Skip to main content

Dynamic Analysis Updates - Commercial

· 4 min read

February 27, 2023

Set URL Scan Settings at the Organization Level

You can now use the Dynamic Analysis REST API to set URL scan settings for all analyses and scans in an organization.

February 17, 2023

New Manual Resume Feature for Paused Analyses

Veracode Dynamic Analysis adds a new feature that enables you to manually resume a scheduled analysis from a paused state. This feature is only available upon request. To add this feature to your account, contact Veracode Technical Support.

January 20, 2023

Renamed URL Scan Status Messages

Veracode has renamed and changed the descriptions for the following URL scan status messages for Dynamic Analysis. The new names more accurately describe the issues that caused these status messages to appear in the Veracode Platform.

  • Killed - Partial Results Available is now Lockout - Partial Results Available.
  • Killed - Verifying Partial Results is now Lockout - Verifying Partial Results.

December 19, 2022

New ISM Endpoint Version Available

Veracode Dynamic Analysis Internal Scanning Management (ISM) endpoint version 22.12.3 improves endpoint logging and fixes an endpoint issue.

October 18, 2022

API Scanning Adds Support for Scriptable Request Modification

Veracode API Scanning adds a new option for using JavaScript to modify an HTTP request, at runtime, when authenticating with a remote host.

October 5, 2022

New Similarity Threshold for Web Applications

When configuring an analysis of a web application, you can now set a threshold for ignoring similar web pages during the analysis.

September 7, 2022

Dynamic Analysis Now Creates Screenshots for Consecutive Login Failures

The Veracode scan engine now creates a verification screenshot if it is unable to log in to a target application after 50 attempts. The screenshot image shows when and where in the scanning process the failed login attempts occurred. You can use this information for troubleshooting.

August 2, 2022

New Historical Details for Dynamic Analyses and Scans

You can now view detailed information about all past occurrences of both a dynamic analysis and its scans.

May 18, 2022

Re-Enabled Pause and Resume for Scheduled Analyses

When scheduling a Dynamic Analysis, you can now set it to pause and resume scanning at specific days and times. Veracode disabled this option on October 7, 2021.

April 28, 2022

New Status Messages for Partial Scan Results

Dynamic Analysis now provides status messages that indicate when Veracode is verifying partial results and when partial results are available for review. Partial results can occur when a scan stops prematurely due to:

  • Errors during scanning
  • Users stopping the scan early
  • The scan exceeding its configured duration

March 23, 2022

API Scanning Adds Support for OpenID Connect to OAuth 2.0

Veracode API Scanning adds a new option to specify an OpenID Connect URL when configuring OAuth 2.0 authentication.

March 10, 2022

Dynamic Analysis Adds Support for Concurrent Browsers Running Dynamic Analysis Scans

Veracode Dynamic Analysis now supports concurrent browsers for running multiple Dynamic Analysis scans at the same time. When configuring a web application scan, you can specify up to 12 concurrent browsers.

March 8, 2022

API Scanning Adds OAuth 2.0 Authentication and Analysis History Options

Veracode API Scanning includes these changes:

  • New option to configure OAuth 2.0 authentication for the API endpoints in your API specifications. You can select to use either the Client Credentials or Password Credentials grant type.
  • New Associated Analysis field on the API Specification Details page for a given API specification. This field provides options for viewing, reconfiguring, and rerunning previous scans.

March 3, 2022

Dynamic Analysis Now Detects Log4j Vulnerability CWE-115

Veracode Dynamic Analysis can now detect Log4j vulnerability CWE-115 when scanning web applications or API specifications.

February 4, 2022

Updated Dynamic Analysis Scan Engine

The Dynamic Analysis scan engine includes these updates:

  • Updated Chromium to version 98.0.4758.80
  • Log4j security updates
  • Improved connectivity when authenticating with Veracode
  • Fix for insecure cookies that prevented flaw matching

January 25, 2022

ISM Endpoint Upgraded to Log4j 2.17.1

An updated Veracode Dynamic Analysis Internal Scanning Management (ISM) endpoint version is now available. Updates include an upgrade to Log4j 2.17.1 to address known vulnerability CVE-2021-44832 and improvements to connection stability and usage diagnostics.