Skip to main content

Integrations updates

· 39 min read

The updates on this page apply to the Veracode integrations and APIs. Updates that apply to specific Veracode regions show a region icon. Veracode Greenlight is not supported in the European region.

For updates specific to Veracode Fix, such as language and CWE support, see Fix updates. For updates specific to the SCA integrations, see SCA updates.

December 18, 2024

Veracode Scan for VS Code v1.13.1

This update includes the following improvements:

  • Adds auto SCA scanning. Turn on this option to automatically scan all open-source libraries when you open a project or when the libraries change.
  • After you run an SCA scan, the extension now highlights vulnerable libraries in the package manager file for projects that use Maven, npm, or Yarn.

December 13, 2024

Veracode TeamCity Plugin v2.8.0

This update includes the following improvements:

  • Added the Optional Argument field. You can now enter optional parameters for Optional Argument in the Upload and Scan task.
  • Minor security improvements.

December 12, 2024

Veracode Workflow App v0.2.15 for GitHub

This update includes the following improvements:

  • Fixes Pipeline Scan errors caused by an application profile override or an invalid profile.
  • Fixes issues due to the workflow app including helper files as build artifacts.

Veracode Scan for VS Code v1.12.0

This update adds an option to skip vulnerable method analysis during SCA scans. When turned on, this option can reduce SCA scan times, but the scans will not detect vulnerable methods in open source libraries.

December 10, 2024

Veracode Scan for Visual Studio v0.4.0

This update adds proxy support. You can now sign in to Veracode through a proxy server.

November 28, 2024

Azure DevOps Workflow Integration v1.3.0

This update makes Azure DevOps Workflow Integration available in the European Region.

November 26, 2024

Veracode Fix Action for GitHub v1.0.1

This update includes the following improvements:

  • Additional CWE support for single fix and batch fix.
  • Removed restriction of using app as the root folder name in the user codebase.

November 25, 2024

Veracode Scan for VS Code v1.11.7

This update improves the suggested fixes from Veracode Fix.

November 20, 2024

Veracode Scan for Eclipse v1.3.0

This update adds proxy support. You can now sign in to Veracode through a proxy server.

November 18, 2024

Veracode Scan for Visual Studio v0.3.2

This update includes minor performance improvements.

November 14, 2024

Veracode Scan for VS Code v1.11.6

This update includes the following improvements:

  • The auto-packager has improved support for Go.
  • Improved suggested fixes from Veracode Fix.

November 13, 2024

Veracode Azure DevOps Extension v3.29.0

This update includes minor security improvements.

October 25, 2024

Veracode Scan for JetBrains v1.4.3

This update includes minor usability improvements.

Veracode Scan for Visual Studio v0.3.1

This update includes minor performance improvements.

Veracode Scan for VS Code v1.11.5

This update includes minor performance improvements.

October 24, 2024

Veracode Scan for Eclipse v1.2.1

This update includes usability improvements.

October 15, 2024

Veracode Scan for Visual Studio v0.3.0

This update adds Software Composition Analysis (SCA) scans to Veracode Scan for Visual Studio. You can now find and fix vulnerabilities in open-source libraries, and review the risk level of the library licenses in your projects.

Veracode Integration for Jira Server v4.10.1

This update fixes an issue where non-admin users are not able to select the Veracode link in tickets on Jira 9.12 or later.

Veracode Integration for Jira Server v4.10.0

This update fixes an issue where non-admin users are not able to select the Veracode link in tickets on Jira 9.12 or earlier.

October 10, 2024

Veracode Fix Action for Github 1.0.0

This update adds Veracode Fix as a GitHub Action. You can use this GitHub Action to review and apply suggested code fixes to flaws in your GitHub project before merging your commits to the main branch.

October 08, 2024

Java API wrapper 24.10.15.0

This update adds the repourl parameter. This parameter updates the Git repo URL for the associated application profile.

September 30, 2024

Veracode Scan for Eclipse 1.2.0

This update adds Veracode Software Composition Analysis (SCA) scanning to Veracode Scan for Eclipse.

September 26, 2024

Veracode Scan for Eclipse v1.1.0

This update adds Veracode Fix to Veracode Scan for Eclipse. To fix flaws in seconds from within your IDE, you can now apply AI-generated fixes directly to flaws. The plugin name has changed from Veracode SAST for Eclipse IDE to Veracode Scan for Eclipse.

Veracode Scan for Visual Studio v0.2.0

This update adds Veracode Fix to Veracode Scan for Visual Studio. To fix flaws in seconds from within your IDE, you can now apply AI-generated fixes directly to flaws.

September 24, 2024

Introducing Veracode Scan for Visual Studio v0.1.0

Veracode Scan for Visual Studio is an extension that integrates Static Application Security Testing (SAST) with Visual Studio 2019 and 2022. From within your IDE you can:

  • Use auto-packaging to have the plugin automatically package your code into a supported artifact for Static Analysis. Or, provide an artifact you packaged manually.
  • Scan your projects to find security flaws in your code.
  • Use the detailed scan results to learn about the flaws, prioritize which flaws to resolve first, and use the provided remediation guidance to fix the flaws.

September 17, 2024

Veracode Integration for Azure DevOps v3.28.0

This update includes minor security improvements.

September 16, 2024

Veracode Integration for Jira Cloud v4.17.0

This update includes minor performance improvements.

