCA scan times, but the scans will not detect vulnerable methods in open source libraries.
December 10, 2024
Veracode Scan for Visual Studio v0.4.0
This update adds proxy support. You can now sign in to Veracode through a proxy server.
November 28, 2024
Azure DevOps Workflow Integration v1.3.0
This update makes Azure DevOps Workflow Integration available in the European Region.
November 26, 2024
Veracode Fix Action for GitHub v1.0.1
This update includes the following improvements:
- Additional CWE support for single fix and batch fix.
- Removed restriction of using
app
as the root folder name in the user codebase.
November 25, 2024
Veracode Scan for VS Code v1.11.7
This update improves the suggested fixes from Veracode Fix.
November 20, 2024
Veracode Scan for Eclipse v1.3.0
This update adds proxy support. You can now sign in to Veracode through a proxy server.
November 18, 2024
Veracode Scan for Visual Studio v0.3.2
This update includes minor performance improvements.
November 14, 2024
Veracode Scan for VS Code v1.11.6
This update includes the following improvements:
- The auto-packager has improved support for Go.
- Improved suggested fixes from Veracode Fix.
November 13, 2024
Veracode Azure DevOps Extension v3.29.0
This update includes minor security improvements.
October 25, 2024
Veracode Scan for JetBrains v1.4.3
This update includes minor usability improvements.
Veracode Scan for Visual Studio v0.3.1
This update includes minor performance improvements.
Veracode Scan for VS Code v1.11.5
This update includes minor performance improvements.
October 24, 2024
Veracode Scan for Eclipse v1.2.1
This update includes usability improvements.
October 15, 2024
Veracode Scan for Visual Studio v0.3.0
This update adds Software Composition Analysis (SCA) scans to Veracode Scan for Visual Studio. You can now find and fix vulnerabilities in open-source libraries, and review the risk level of the library licenses in your projects.
Veracode Integration for Jira Server v4.10.1
This update fixes an issue where non-admin users are not able to select the Veracode link in tickets on Jira 9.12 or later.
Veracode Integration for Jira Server v4.10.0
This update fixes an issue where non-admin users are not able to select the Veracode link in tickets on Jira 9.12 or earlier.
October 10, 2024
Veracode Fix Action for Github 1.0.0
This update adds Veracode Fix as a GitHub Action. You can use this GitHub Action to review and apply suggested code fixes to flaws in your GitHub project before merging your commits to the main branch.
October 08, 2024
Java API wrapper 24.10.15.0
This update adds the repourl
parameter. This parameter updates the Git repo URL for the associated application profile.
September 30, 2024
Veracode Scan for Eclipse 1.2.0
This update adds Veracode Software Composition Analysis (SCA) scanning to Veracode Scan for Eclipse.
September 26, 2024
Veracode Scan for Eclipse v1.1.0
This update adds Veracode Fix to Veracode Scan for Eclipse. To fix flaws in seconds from within your IDE, you can now apply AI-generated fixes directly to flaws. The plugin name has changed from Veracode SAST for Eclipse IDE to Veracode Scan for Eclipse.
Veracode Scan for Visual Studio v0.2.0
This update adds Veracode Fix to Veracode Scan for Visual Studio. To fix flaws in seconds from within your IDE, you can now apply AI-generated fixes directly to flaws.
September 24, 2024
Introducing Veracode Scan for Visual Studio v0.1.0
Veracode Scan for Visual Studio is an extension that integrates Static Application Security Testing (SAST) with Visual Studio 2019 and 2022. From within your IDE you can:
- Use auto-packaging to have the plugin automatically package your code into a supported artifact for Static Analysis. Or, provide an artifact you packaged manually.
- Scan your projects to find security flaws in your code.
- Use the detailed scan results to learn about the flaws, prioritize which flaws to resolve first, and use the provided remediation guidance to fix the flaws.
September 17, 2024
Veracode Integration for Azure DevOps v3.28.0
This update includes minor security improvements.
September 16, 2024
Veracode Integration for Jira Cloud v4.17.0
This update includes minor performance improvements.
September 12, 2024
Veracode Workflow App 0.2.13 for GitHub
This update adds new user configurations to auto-packaging that allow you to use your own runner, image, and dependencies for building your projects. The new configurations include:
actions:ruby:version
: Ruby version required in the project.actions:ruby:bundle
: specific bundler required for the gem installation in a Ruby project.actions:{scan type}:build:runs_on
: runner for building your project.actions:{scan type}:build:packager_image
: a public docker image to use for building your project.actions:{scan type}:build:predependency_command
: any additional commands required by the project.
For more details, see the complete list of veracode.yml
configurations.
To update your app to reflect these changes, you must import the app repository.
View GitHub workflow data in the Veracode Platform
You can now connect your GitHub organizations to your Veracode account in the Veracode Platform. This feature allows you to review GitHub workflow status and scan activity for all GitHub organizations in which you have installed the Veracode Workflow App.
This feature is not required and does not impact the existing functionality of the Veracode Workflow App.
September 9, 2024
Introducing Veracode SAST for Eclipse IDE v1.0.0
Veracode SAST for Eclipse IDE is a plugin that integrates Static Application Security Testing (SAST) with the Eclipse IDE. From within your IDE you can:
- Use auto-packaging to have the plugin automatically package your code into a supported artifact for Static Analysis. Or, provide an artifact you packaged manually.