September 12, 2024

Veracode Workflow App 0.2.13 for GitHub

This update adds new user configurations to auto-packaging that allow you to use your own runner, image, and dependencies for building your projects. The new configurations include:

  • actions:ruby:version: Ruby version required in the project.
  • actions:ruby:bundle: specific bundler required for the gem installation in a Ruby project.
  • actions:{scan type}:build:runs_on: runner for building your project.
  • actions:{scan type}:build:packager_image: a public docker image to use for building your project.
  • actions:{scan type}:build:predependency_command: any additional commands required by the project.

For more details, see the complete list of veracode.yml configurations.

To update your app to reflect these changes, you must import the app repository.

View GitHub workflow data in the Veracode Platform commercial-icon.png

You can now connect your GitHub organizations to your Veracode account in the Veracode Platform. This feature allows you to review GitHub workflow status and scan activity for all GitHub organizations in which you have installed the Veracode Workflow App.

This feature is not required and does not impact the existing functionality of the Veracode Workflow App.

September 9, 2024

Introducing Veracode SAST for Eclipse IDE v1.0.0

Veracode SAST for Eclipse IDE is a plugin that integrates Static Application Security Testing (SAST) with the Eclipse IDE. From within your IDE you can:

  • Use auto-packaging to have the plugin automatically package your code into a supported artifact for Static Analysis. Or, provide an artifact you packaged manually.
  • Scan your projects to find security flaws in your code.
  • Use the detailed scan results to learn about the flaws, prioritize which flaws to resolve first, and use the provided remediation guidance to fix the flaws.

September 6, 2024

Azure DevOps Workflow Integration commercial-icon.png

Veracode has released the Azure DevOps Workflow Integration that allows you to scan your Azure Devops repositories with Static Analysis and Software Composition Analysis (SCA). The integration uses template workflows in a centralized location that you can apply to all repositories across your organization.

The functionality of the integration includes:

  • Automated scans of up to thousands of repositories from one location
  • Static, SCA, and infrastructure as code (IaC) scans start on developer activity from a single workflow
  • Automated scanning does not require developers to configure workflows for individual repositories
  • Auto-packaging support for Java, .NET, JavaScript, Python, Go, Kotlin, and React Native repositories.

To get access to the integration, contact your Veracode customer success manager.

For information on installing and scanning with the integration, view the Veracode documentation.

September 3, 2024

Veracode Integration for Jira Server 4.9.1

This update adds security improvements.

August 29, 2024

Veracode Scan for VS Code 1.11.2

This update improves Veracode Fix to only provide suggested fixes for flaws with supported CWE IDs.

August 28, 2024

Veracode Scan for VS Code 1.11.1

This update improves the data path step links on the Remediation Guidance tab.

August 16, 2024

Veracode Scan for JetBrains 1.3.1

This update includes the following improvements:

  • Veracode Fix only provides suggested fixes for flaws with supported CWE IDs.
  • To use auto-packaging in Rider on macOS, you no longer need to open the IDE from a command prompt.

July 31, 2024

Veracode Integration for Jira Server 4.8.1

This update adds support for Jira Server and Jira Data Center v9.17.1.

Veracode Scan for VS Code 1.11.0

This update improves the integrated auto-packager.

July 24, 2024

Veracode Scan for VS Code 1.10.0

This update includes the following improvements:

  • You can now cancel scans.
  • Improved the recommended fixes for vulnerabilities in your libraries.

July 23, 2024

Veracode Workflow App 0.2.7 for GitHub

This update adds auto-packaging support for JavaScript, Python, Go, Scala, Kotlin, React Native, and Android repositories.

To update your app to reflect these changes, you must import the app repository.

July 18, 2024

Veracode Scan for JetBrains 1.2.0

This update includes the following improvements:

  • You can now sign in to Veracode through a proxy server.
  • All debug logs are now under the .veracode folder.
  • The Scan Project button is now turned on after you install and set up the extension.
  • Vulnerable libraries are now sorted by usage.
  • Panels are now cleared after you start a new scan.
  • Minor performance improvements.

July 10, 2024

Java API Wrapper 24.7.14.0

This update adds the failbuild parameter. You use this parameter to fail the build if any artifacts of your packaged applications fail to upload.

July 9, 2024

Veracode Integration for Jira Cloud 4.15.0

This update includes the following improvements:

  • The Monitoring and Troubleshooting page now successfully displays remarks if an import fails.
  • Projects with more than 50 components now import successfully.

June 28, 2024

Veracode Workflow App 0.2.3 for GitHub

This update includes the following improvements:

  • Auto-packager support for .NET repositories.
  • The names of GitHub check runs for Veracode Static Analysis now indicate whether they are pipeline scans or policy scans.
  • The GitHub check run summary pages now display the Veracode Platform URL. You can review results regardless of the check run status. Previously, the URL only appeared after the check run succeeded.

If you have not previously granted the app permissions to your GitHub repository, you might receive a notification requesting those permissions when you update your app.

To update your app to reflect these changes, you must import the app repository.

June 24, 2024

Veracode Scan for JetBrains 1.1.0

This update includes the following improvements:

  • Adds Veracode Fix to Veracode Scan for JetBrains. To fix flaws in seconds from within your IDE, you can now apply AI-generated fixes directly to flaws.
  • Adds support for the JetBrains Rider IDE.

June 6, 2024

Veracode Workflow App 0.2.2 for GitHub

This update includes the following improvements:

  • Upgraded GitHub Actions artifacts to version 4.
  • Auto-packaging of Java repositories that do not contain build files in the root directory.
  • Improved memory handling.

To update your app to reflect these changes, you must import the app repository.

Veracode for JetBrains 1.0.0

This update includes the following improvements:

  • You can now run Static Analysis (SAST) scans to find flaws in your source code. Before scanning, the plugin auto-packages your code according to Veracode packaging requirements.
  • Use the filtering options to focus on the static findings that are most important to your organization.
  • Use the provided remediation guidance to fix static findings or use the ignore option to ignore findings you won't fix.

May 30, 2024

Veracode Scan for VS Code 1.9.2

This update includes the following improvements:

  • The proxy support option is now generally available.
  • The timeout limit for Static Analysis scans has increased to 60 minutes.

Veracode Azure DevOps Extension 3.27.2

This update adds support for Node 10 and Node 16.

May 21, 2024

Veracode Scan for VS Code 1.9.1 - Pre-release

This update improves the proxy support option. Before you install this update, on the Visual Studio Code Marketplace, select Switch to Pre-Release Version.

May 16, 2024

Veracode Integration for Jira Cloud 4.14.0

The Monitoring and Troubleshooting page now successfully displays imports from One Time Import and Selective Import.

May 10, 2024

Veracode Scan for VS Code 1.9.0 - Pre-release

This update is a pre-release that supports signing in to Veracode through a proxy server. Before you install this update, on the Visual Studio Code Marketplace, select Switch to Pre-Release Version.

May 3, 2024

Veracode SCA Scan for JetBrains 0.8.1

The debug option now successfully saves all logs.

May 2, 2024

Veracode Static for Eclipse 3.9.0

This update includes minor performance improvements.

April 18, 2024

Veracode Scan for VS Code 1.8.1

This update includes the following improvements:

  • The timeout limit for Static Analysis scans has increased to 10 minutes.
  • Fixed findings no longer appear on the PROBLEMS tab in VS Code.

April 17, 2024

Veracode Static for Visual Studio 2019 and 2022 v1.12.0

This update includes the following improvements:

  • After you import an XML file of your results into Visual Studio, the View Policy Results pane now shows the correct data paths.
  • If you use both the Greenlight extension and the Static Analysis extension in your IDE, you no longer experience conflicts between these extensions.

April 11, 2024

Veracode SCA Scan for JetBrains 0.8.0

This update includes a refreshed user experience.

April 10, 2024

Veracode Workflow App 0.2.0 for GitHub

This update includes the following improvements:

  • For policy and pipeline scans:
    • To turn on policy or pipeline scans, you must now add the analysis_on_platform true flag. By default, this feature is turned off.
    • By default, the analysis_branch flag is now set to your default branch automatically. You can set this flag to a different branch.
    • When you open a pull request (PR) against a branch you are scanning, the integration creates a sandbox scan from the source branch. You can view the scan results under the branch name in the Veracode Platform. When you merge the PR, the integration removes the sandbox scan, and then starts a new policy scan in the target branch. You can view the scan results under the repo name in the Veracode Platform.
    • Mitigated findings from a pipeline scan no longer appear in the list of findings.
  • For GitHub Issues:
    • New issues flag to enter a command that runs on-demand scans on a repo issue.
    • New create_issue flag that creates GitHub Issues from Static Analysis findings.
    • New create_code_scanning_alerts flag that creates code scanning alerts from Static Analysis findings. The alerts appear on the GitHub Security page.
  • For configuration options:
    • You can now configure an allowlist with in the central repo_list.yml file.
    • You can now override most global configurations by adding custom configurations to a veracode.yml file at the root of your source repo.
    • New use_custom_workflow flag that can use a workflow from the source repo to build the project or artifact you can upload for scanning.
  • For error handling:
    • New error messages that display as annotations if API credentials are invalid.
    • New error message when the integration is not able to find a policy name.
  • The integration now auto-packages Java projects for more reliable builds and more accurate scan results.

Java API Wrapper 24.4.13.0

This update includes the following improvements:

April 3, 2024

Veracode Scan for VS Code 1.8.0

This update includes the following improvements:

  • Adds Veracode Fix support for Kotlin and Scala.
  • The Flaw Details tab now renders correctly for .NET projects.
  • Minor improvements to packaging support.

April 1, 2024

Veracode Integration for Jira Server 4.7.0

You no longer see a NullPointerException error when you run a one-time import, selective import, or automated import.

March 28, 2024

Veracode Static for Visual Studio 2019 and 2022 v1.11.0

The integration now successfully verifies your Veracode API credentials.

March 25, 2024

Veracode Scan for VS Code 1.7.0

This update includes minor improvements to packaging support.

March 21, 2024

Veracode Static for Visual Studio 2019 and 2022 v1.10.0

In the Project Settings Wizard, when you select an application, the list of sandboxes now shows the sandboxes for the selected application only.

March 14, 2024

Veracode Static for IntelliJ 3.6.0

This update includes the following changes:

  • The Veracode option is now visible on the main menu.
  • Adds support for IntelliJ version 2023.3.4.