- Scan your projects to find security flaws in your code.
- Use the detailed scan results to learn about the flaws, prioritize which flaws to resolve first, and use the provided remediation guidance to fix the flaws.
September 6, 2024
Azure DevOps Workflow Integration
Veracode has released the Azure DevOps Workflow Integration that allows you to scan your Azure Devops repositories with Static Analysis and Software Composition Analysis (SCA). The integration uses template workflows in a centralized location that you can apply to all repositories across your organization.
The functionality of the integration includes:
- Automated scans of up to thousands of repositories from one location
- Static, SCA, and infrastructure as code (IaC) scans start on developer activity from a single workflow
- Automated scanning does not require developers to configure workflows for individual repositories
- Auto-packaging support for Java, .NET, JavaScript, Python, Go, Kotlin, and React Native repositories.
To get access to the integration, contact your Veracode customer success manager.
For information on installing and scanning with the integration, view the Veracode documentation.
September 3, 2024
Veracode Integration for Jira Server 4.9.1
This update adds security improvements.
August 29, 2024
Veracode Scan for VS Code 1.11.2
This update improves Veracode Fix to only provide suggested fixes for flaws with supported CWE IDs.
August 28, 2024
Veracode Scan for VS Code 1.11.1
This update improves the data path step links on the Remediation Guidance tab.
August 16, 2024
Veracode Scan for JetBrains 1.3.1
This update includes the following improvements:
- Veracode Fix only provides suggested fixes for flaws with supported CWE IDs.
- To use auto-packaging in Rider on macOS, you no longer need to open the IDE from a command prompt.
July 31, 2024
Veracode Integration for Jira Server 4.8.1
This update adds support for Jira Server and Jira Data Center v9.17.1.
Veracode Scan for VS Code 1.11.0
This update improves the integrated auto-packager.
July 24, 2024
Veracode Scan for VS Code 1.10.0
This update includes the following improvements:
- You can now cancel scans.
- Improved the recommended fixes for vulnerabilities in your libraries.
July 23, 2024
Veracode Workflow App 0.2.7 for GitHub
This update adds auto-packaging support for JavaScript, Python, Go, Scala, Kotlin, React Native, and Android repositories.
To update your app to reflect these changes, you must import the app repository.
July 18, 2024
Veracode Scan for JetBrains 1.2.0
This update includes the following improvements:
- You can now sign in to Veracode through a proxy server.
- All debug logs are now under the
.veracode
folder. - The Scan Project button is now turned on after you install and set up the extension.
- Vulnerable libraries are now sorted by usage.
- Panels are now cleared after you start a new scan.
- Minor performance improvements.
July 10, 2024
Java API Wrapper 24.7.14.0
This update adds the failbuild
parameter. You use this parameter to fail the build if any artifacts of your packaged applications fail to upload.
July 9, 2024
Veracode Integration for Jira Cloud 4.15.0
This update includes the following improvements:
- The Monitoring and Troubleshooting page now successfully displays remarks if an import fails.
- Projects with more than 50 components now import successfully.
June 28, 2024
Veracode Workflow App 0.2.3 for GitHub
This update includes the following improvements:
- Auto-packager support for .NET repositories.
- The names of GitHub check runs for Veracode Static Analysis now indicate whether they are pipeline scans or policy scans.
- The GitHub check run summary pages now display the Veracode Platform URL. You can review results regardless of the check run status. Previously, the URL only appeared after the check run succeeded.
If you have not previously granted the app permissions to your GitHub repository, you might receive a notification requesting those permissions when you update your app.
To update your app to reflect these changes, you must import the app repository.
June 24, 2024
Veracode Scan for JetBrains 1.1.0
This update includes the following improvements:
- Adds Veracode Fix to Veracode Scan for JetBrains. To fix flaws in seconds from within your IDE, you can now apply AI-generated fixes directly to flaws.
- Adds support for the JetBrains Rider IDE.
June 6, 2024
Veracode Workflow App 0.2.2 for GitHub
This update includes the following improvements:
- Upgraded GitHub Actions artifacts to version 4.
- Auto-packaging of Java repositories that do not contain build files in the root directory.
- Improved memory handling.
To update your app to reflect these changes, you must import the app repository.
Veracode for JetBrains 1.0.0
This update includes the following improvements:
- You can now run Static Analysis (SAST) scans to find flaws in your source code. Before scanning, the plugin auto-packages your code according to Veracode packaging requirements.
- Use the filtering options to focus on the static findings that are most important to your organization.
- Use the provided remediation guidance to fix static findings or use the ignore option to ignore findings you won't fix.
May 30, 2024
Veracode Scan for VS Code 1.9.2
This update includes the following improvements:
- The proxy support option is now generally available.
- The timeout limit for Static Analysis scans has increased to 60 minutes.
Veracode Azure DevOps Extension 3.27.2
This update adds support for Node 10 and Node 16.
May 21, 2024
Veracode Scan for VS Code 1.9.1 - Pre-release
This update improves the proxy support option. Before you install this update, on the Visual Studio Code Marketplace, select Switch to Pre-Release Version.