March 7, 2024

Veracode Scan for VS Code 1.6.0

This update includes the following improvements:

  • The debug option now supports Static Analysis scans, Veracode Fix, and the auto-packager, in addition to SCA scans.
  • You can now clear all findings.
  • Minor performance improvements.

March 4, 2024

Veracode Integration for Jira Cloud 4.13.2

This update adds historical diagnostics data about each import to the Monitoring and Troubleshooting page.

February 29, 2024

Veracode Jenkins Plugin 24.2.23.0

This update improves security by increasing the minimum supported versions of Jenkins and Java. To install this update, you must have a minimum Jenkins version of 2.414.3 and Java 11.

February 28, 2024

Veracode SCA Scan for JetBrains 0.7.2

This update includes the following improvements:

  • You can now use a debug option to troubleshoot scan errors.
  • Minor performance improvements.

Veracode Greenlight for Visual Studio 2019 and 2022 v1.5.0

This update includes the following improvements:

  • Scans no longer fail with this error message: “The selected file must be in a solution. Open the solution that contains this file and try again.”
  • Improved error handling.

February 23, 2024

Veracode Integration for Jira Server 4.6.0 euro-icon.png us-fed-eagle-icon.png

With this update, when you select links in Jira tickets that open application profiles located in the European Region or US Federal Region, the links no longer open in the Commercial instance of the Veracode Platform.

February 20, 2024

Veracode Azure DevOps Extension 3.26.0

This update includes the following improvements:

  • Adds support for the includenewmodules parameter.
  • You can now add the following information as tags in work items: scan type, finding severity, due date, and CVE ID (SCA only).
  • Work items now show the correct CWE ID.
  • The Upload and Scan task no longer fails when you use the environment variable JAVA_TOOL_OPTIONS.

February 15, 2024

Veracode Scan for VS Code 1.5.0

This update adds Veracode Fix to Veracode Scan for VS Code. To fix flaws in seconds from within your IDE, you can now apply AI-generated fixes directly to flaws.

January 30, 2024

Veracode Scan for VS Code 1.4.1

This update includes the following improvements:

  • Fixes a typo in the Views and More Actions menu.
  • The Remediation Guidance text in the Flaw Details tab is now visible in light mode.
  • Minor performance improvements.

January 29, 2024

C# API Wrapper 24.1.10.1

This update adds support for the -includenewmodules parameter.

January 11, 2024

Veracode Scan for VS Code 1.4.0

This update adds Static Application Security Testing (SAST) to VS Code. Developers can use SAST to find and fix flaws in their code and use Software Composition Analysis (SCA) to find and fix vulnerabilities in open-source code from within the IDE.

This extension replaces Veracode SCA Scan for VS Code. Greenlight for VS Code is now deprecated and will not be supported after June 2024.

December 12, 2023

Veracode Azure DevOps Extension 3.25.0

This update includes the following improvements:

  • The Flaw Import task and the Upload and Scan task now successfully fail the build when the Fail build if Upload and Scan build step fails checkbox is selected.
  • Adds an option to overwrite the iteration path in work items of imported flaws during the next import.

Veracode Integration for Jira Server 4.5.0

This update adds historical diagnostics data to the Monitoring and Troubleshooting page.

October 5, 2023

Veracode Fix now supports JavaScript and TypeScript

Veracode Fix has improved language coverage to include JavaScript and TypeScript.

December 4, 2023

Veracode GitHub Workflow App

Veracode has released the Veracode Workflow App that allows you to scan your GitHub repositories with Static Analysis, Software Composition Analysis (SCA), and Container Security. The app uses template workflows in a centralized location that you can apply to all repositories across your organization.

The functionality of the app includes:

  • Automated scans of up to thousands of repositories from one location
  • Static, SCA, and Container Security scans start on developer activity from a single workflow
  • Automated scanning does not require developers to configure workflows for individual repositories
  • Broad language support

You can download the app from the GitHub marketplace. For more information, view the Veracode documentation.

December 1, 2023

Veracode Static for Visual Studio 2019 and 2022 v1.9.0

This update includes the following improvements:

  • Adds support for TSRV mitigations.
  • Adds support for .NET 7.

November 9, 2023

Veracode SCA Scan for VS Code 1.3.1

This update includes the following improvements:

  • You can now filter out any findings that are of low importance to your organization by selecting a security policy to apply to your project. To use this feature, your account must have the Unified Policy applied.
  • The Vulnerability Details window now includes a link to the related CVE.
  • You can now use a debug option to troubleshoot scan errors.
  • Minor interface changes.

November 1, 2023

Veracode Integration for Jira Cloud 4.12.0

This update includes the following changes:

  • The Import Automation page now includes an option for you to retry downloading Detailed Reports that failed to download during import.
  • If your account is in the European Region and you select a link in a Jira issue to an application profile, the link now opens the Veracode Platform in the European Region.
  • User accounts in the European Region now see the correct values for various fields in imported Jira issues.

October 17, 2023

Veracode SCA Scan for JetBrains 0.7.1

This update includes minor performance improvements.

October 13, 2023

Veracode SCA Scan for VS Code 1.2.1

This update includes minor performance improvements.

October 4, 2023

Veracode Integration for Jira Server 4.4.0

This update adds support for Jira Server version 9.11.2.

September 26, 2023

Veracode Azure DevOps Extension 3.24.0

This update includes the following changes:

  • End of support for Team Foundation Server (TFS).
  • Builds no longer fail when the Fail build if flaw importer build step fails option is cleared and the application name contains special characters.