May 16, 2024
Veracode Integration for Jira Cloud 4.14.0
The Monitoring and Troubleshooting page now successfully displays imports from One Time Import and Selective Import.
May 10, 2024
Veracode Scan for VS Code 1.9.0 - Pre-release
This update is a pre-release that supports signing in to Veracode through a proxy server. Before you install this update, on the Visual Studio Code Marketplace, select Switch to Pre-Release Version.
May 3, 2024
Veracode SCA Scan for JetBrains 0.8.1
The debug option now successfully saves all logs.
May 2, 2024
Veracode Static for Eclipse 3.9.0
This update includes minor performance improvements.
April 18, 2024
Veracode Scan for VS Code 1.8.1
This update includes the following improvements:
- The timeout limit for Static Analysis scans has increased to 10 minutes.
- Fixed findings no longer appear on the PROBLEMS tab in VS Code.
April 17, 2024
Veracode Static for Visual Studio 2019 and 2022 v1.12.0
This update includes the following improvements:
- After you import an XML file of your results into Visual Studio, the View Policy Results pane now shows the correct data paths.
- If you use both the Greenlight extension and the Static Analysis extension in your IDE, you no longer experience conflicts between these extensions.
April 11, 2024
Veracode SCA Scan for JetBrains 0.8.0
This update includes a refreshed user experience.
April 10, 2024
Veracode Workflow App 0.2.0 for GitHub
This update includes the following improvements:
- For policy and pipeline scans:
- To turn on policy or pipeline scans, you must now add the
analysis_on_platform true
flag. By default, this feature is turned off. - By default, the
analysis_branch
flag is now set to your default branch automatically. You can set this flag to a different branch. - When you open a pull request (PR) against a branch you are scanning, the integration creates a sandbox scan from the source branch. You can view the scan results under the branch name in the Veracode Platform. When you merge the PR, the integration removes the sandbox scan, and then starts a new policy scan in the target branch. You can view the scan results under the repo name in the Veracode Platform.
- Mitigated findings from a pipeline scan no longer appear in the list of findings.
- To turn on policy or pipeline scans, you must now add the
- For GitHub Issues:
- New
issues
flag to enter a command that runs on-demand scans on a repo issue. - New
create_issue
flag that creates GitHub Issues from Static Analysis findings. - New
create_code_scanning_alerts
flag that creates code scanning alerts from Static Analysis findings. The alerts appear on the GitHub Security page.
- New
- For configuration options:
- You can now configure an allowlist with in the central
repo_list.yml
file. - You can now override most global configurations by adding custom configurations to a
veracode.yml
file at the root of your source repo. - New
use_custom_workflow
flag that can use a workflow from the source repo to build the project or artifact you can upload for scanning.
- You can now configure an allowlist with in the central
- For error handling:
- New error messages that display as annotations if API credentials are invalid.
- New error message when the integration is not able to find a policy name.
- The integration now auto-packages Java projects for more reliable builds and more accurate scan results.
Java API Wrapper 24.4.13.0
This update includes the following improvements:
- Adds support for the
publishedscansonly
parameter. - Minor performance improvements.
April 3, 2024
Veracode Scan for VS Code 1.8.0
This update includes the following improvements:
- Adds Veracode Fix support for Kotlin and Scala.
- The Flaw Details tab now renders correctly for .NET projects.
- Minor improvements to packaging support.
April 1, 2024
Veracode Integration for Jira Server 4.7.0
You no longer see a NullPointerException
error when you run a one-time import, selective import, or automated import.
March 28, 2024
Veracode Static for Visual Studio 2019 and 2022 v1.11.0
The integration now successfully verifies your Veracode API credentials.
March 25, 2024
Veracode Scan for VS Code 1.7.0
This update includes minor improvements to packaging support.
March 21, 2024
Veracode Static for Visual Studio 2019 and 2022 v1.10.0
In the Project Settings Wizard, when you select an application, the list of sandboxes now shows the sandboxes for the selected application only.
March 14, 2024
Veracode Static for IntelliJ 3.6.0
This update includes the following changes:
- The Veracode option is now visible on the main menu.
- Adds support for IntelliJ version 2023.3.4.
March 7, 2024
Veracode Scan for VS Code 1.6.0
This update includes the following improvements:
- The debug option now supports Static Analysis scans, Veracode Fix, and the auto-packager, in addition to SCA scans.
- You can now clear all findings.
- Minor performance improvements.
March 4, 2024
Veracode Integration for Jira Cloud 4.13.2
This update adds historical diagnostics data about each import to the Monitoring and Troubleshooting page.
February 29, 2024
Veracode Jenkins Plugin 24.2.23.0
This update improves security by increasing the minimum supported versions of Jenkins and Java. To install this update, you must have a minimum Jenkins version of 2.414.3 and Java 11.
February 28, 2024
Veracode SCA Scan for JetBrains 0.7.2
This update includes the following improvements:
- You can now use a debug option to troubleshoot scan errors.
- Minor performance improvements.
Veracode Greenlight for Visual Studio 2019 and 2022 v1.5.0
This update includes the following improvements:
- Scans no longer fail with this error message: “The selected file must be in a solution. Open the solution that contains this file and try again.”
- Improved error handling.
February 23, 2024
Veracode Integration for Jira Server 4.6.0
With this update, when you select links in Jira tickets that open application profiles located in the European Region or US Federal Region, the links no longer open in the Commercial instance of the Veracode Platform.