September 6, 2023

Veracode Greenlight for IntelliJ 1.9.0

This updates includes minor performance improvements.

August 31, 2023

Veracode Integration for Jira Server 4.3.0

This update includes the following improvements:

  • The Monitoring and Troubleshooting page now shows details about the last four imports.
  • The Monitoring and Troubleshooting page now includes an option for you to retry downloading Detailed Reports that failed to download during import.

August 17, 2023

Java API Wrapper 23.8.12.0

You can now send requests to the Identity REST API from within the Java API wrapper.

August 16, 2023

Veracode Azure DevOps Extension 3.23.0

This update includes the following improvements:

  • You can now add an iteration path to the work item settings in the Flaw Importer task.
  • Adds support for Azure DevOps version 2022 RC2.

August 10, 2023

Veracode SCA Scan for JetBrains 0.7.0

This update fixes a minor performance issue.

Veracode Integration for Jira Cloud 4.11.0

This update includes the following improvements:

  • If an imported story for an open-source component with vulnerabilities changes projects, the integration now creates subtasks for SCA vulnerabilities in that story under the new project.
  • To avoid failed imports, if the integration encounters errors when it searches for linked Veracode fields, it now skips issue creation for any new findings.

August 8, 2023

Veracode SCA Scan for VS Code 1.2.0

This update includes the following improvements:

July 28, 2023

Veracode Greenlight for IntelliJ 1.8.8

This update includes the following improvements:

  • Adds support for IntelliJ version 1.8.7.
  • Exception errors no longer appear during Greenlight scans at the file or folder level.

July 27, 2023

Veracode SCA Scan for JetBrains 0.6.1

Veracode SCA Scan for JetBrains version 0.6.1 adds support for IntelliJ IDEA version 2023.2.

July 21, 2023

Introducing Veracode SCA Scan for JetBrains

Veracode SCA Scan for JetBrains version 0.6.0 is a new extension that integrates Software Composition Analysis (SCA) into the IntelliJ IDEA and PyCharm IDEs. Developers can scan their code to detect security risks in open-source libraries, library dependencies, and licenses. The detailed scan results help developers learn about vulnerabilities, prioritize security fixes, and remediate security issues from within their IDE.

July 20, 2023

Veracode SCA Scan for VS Code 1.1.0

This update includes the following improvements:

  • You can now select a project to scan when you have multiple projects in VS Code.
  • The SCAN OVERVIEW view now shows the name of the project you scanned.
  • In the extension settings, you can now enable or disable recursive scanning.
  • If your API credentials or the local SCA agent are invalid, the SETUP view now opens after you select Start Scanning or Rescan.
  • Spaces in the USER_HOME directory no longer result in an error.

July 14, 2023

Veracode Integration for Jira Server 4.2.0

This update fixes an issue where IssueCreatorImpl errors on the Monitoring and Troubleshooting page caused unexpected failures.

Veracode Jenkins Plugin 23.7.22.0

This update includes the following improvements:

July 6, 2023

Veracode Static for Visual Studio 2019 and 2022 v1.8.0

This update includes the following improvements:

  • In the Static Findings window, when you double-click a finding, or right-click a finding and select Go to Line, the selected finding now remains selected.
  • After you add a new application to a project and scan it, the extension now adds the details about the new application to the file veracode-project-user.json.

Veracode Integration for Jira Server 4.1.0

This update includes the following improvements:

  • The Import Automation now provides an option that attempts to import any flaws that failed to import. If an import fails, the Import Automation no longer uses the last import date of the failed import.
  • The Troubleshooting page now provides a diagnostic dashboard that shows details about the latest import, including information about any errors.

June 26, 2023

Veracode Greenlight for Visual Studio 2019 and 2022 v1.4.0

This update improves error handling.

June 15, 2023

Veracode Greenlight for VS Code Adds Support for .NET 7

See Veracode Greenlight for VS Code.

June 13, 2023

C# API Wrapper 23.5.8.8

You can now provide a proxy host, port, and its credentials in an environment variable. The environment variable name must be https_proxy.

June 5, 2023

Veracode Azure DevOps Extension 3.22.0

This update includes the following changes:

  • The Upload and Scan task now supports the optional parameter scanpollinginterval.
  • You can now configure the Flaw Import task to only import findings from Static Analysis and SCA.
  • Minor security improvements.

Veracode SCA Scan for VS Code 1.0.0

This update adds security improvements.

June 1, 2023

Veracode Jenkins Plugin 23.5.21.0

This update includes the following changes:

  • Adds a Show Unstable Status for Failed Policy Evaluation option. Select this option to show the job status as Unstable if the scan succeeds but fails the security policy.
  • Minor security improvements.

May 22, 2023

Veracode Integration for Jira Cloud 4.10.0

This update includes the following changes:

  • Findings you import with the Import Automation feature now show the date of the last successful import, instead of the last import.
  • When you configure a Selective Import and select the left/right arrows to switch between pages, the selected flaws are no longer cleared.
  • Minor security fixes.

May 4, 2023

Veracode Azure DevOps Extension 3.21.0

This update includes the following changes:

  • Adds support for the lifecyclestage parameter as an optional argument in the Upload and Scan task. This parameter is not supported in YAML.
  • The scan polling interval for the Upload and Scan task is no longer twice the expected default value of 120 seconds.

April 27, 2023

Veracode SCA Scan for VS Code 0.8.0

This update includes the following improvements:

  • You can now filter the VULNERABILITIES view based on direct or transitive libraries.
  • The Rescan button is now located at the top of the SCAN OVERVIEW view.
  • The SCAN OVERVIEW view is no longer empty when the scan does not find vulnerabilities.
  • In the Library Details window, the Last published field now shows the months and days since the vendor last published the library or it shows Unknown.

April 19, 2023

Veracode Jenkins Plugin 23.4.20.0

This version includes the following updates:

  • Adds Dynamic Analysis scan statuses STOPPED_VERIFYING_PARTIAL_RESULTS and STOPPED_PARTIAL_RESULTS_AVAILABLE.
  • Fixes an issue where the scan poll interval for upload and scan was twice the expected default value of 120 seconds.

April 13, 2023

Veracode Integration for Jira Cloud 4.9.0

The integration now imports findings from scanned applications with COTS (commercial off-the-shelf) enabled.

April 5, 2023

Java API Wrapper 23.4.11.2

This update includes the following changes:

March 31, 2023

Veracode Static for Eclipse 3.8.0

This update adds support for Eclipse IDE version 2023-03.

March 30, 2023

Veracode Integration for Jira Cloud 4.8.0

This version includes the following changes:

  • Adds additional logs for troubleshooting.
  • To ensure your imported flaws are current, the integration re-imports them after you fix any configuration issues.
  • On the Selective Import page, the Flaws Per Page and Next Page options no longer show an error message.

March 27, 2023

Veracode Jenkins Plugin 23.3.19.0

This version includes the following changes:

  • Addresses the low severity information disclosure issues detailed in CVE-2023-25721 and CVE-2023-25722. For more information, go to the Veracode Community.
  • Correctly escapes the -ppassword parameter for a proxy password.

Veracode Azure DevOps Extension 3.20.0

This version addresses the low severity information disclosure issue detailed in CVE-2023-25722. For more information, go to the Veracode Community.

March 20, 2023

Veracode SCA Scan for VS Code 0.7.0

This update includes the following improvements:

  • The extension now includes an SCA Agent. After you install the extension, you can install the SCA Agent from within the IDE and start scanning.
  • You can point to a vulnerability in the VULNERABILITIES view to see whether it passes the built-in policy.
  • The Vulnerability Details window now shows the policy for the selected vulnerability.
  • To indicate which vulnerabilities have passed the built-in policy, the VULNERABILITIES view now groups them by Did Not Pass Policy and Passed Policy.

March 8, 2023

Java API Wrapper 23.3.11.0

This version includes the following changes:

March 2, 2023

Veracode Azure DevOps Extension 3.19.0

This update adds support for both of the following YAML property values:

  • ConnectionDetailsSelection='Endpoint'
  • ConnectionDetailsSelection='Service Connection'

March 1, 2023

Veracode Azure DevOps Extension 3.18.0

This update includes the following changes:

  • Changes the YAML property value ConnectionDetailsSelection='Endpoint' to ConnectionDetailsSelection='Service Connection'. When you upgrade to this new extension, you must update your YAML with the new value name.
  • Static Analysis work items now have a Grace Period Expiration field.
  • SCA works items now have a First Found Date field and File Path field for vulnerabilities.
  • The Summary Report now shows a link to the Scan Details page.
  • The extension now fails the build if Development Sandbox scans find SCA vulnerabilities.
  • Builds no longer fail when the Fail build if Upload and scan build steps fails option is cleared, but the application name contains special characters.

February 28, 2023

Veracode Greenlight for IntelliJ Supports IntelliJ v2022.2.3

Veracode Greenlight v1.8.7 adds support for IntelliJ v2022.2.3.

February 22, 2023

Updated Identity REST API

You can now use the Identity REST API to manage Veracode API credentials for API service accounts, also called API users.

February 9, 2023

Updated Veracode SCA Scan for VS Code

Veracode SCA Scan for VS Code version 0.6.0 includes the following updates:

  • Adds a Create a Case link that you can use to send a support case to Veracode Technical Support.
  • Adds a Leave Feedback link that you can use to provide feedback in a survey.
  • Fixes an issue where the extension did not verify undefined or null values.

February 3, 2023

Mandatory Upgrade for Veracode Greenlight for IntelliJ

Veracode Greenlight for IntelliJ version 1.8.6 supports a recent change to the Greenlight API. To continue using this plugin, you must upgrade to this version by February 13, 2023.

February 2, 2023

Mandatory Upgrade for Veracode Greenlight for Eclipse

Veracode Greenlight for Eclipse version 2.9.7 includes these changes:

  • Supports a recent change to the Greenlight API. To continue using this plugin, you must upgrade to this version by February 13, 2023.
  • Fixes a refresh issue that flashes various status messages at the bottom of the Eclipse interface.

February 1, 2023

Updated Java API Wrapper

Veracode Java API Wrapper version 23.1.10.5 adds logic to identify and remove unicode application names from the XML response.

Veracode Mobile Application Packager Has Reached End of Life

Veracode Mobile Application Packager is now End of Life (EOL) and is no longer supported by Veracode Technical Support. To compile and package tvOS or iOS applications that you developed in the Xcode IDE, see the packaging requirements.