February 20, 2024
Veracode Azure DevOps Extension 3.26.0
This update includes the following improvements:
- Adds support for the
includenewmodules
parameter. - You can now add the following information as tags in work items: scan type, finding severity, due date, and CVE ID (SCA only).
- Work items now show the correct CWE ID.
- The Upload and Scan task no longer fails when you use the environment variable
JAVA_TOOL_OPTIONS
.
February 15, 2024
Veracode Scan for VS Code 1.5.0
This update adds Veracode Fix to Veracode Scan for VS Code. To fix flaws in seconds from within your IDE, you can now apply AI-generated fixes directly to flaws.
January 30, 2024
Veracode Scan for VS Code 1.4.1
This update includes the following improvements:
- Fixes a typo in the Views and More Actions menu.
- The Remediation Guidance text in the Flaw Details tab is now visible in light mode.
- Minor performance improvements.
January 29, 2024
C# API Wrapper 24.1.10.1
This update adds support for the -includenewmodules
parameter.
January 11, 2024
Veracode Scan for VS Code 1.4.0
This update adds Static Application Security Testing (SAST) to VS Code. Developers can use SAST to find and fix flaws in their code and use Software Composition Analysis (SCA) to find and fix vulnerabilities in open-source code from within the IDE.
This extension replaces Veracode SCA Scan for VS Code. Greenlight for VS Code is now deprecated and will not be supported after June 2024.
December 12, 2023
Veracode Azure DevOps Extension 3.25.0
This update includes the following improvements:
- The Flaw Import task and the Upload and Scan task now successfully fail the build when the Fail build if Upload and Scan build step fails checkbox is selected.
- Adds an option to overwrite the iteration path in work items of imported flaws during the next import.
Veracode Integration for Jira Server 4.5.0
This update adds historical diagnostics data to the Monitoring and Troubleshooting page.
October 5, 2023
Veracode Fix now supports JavaScript and TypeScript
Veracode Fix has improved language coverage to include JavaScript and TypeScript.
December 4, 2023
Veracode GitHub Workflow App
Veracode has released the Veracode Workflow App that allows you to scan your GitHub repositories with Static Analysis, Software Composition Analysis (SCA), and Container Security. The app uses template workflows in a centralized location that you can apply to all repositories across your organization.
The functionality of the app includes:
- Automated scans of up to thousands of repositories from one location
- Static, SCA, and Container Security scans start on developer activity from a single workflow
- Automated scanning does not require developers to configure workflows for individual repositories
- Broad language support
You can download the app from the GitHub marketplace. For more information, view the Veracode documentation.
December 1, 2023
Veracode Static for Visual Studio 2019 and 2022 v1.9.0
This update includes the following improvements:
- Adds support for TSRV mitigations.
- Adds support for .NET 7.
November 9, 2023
Veracode SCA Scan for VS Code 1.3.1
This update includes the following improvements:
- You can now filter out any findings that are of low importance to your organization by selecting a security policy to apply to your project. To use this feature, your account must have the Unified Policy applied.
- The Vulnerability Details window now includes a link to the related CVE.
- You can now use a debug option to troubleshoot scan errors.
- Minor interface changes.
November 1, 2023
Veracode Integration for Jira Cloud 4.12.0
This update includes the following changes:
- The Import Automation page now includes an option for you to retry downloading Detailed Reports that failed to download during import.
- If your account is in the European Region and you select a link in a Jira issue to an application profile, the link now opens the Veracode Platform in the European Region.
- User accounts in the European Region now see the correct values for various fields in imported Jira issues.
October 17, 2023
Veracode SCA Scan for JetBrains 0.7.1
This update includes minor performance improvements.
October 13, 2023
Veracode SCA Scan for VS Code 1.2.1
This update includes minor performance improvements.
October 4, 2023
Veracode Integration for Jira Server 4.4.0
This update adds support for Jira Server version 9.11.2.
September 26, 2023
Veracode Azure DevOps Extension 3.24.0
This update includes the following changes:
- End of support for Team Foundation Server (TFS).
- Builds no longer fail when the Fail build if flaw importer build step fails option is cleared and the application name contains special characters.
September 6, 2023
Veracode Greenlight for IntelliJ 1.9.0
This updates includes minor performance improvements.
August 31, 2023
Veracode Integration for Jira Server 4.3.0
This update includes the following improvements:
- The Monitoring and Troubleshooting page now shows details about the last four imports.
- The Monitoring and Troubleshooting page now includes an option for you to retry downloading Detailed Reports that failed to download during import.
August 17, 2023
Java API Wrapper 23.8.12.0
You can now send requests to the Identity REST API from within the Java API wrapper.
August 16, 2023
Veracode Azure DevOps Extension 3.23.0
This update includes the following improvements:
- You can now add an iteration path to the work item settings in the Flaw Importer task.
- Adds support for Azure DevOps version 2022 RC2.
August 10, 2023
Veracode SCA Scan for JetBrains 0.7.0
This update fixes a minor performance issue.
Veracode Integration for Jira Cloud 4.11.0
This update includes the following improvements:
- If an imported story for an open-source component with vulnerabilities changes projects, the integration now creates subtasks for SCA vulnerabilities in that story under the new project.
- To avoid failed imports, if the integration encounters errors when it searches for linked Veracode fields, it now skips issue creation for any new findings.
August 8, 2023
Veracode SCA Scan for VS Code 1.2.0
This update includes the following improvements:
- The Library Details window now shows the parent dependency for the selected transitive dependency.
- Minor performance updates.
July 28, 2023
Veracode Greenlight for IntelliJ 1.8.8
This update includes the following improvements:
- Adds support for IntelliJ version 1.8.7.
- Exception errors no longer appear during Greenlight scans at the file or folder level.
July 27, 2023
Veracode SCA Scan for JetBrains 0.6.1
Veracode SCA Scan for JetBrains version 0.6.1 adds support for IntelliJ IDEA version 2023.2.
July 21, 2023
Introducing Veracode SCA Scan for JetBrains
Veracode SCA Scan for JetBrains version 0.6.0 is a new extension that integrates Software Composition Analysis (SCA) into the IntelliJ IDEA and PyCharm IDEs. Developers can scan their code to detect security risks in open-source libraries, library dependencies, and licenses. The detailed scan results help developers learn about vulnerabilities, prioritize security fixes, and remediate security issues from within their IDE.
July 20, 2023
Veracode SCA Scan for VS Code 1.1.0
This update includes the following improvements:
- You can now select a project to scan when you have multiple projects in VS Code.
- The SCAN OVERVIEW view now shows the name of the project you scanned.
- In the extension settings, you can now enable or disable recursive scanning.
- If your API credentials or the local SCA agent are invalid, the SETUP view now opens after you select Start Scanning or Rescan.
- Spaces in the
USER_HOME
directory no longer result in an error.
July 14, 2023
Veracode Integration for Jira Server 4.2.0
This update fixes an issue where IssueCreatorImpl
errors on the Monitoring and Troubleshooting page caused unexpected failures.
Veracode Jenkins Plugin 23.7.22.0
This update includes the following improvements:
- Improves the usability of the option Show Unstable Status for Failed Policy Evaluation.
- Builds that failed after you upgraded to version 23.5.21.0 now complete successfully.
- Adds support for Jenkins version 2.412.
July 6, 2023
Veracode Static for Visual Studio 2019 and 2022 v1.8.0
This update includes the following improvements:
- In the Static Findings window, when you double-click a finding, or right-click a finding and select Go to Line, the selected finding now remains selected.
- After you add a new application to a project and scan it, the extension now adds the details about the new application to the file
veracode-project-user.json
.
Veracode Integration for Jira Server 4.1.0
This update includes the following improvements:
- The Import Automation now provides an option that attempts to import any flaws that failed to import. If an import fails, the Import Automation no longer uses the last import date of the failed import.
- The Troubleshooting page now provides a diagnostic dashboard that shows details about the latest import, including information about any errors.
June 26, 2023
Veracode Greenlight for Visual Studio 2019 and 2022 v1.4.0
This update improves error handling.
June 15, 2023
Veracode Greenlight for VS Code Adds Support for .NET 7
See Veracode Greenlight for VS Code.
June 13, 2023
C# API Wrapper 23.5.8.8
You can now provide a proxy host, port, and its credentials in an environment variable. The environment variable name must be https_proxy
.
June 5, 2023
Veracode Azure DevOps Extension 3.22.0
This update includes the following changes:
- The Upload and Scan task now supports the optional parameter
scanpollinginterval
. - You can now configure the Flaw Import task to only import findings from Static Analysis and SCA.
- Minor security improvements.
Veracode SCA Scan for VS Code 1.0.0
This update adds security improvements.
June 1, 2023
Veracode Jenkins Plugin 23.5.21.0
This update includes the following changes:
- Adds a Show Unstable Status for Failed Policy Evaluation option. Select this option to show the job status as
Unstable
if the scan succeeds but fails the security policy. - Minor security improvements.
May 22, 2023
Veracode Integration for Jira Cloud 4.10.0
This update includes the following changes:
- Findings you import with the Import Automation feature now show the date of the last successful import, instead of the last import.
- When you configure a Selective Import and select the left/right arrows to switch between pages, the selected flaws are no longer cleared.
- Minor security fixes.
May 4, 2023
Veracode Azure DevOps Extension 3.21.0
This update includes the following changes:
- Adds support for the
lifecyclestage
parameter as an optional argument in the Upload and Scan task. This parameter is not supported in YAML. - The scan polling interval for the Upload and Scan task is no longer twice the expected default value of 120 seconds.
April 27, 2023
Veracode SCA Scan for VS Code 0.8.0
This update includes the following improvements:
- You can now filter the VULNERABILITIES view based on direct or transitive libraries.
- The Rescan button is now located at the top of the SCAN OVERVIEW view.
- The SCAN OVERVIEW view is no longer empty when the scan does not find vulnerabilities.
- In the Library Details window, the Last published field now shows the months and days since the vendor last published the library or it shows Unknown.
April 19, 2023
Veracode Jenkins Plugin 23.4.20.0
This version includes the following updates:
- Adds Dynamic Analysis scan statuses
STOPPED_VERIFYING_PARTIAL_RESULTS
andSTOPPED_PARTIAL_RESULTS_AVAILABLE
. - Fixes an issue where the scan poll interval for upload and scan was twice the expected default value of 120 seconds.