January 30, 2023

Mandatory Greenlight Upgrades for Eclipse and IntelliJ

Veracode has made a change to the Greenlight API that will impact the following plugins.

  • Veracode Greenlight for Eclipse version 2.9.6 and earlier
  • Veracode Greenlight for IntelliJ version 1.8.5.2022 and earlier

New versions of these plugins will be available on February 2, 2023 and February 3, 2023, respectively. To continue using these plugins, you must upgrade to the new versions by February 13, 2023.

January 23, 2023

Veracode Integration for Jira Supports Jira Server 9

Veracode Integration for Jira version 4.0.1 adds support for Jira Server 9. This integration no longer supports Jira Server 8.6.0 and earlier.

January 17, 2023

Introducing Veracode SCA Scan for VS Code

Veracode SCA Scan for VS Code version 0.5.0 is a new extension that integrates Software Composition Analysis (SCA) into VS Code. Developers can scan their code to detect security risks in open-source libraries, library dependencies, and licenses. The detailed scan results help developers learn about vulnerabilities, prioritize security fixes, and remediate security issues from within their IDE. Version 0.5.1 only removes an obsolete README.

January 10, 2023

Renaming the ConnectionDetailsSelection='Endpoint' YAML Property

In February 2023, Veracode will release a new Azure DevOps Extension that uses the YAML property value ConnectionDetailsSelection='Service Connection' rather than the current value ConnectionDetailsSelection='Endpoint'. When upgrading to this new extension, you must update your YAML with the new value name.

January 5, 2023

Improved Veracode Azure DevOps Extension

Veracode Azure DevOps Extension version 3.17.0 includes the following improvements:

  • Renamed the Veracode Analysis Center link to Veracode Platform.
  • The extension no longer fails a pipeline build if it has a policy assessment of Conditional Pass, even if the Fail build if application fails security policy checkbox is selected.
  • Fixed a minor error-handling issue when the build artifact directory is empty.
  • The Flaw Import task now fails the build when importing flaws with an unsupported process template and the Fail build if flaw importer build step fails checkbox is selected.

January 3, 2023

Improved Veracode Integration for Jira Cloud

Veracode Integration for Jira Cloud version 4.7.0 now successfully loads the Findings Import page when importing large Jira projects.

December 19, 2022

Improved Veracode Integration for Jira Server

Veracode Integration for Jira Server version 3.38.0 includes the following improvements:

  • Jira tickets from imported Static Analysis flaws now show the detected CWEs with a dash instead of an underscore. This CWE format matches the results in the Veracode Platform. For example, CWE_123 is now CWE-123.
  • Jira tickets from imported SCA vulnerabilities now support the Mitigation Status and Mitigation Status Description fields.

December 15, 2022

Veracode Mobile Application Packager is Deprecated

Veracode Mobile Application Packager is now deprecated and will be obsolete on February 1, 2023.

December 14, 2022

Veracode for VS Code Renamed to Veracode Greenlight for VS Code

Veracode for VS Code version 1.6.0 includes the following updates:

  • Changed the name of the extension to Veracode Greenlight for VS Code.
  • Using File > Save on a single file now saves only that file, not all unsaved files.

December 13, 2022

Veracode Azure DevOps Extension version 3.16.0 fixes the link on the Veracode Scan Summary tab. The link now opens the scan results in the Veracode Platform instead of the Application page.

December 6, 2022

Updated Veracode Static for Visual Studio

Veracode Static for Visual Studio version 1.7.0 fixes an issue where the extension could not authenticate with Veracode from a European Region instance.

November 16, 2022

Updated Veracode Integration for Jira

Veracode Integration for Jira version 3.37.0 fixes an issue where the plugin ignores all remaining applications after attempting to import findings from an application with COTS enabled.

November 14, 2022

Updated C# API Wrapper

Veracode C# API wrapper version 22.10.8.6 includes these updates:

  • Fixed an error that can occur if the filename of an uploaded file contains certain characters or symbols. For example, ~ ^ ' { }
  • The -debug parameter now logs timestamped messages that identify connectivity issues, error conditions, and the status of various composite actions.

Improved Veracode Greenlight for IntelliJ

Veracode Greenlight for IntelliJ version 1.8.5 adds support for IntelliJ IDEA 2022.2.3.

October 27, 2022

Java API Wrapper Has Improved Error Handling

Veracode Java API Wrapper version 22.10.10.4 now cancels any scans that exceed the upload limit.

October 21, 2022

Veracode Azure DevOps Extension Now Supports Automatic Deletion of Incomplete Scans

Veracode Azure DevOps Extension version 3.15.0 adds options for deleting incomplete scans in your pipeline. When configuring the extension, you can add -deleteincompletescan as an optional argument or add -deleteIncompleteScan as a YAML property.

Updated Veracode Static for Visual Studio

Veracode Static for Visual Studio 2019 and 2022 version 1.6.0 includes these changes:

  • Fixed an issue where web projects inside folders did not publish.
  • Fixed an issue where the scan progress bar in the IDE displayed as incomplete after clicking Custom Workflow.
  • Run Scan button in the IDE is now disabled when the scan status is in a failed state. In the Veracode Platform, you also see a warning message to resolve this issue.

September 29, 2022

Updated Greenlight for Eclipse

Greenlight for Eclipse version 2.9.6 includes minor security and documentation updates.