April 13, 2023
Veracode Integration for Jira Cloud 4.9.0
The integration now imports findings from scanned applications with COTS (commercial off-the-shelf) enabled.
April 5, 2023
Java API Wrapper 23.4.11.2
This update includes the following changes:
- Adds Dynamic Analysis scan statuses
STOPPED_VERIFYING_PARTIAL_RESULTS
andSTOPPED_PARTIAL_RESULTS_AVAILABLE
. - The logs for
scanpollinginterval
are now consistent with any imposed time delays during polling. - Adds support for the
-includenewmodules
parameter.
March 31, 2023
Veracode Static for Eclipse 3.8.0
This update adds support for Eclipse IDE version 2023-03.
March 30, 2023
Veracode Integration for Jira Cloud 4.8.0
This version includes the following changes:
- Adds additional logs for troubleshooting.
- To ensure your imported flaws are current, the integration re-imports them after you fix any configuration issues.
- On the Selective Import page, the Flaws Per Page and Next Page options no longer show an error message.
March 27, 2023
Veracode Jenkins Plugin 23.3.19.0
This version includes the following changes:
- Addresses the low severity information disclosure issues detailed in CVE-2023-25721 and CVE-2023-25722. For more information, go to the Veracode Community.
- Correctly escapes the
-ppassword
parameter for a proxy password.
Veracode Azure DevOps Extension 3.20.0
This version addresses the low severity information disclosure issue detailed in CVE-2023-25722. For more information, go to the Veracode Community.
March 20, 2023
Veracode SCA Scan for VS Code 0.7.0
This update includes the following improvements:
- The extension now includes an SCA Agent. After you install the extension, you can install the SCA Agent from within the IDE and start scanning.
- You can point to a vulnerability in the VULNERABILITIES view to see whether it passes the built-in policy.
- The Vulnerability Details window now shows the policy for the selected vulnerability.
- To indicate which vulnerabilities have passed the built-in policy, the VULNERABILITIES view now groups them by Did Not Pass Policy and Passed Policy.
March 8, 2023
Java API Wrapper 23.3.11.0
This version includes the following changes:
- You can now provide a proxy host, port, and its credentials in an environment variable. The environment variable name must be
https_proxy
. - Displays error messages for code 429 if you exceed the request limit.
March 2, 2023
Veracode Azure DevOps Extension 3.19.0
This update adds support for both of the following YAML property values:
ConnectionDetailsSelection='Endpoint'
ConnectionDetailsSelection='Service Connection'
March 1, 2023
Veracode Azure DevOps Extension 3.18.0
This update includes the following changes:
- Changes the YAML property value
ConnectionDetailsSelection='Endpoint'
toConnectionDetailsSelection='Service Connection'
. When you upgrade to this new extension, you must update your YAML with the new value name. - Static Analysis work items now have a Grace Period Expiration field.
- SCA works items now have a First Found Date field and File Path field for vulnerabilities.
- The Summary Report now shows a link to the Scan Details page.
- The extension now fails the build if Development Sandbox scans find SCA vulnerabilities.
- Builds no longer fail when the
Fail build if Upload and scan build steps fails
option is cleared, but the application name contains special characters.
February 28, 2023
Veracode Greenlight for IntelliJ Supports IntelliJ v2022.2.3
Veracode Greenlight v1.8.7 adds support for IntelliJ v2022.2.3.
February 22, 2023
Updated Identity REST API
You can now use the Identity REST API to manage Veracode API credentials for API service accounts, also called API users.
February 9, 2023
Updated Veracode SCA Scan for VS Code
Veracode SCA Scan for VS Code version 0.6.0 includes the following updates:
- Adds a Create a Case link that you can use to send a support case to Veracode Technical Support.
- Adds a Leave Feedback link that you can use to provide feedback in a survey.
- Fixes an issue where the extension did not verify undefined or null values.
February 3, 2023
Mandatory Upgrade for Veracode Greenlight for IntelliJ
Veracode Greenlight for IntelliJ version 1.8.6 supports a recent change to the Greenlight API. To continue using this plugin, you must upgrade to this version by February 13, 2023.
February 2, 2023
Mandatory Upgrade for Veracode Greenlight for Eclipse
Veracode Greenlight for Eclipse version 2.9.7 includes these changes:
- Supports a recent change to the Greenlight API. To continue using this plugin, you must upgrade to this version by February 13, 2023.
- Fixes a refresh issue that flashes various status messages at the bottom of the Eclipse interface.
February 1, 2023
Updated Java API Wrapper
Veracode Java API Wrapper version 23.1.10.5 adds logic to identify and remove unicode application names from the XML response.
Veracode Mobile Application Packager Has Reached End of Life
Veracode Mobile Application Packager is now End of Life (EOL) and is no longer supported by Veracode Technical Support. To compile and package tvOS or iOS applications that you developed in the Xcode IDE, see the packaging requirements.
January 30, 2023
Mandatory Greenlight Upgrades for Eclipse and IntelliJ
Veracode has made a change to the Greenlight API that will impact the following plugins.
- Veracode Greenlight for Eclipse version 2.9.6 and earlier
- Veracode Greenlight for IntelliJ version 1.8.5.2022 and earlier
New versions of these plugins will be available on February 2, 2023 and February 3, 2023, respectively. To continue using these plugins, you must upgrade to the new versions by February 13, 2023.
January 23, 2023
Veracode Integration for Jira Supports Jira Server 9
Veracode Integration for Jira version 4.0.1 adds support for Jira Server 9. This integration no longer supports Jira Server 8.6.0 and earlier.
January 17, 2023
Introducing Veracode SCA Scan for VS Code
Veracode SCA Scan for VS Code version 0.5.0 is a new extension that integrates Software Composition Analysis (SCA) into VS Code. Developers can scan their code to detect security risks in open-source libraries, library dependencies, and licenses. The detailed scan results help developers learn about vulnerabilities, prioritize security fixes, and remediate security issues from within their IDE. Version 0.5.1 only removes an obsolete README
.
January 10, 2023
Renaming the ConnectionDetailsSelection='Endpoint'
YAML Property
In February 2023, Veracode will release a new Azure DevOps Extension that uses the YAML property value ConnectionDetailsSelection='Service Connection'
rather than the current value ConnectionDetailsSelection='Endpoint'
. When upgrading to this new extension, you must update your YAML with the new value name.
January 5, 2023
Improved Veracode Azure DevOps Extension
Veracode Azure DevOps Extension version 3.17.0 includes the following improvements:
- Renamed the Veracode Analysis Center link to Veracode Platform.
- The extension no longer fails a pipeline build if it has a policy assessment of Conditional Pass, even if the Fail build if application fails security policy checkbox is selected.
- Fixed a minor error-handling issue when the build artifact directory is empty.
- The Flaw Import task now fails the build when importing flaws with an unsupported process template and the Fail build if flaw importer build step fails checkbox is selected.
January 3, 2023
Improved Veracode Integration for Jira Cloud
Veracode Integration for Jira Cloud version 4.7.0 now successfully loads the Findings Import page when importing large Jira projects.
December 19, 2022
Improved Veracode Integration for Jira Server
Veracode Integration for Jira Server version 3.38.0 includes the following improvements:
- Jira tickets from imported Static Analysis flaws now show the detected CWEs with a dash instead of an underscore. This CWE format matches the results in the Veracode Platform. For example, CWE_123 is now CWE-123.
- Jira tickets from imported SCA vulnerabilities now support the Mitigation Status and Mitigation Status Description fields.
December 15, 2022
Veracode Mobile Application Packager is Deprecated
Veracode Mobile Application Packager is now deprecated and will be obsolete on February 1, 2023.
December 14, 2022
Veracode for VS Code Renamed to Veracode Greenlight for VS Code
Veracode for VS Code version 1.6.0 includes the following updates:
- Changed the name of the extension to Veracode Greenlight for VS Code.
- Using File > Save on a single file now saves only that file, not all unsaved files.
December 13, 2022
Veracode Azure DevOps Extension Fixes Link to Veracode Platform
Veracode Azure DevOps Extension version 3.16.0 fixes the link on the Veracode Scan Summary tab. The link now opens the scan results in the Veracode Platform instead of the Application page.
December 6, 2022
Updated Veracode Static for Visual Studio
Veracode Static for Visual Studio version 1.7.0 fixes an issue where the extension could not authenticate with Veracode from a European Region instance.
November 16, 2022
Updated Veracode Integration for Jira
Veracode Integration for Jira version 3.37.0 fixes an issue where the plugin ignores all remaining applications after attempting to import findings from an application with COTS enabled.
November 14, 2022
Updated C# API Wrapper
Veracode C# API wrapper version 22.10.8.6 includes these updates:
- Fixed an error that can occur if the filename of an uploaded file contains certain characters or symbols. For example,
~ ^ ' { }
- The
-debug
parameter now logs timestamped messages that identify connectivity issues, error conditions, and the status of various composite actions.
Improved Veracode Greenlight for IntelliJ
Veracode Greenlight for IntelliJ version 1.8.5 adds support for IntelliJ IDEA 2022.2.3.
October 27, 2022
Java API Wrapper Has Improved Error Handling
Veracode Java API Wrapper version 22.10.10.4 now cancels any scans that exceed the upload limit.
October 21, 2022
Veracode Azure DevOps Extension Now Supports Automatic Deletion of Incomplete Scans
Veracode Azure DevOps Extension version 3.15.0 adds options for deleting incomplete scans in your pipeline. When configuring the extension, you can add -deleteincompletescan
as an optional argument or add -deleteIncompleteScan
as a YAML property.
Updated Veracode Static for Visual Studio
Veracode Static for Visual Studio 2019 and 2022 version 1.6.0 includes these changes:
- Fixed an issue where web projects inside folders did not publish.
- Fixed an issue where the scan progress bar in the IDE displayed as incomplete after clicking Custom Workflow.
- Run Scan button in the IDE is now disabled when the scan status is in a failed state. In the Veracode Platform, you also see a warning message to resolve this issue.
September 29, 2022
Updated Greenlight for Eclipse
Greenlight for Eclipse version 2.9.6 includes minor security and documentation updates.