September 22, 2022

Improved Finding Import Performance for Veracode Integration for Jira Cloud

Veracode Integration for Jira Cloud version 4.6.0 adds a new filter that only imports findings with new scan data, policy changes, or changes to applied mitigations since the last import.

September 13, 2022

Java API Wrapper JavaDoc Update

In Veracode Java API Wrapper version 22.9.10.3 the documentation available in the wrapper installation file now describes the Credentials class.

August 29, 2022

Veracode Azure DevOps Extension Has Improved Flaw Importer Task

Veracode Azure DevOps Extension version 3.14.0 includes the following improvements to the Flaw Importer Task.

  • Uses fewer calls to complete flaw imports.
  • Fixes an issue where flaws without comments did not sync or close.
  • Fixes an issue where development sandbox findings did not import.

August 12, 2022

Veracode TeamCity Plugin Now Supports Automatic Deletion of Incomplete Scans

Veracode TeamCity Plugin version 2.7.0 adds configuration options for deleting incomplete scans.

August 9, 2022

Veracode Integration for Jira Server Now Retries Downloading the Detailed XML Report

Veracode Integration for Jira version 3.36.0 fixes an issue where the integration did not create tickets of imported flaws if it could not retrieve the Detailed XML Report. The integration now attempts to retrieve the Detailed XML Report during the next import cycle.

July 27, 2022

Updated C# API Wrapper

Veracode C# API wrapper version 22.8.8.5 includes these updates:

  • Supports the -debug parameter.
  • Fixes an issue to filter out Dynamic Analysis results.
  • Adds transaction ID header to uploadandscan.

July 20, 2022

Veracode Azure DevOps Extension Now Supports Importing SCA Vulnerabilities as Work Items

Veracode Azure DevOps Extension version 3.13.0 updates the Flaw Importer task to support importing Software Composition Analysis (SCA) vulnerabilities as work items.

July 14, 2022

Veracode Jenkins Plugin Now Supports Automatic Deletion of Incomplete Scans

Veracode Jenkins Plugin version 22.6.18.0 adds configuration options for deleting incomplete scans.

June 27, 2022

Improved Finding Import Performance for Veracode Integration for Jira Server

Veracode Integration for Jira Server version 3.35.0 adds a new filter that only imports findings with new scan data, policy changes, or changes to applied mitigations since the last import.

June 22, 2022

Deprecation of Admin XML APIs

Veracode has deprecated the Admin XML APIs for user and team management. End-of-support for these APIs is scheduled for June 30, 2023. Veracode recommends that you begin updating your automations to use the Identity REST APIs. Also, enabling the Single Sign-on and Just-in-Time Provisioning feature automatically disables the Admin XML APIs for user management. Before enabling this feature, ensure all of your automations are using the Identity APIs.

June 8, 2022

Updated Veracode Static for Visual Studio (New)

Veracode Static for Visual Studio (New) version 1.5.0 includes these changes:

May 18, 2022

Java API Wrapper Updates -deleteincompletescan Parameter with Backward Compatibility

Java API Wrapper version 22.5.10.1 updates the -deleteincompletescan parameter to be backward compatible with Java API wrapper versions earlier than 22.5.10.0, which released on May 4, 2022. After upgrading the wrapper, the parameter value automatically changes from boolean to an integer:

  • If set to true, the value changes to 1.
  • If set to false, the value changes to 0.

May 4, 2022

Java API Wrapper Has Improved -deleteincompletescan Parameter

Java API Wrapper version 22.5.10.0 includes changes to the -deleteincompletescan parameter for deleting incomplete scans when running the uploadandscan action. This parameter now accepts an integer value, rather than boolean, for deleting an incomplete scan based on the scan status.

note

These changes are not backward compatible with the -deleteincompletescan parameter available in earlier versions of the Java API Wrapper. If you currently use this parameter, after upgrading the wrapper you must change the value from boolean to one of the accepted integer values.

April 15, 2022

Introducing New Veracode Static Extensions for Visual Studio 2019 and 2022

Veracode Static for Visual Studio version 1.4.0 is a new extension for adding Static Analysis to Visual Studio 2019 and 2022. The new extension for Visual Studio 2019 provides major improvements compared to our current legacy extension for version 2019, which Veracode continues to support.

The extensions include these features:

  • Improved user experience for developers.
  • Powerful Summary View grid for reviewing and managing findings.
  • Streamlined workflow for building, packaging, and scanning your code.
  • Support for policy and sandbox scans.

An extension for each Visual Studio version is available from the Visual Studio Marketplace.

April 12, 2022

Veracode Greenlight Now Supports the New Visual Studio 2019 and 2022

Veracode Greenlight for Visual Studio version 1.3.184.96 is a new extension for adding Greenlight scanning to the newer versions of Visual Studio 2019 and 2022. An extension for each Visual Studio version is available from the Visual Studio Marketplace.

March 9, 2022

Updated Azure DevOps Extension

Veracode Azure DevOps Extension version 3.10.0 includes these changes:

  • TFS 2017 is no longer supported.
  • TFS 2018 support now requires Azure Pipeline Agent 2.196.2 or later.
  • Flaw Importer task can now import custom fields when using custom process templates.
  • Flaw Importer task can now overwrite the area path in work items when importing flaws.