September 22, 2022
Improved Finding Import Performance for Veracode Integration for Jira Cloud
Veracode Integration for Jira Cloud version 4.6.0 adds a new filter that only imports findings with new scan data, policy changes, or changes to applied mitigations since the last import.
September 13, 2022
Java API Wrapper JavaDoc Update
In Veracode Java API Wrapper version 22.9.10.3 the documentation available in the wrapper installation file now describes the Credentials
class.
August 29, 2022
Veracode Azure DevOps Extension Has Improved Flaw Importer Task
Veracode Azure DevOps Extension version 3.14.0 includes the following improvements to the Flaw Importer Task.
- Uses fewer calls to complete flaw imports.
- Fixes an issue where flaws without comments did not sync or close.
- Fixes an issue where development sandbox findings did not import.
August 12, 2022
Veracode TeamCity Plugin Now Supports Automatic Deletion of Incomplete Scans
Veracode TeamCity Plugin version 2.7.0 adds configuration options for deleting incomplete scans.
August 9, 2022
Veracode Integration for Jira Server Now Retries Downloading the Detailed XML Report
Veracode Integration for Jira version 3.36.0 fixes an issue where the integration did not create tickets of imported flaws if it could not retrieve the Detailed XML Report. The integration now attempts to retrieve the Detailed XML Report during the next import cycle.
July 27, 2022
Updated C# API Wrapper
Veracode C# API wrapper version 22.8.8.5 includes these updates:
- Supports the
-debug
parameter. - Fixes an issue to filter out Dynamic Analysis results.
- Adds transaction ID header to
uploadandscan
.
July 20, 2022
Veracode Azure DevOps Extension Now Supports Importing SCA Vulnerabilities as Work Items
Veracode Azure DevOps Extension version 3.13.0 updates the Flaw Importer task to support importing Software Composition Analysis (SCA) vulnerabilities as work items.
July 14, 2022
Veracode Jenkins Plugin Now Supports Automatic Deletion of Incomplete Scans
Veracode Jenkins Plugin version 22.6.18.0 adds configuration options for deleting incomplete scans.
June 27, 2022
Improved Finding Import Performance for Veracode Integration for Jira Server
Veracode Integration for Jira Server version 3.35.0 adds a new filter that only imports findings with new scan data, policy changes, or changes to applied mitigations since the last import.
June 22, 2022
Deprecation of Admin XML APIs
Veracode has deprecated the Admin XML APIs for user and team management. End-of-support for these APIs is scheduled for June 30, 2023. Veracode recommends that you begin updating your automations to use the Identity REST APIs. Also, enabling the Single Sign-on and Just-in-Time Provisioning feature automatically disables the Admin XML APIs for user management. Before enabling this feature, ensure all of your automations are using the Identity APIs.
June 8, 2022
Updated Veracode Static for Visual Studio (New)
Veracode Static for Visual Studio (New) version 1.5.0 includes these changes:
- Change the scan name from the name that Veracode generates and assigns during scanning.
- Import and review XML scan results from Veracode Detailed Reports.
May 18, 2022
Java API Wrapper Updates -deleteincompletescan
Parameter with Backward Compatibility
Java API Wrapper version 22.5.10.1 updates the -deleteincompletescan
parameter to be backward compatible with Java API wrapper versions earlier than 22.5.10.0, which released on May 4, 2022. After upgrading the wrapper, the parameter value automatically changes from boolean to an integer:
- If set to
true
, the value changes to1
. - If set to
false
, the value changes to0
.
May 4, 2022
Java API Wrapper Has Improved -deleteincompletescan
Parameter
Java API Wrapper version 22.5.10.0 includes changes to the -deleteincompletescan
parameter for deleting incomplete scans when running the uploadandscan
action. This parameter now accepts an integer value, rather than boolean, for deleting an incomplete scan based on the scan status.
These changes are not backward compatible with the -deleteincompletescan
parameter available in earlier versions of the Java API Wrapper. If you currently use this parameter, after upgrading the wrapper you must change the value from boolean to one of the accepted integer values.
April 15, 2022
Introducing New Veracode Static Extensions for Visual Studio 2019 and 2022
Veracode Static for Visual Studio version 1.4.0 is a new extension for adding Static Analysis to Visual Studio 2019 and 2022. The new extension for Visual Studio 2019 provides major improvements compared to our current legacy extension for version 2019, which Veracode continues to support.
The extensions include these features:
- Improved user experience for developers.
- Powerful Summary View grid for reviewing and managing findings.
- Streamlined workflow for building, packaging, and scanning your code.
- Support for policy and sandbox scans.
An extension for each Visual Studio version is available from the Visual Studio Marketplace.
April 12, 2022
Veracode Greenlight Now Supports the New Visual Studio 2019 and 2022
Veracode Greenlight for Visual Studio version 1.3.184.96 is a new extension for adding Greenlight scanning to the newer versions of Visual Studio 2019 and 2022. An extension for each Visual Studio version is available from the Visual Studio Marketplace.
March 9, 2022
Updated Azure DevOps Extension
Veracode Azure DevOps Extension version 3.10.0 includes these changes:
- TFS 2017 is no longer supported.
- TFS 2018 support now requires Azure Pipeline Agent 2.196.2 or later.
- Flaw Importer task can now import custom fields when using custom process templates.
- Flaw Importer task can now overwrite the area path in work items when importing flaws.