Onboarding

Step 1

Required

Learn how to Create an Application Profile (~3.5 min). You can also read what is an application profile and what to consider when creating one for more details.

Watch this video to learn how to create a new application profile in the Veracode Platform.

Optional

User roles

Watch User roles and permissions (~6.5 min) to see what roles a user must have to gain the privileges they need to perform their job.

Watch this video to learn about the user roles and permissions you can add to a Veracode user account.

Learn how to Create a team (~2.5 min) and Create a User (~5 min) if you are an administrator who will manage members of your organization.

Create a team

Watch this short video to learn how to create a team in the Veracode Platform.

Create a User

Watch this video to learn how to create a user account in the Veracode Platform.

Step 2

To quickly get set up and start running a static scan, complete the following steps, which should take about 10 minutes.
If you haven't already, learn how to Create an Application Profile (~3.5 min) Optionally, to see how the static scan process works using a demo file, view the Static Analysis quickstart (~6 min).
Optionally, we have a handy Packaging cheat sheet for reference, or see how to Package your Application with a Java example (~6.5 min) or how to Package your application with a .NET example (~8.5 min). Learn how to Upload, Prescan, and Scan your packaged application (~8 min)

Where can I get help with packaging and module selection? If you have read the above guidance but want to speak to someone that can help, you can schedule a consultation with an Application Security Consultant who will be able to guide you through the process.

Schedule a consultation

Consultation calls provide you the opportunity to get assistance with configuring and running a scan or with interpreting the findings in your application. During scan configuration calls, Veracode can answer specific questions you have about your scan configuration or walk you through the best practices for setting up your scan. During scan results calls, Veracode can help you understand the significance of the findings and provide guidance on remediation and mitigation.

Before you begin:

To enable consultation calls, you must meet these requirements:

• You have an Enhanced Support subscription. If you have not purchased a subscription, contact support@veracode.com for more information about the support options.
• You have the necessary Veracode Platform role:
  • Scan configuration calls require the Creator, Security Lead, or Submitter role.
  • Scan results calls for policy scans require the Executive, Reviewer, or Security Lead role.
  • Scan results calls for sandbox scans require the Sandbox User role.
• For scan results calls, you have results available.

If you have a scan configuration call scheduled, you cannot schedule any additional consultations for your application.

You can have one scan results call scheduled at a time for policy scans in addition to one for each sandbox.

note

To be included on all consultation calls for your organization, contact your Veracode account manager.

To complete this task:

1. Go to the appropriate page on the Veracode Platform.

   • For calls concerning scan configuration, go to the application overview page.
   • For calls concerning scan results of policy scans, go to the application overview page, the Results page, or the Triage Flaws page of the latest results for the application.
   • For calls concerning scan results of sandbox scans, go to the Sandbox Results page.

2. Select Schedule a Consultation to open the schedule window.

3. Select the type of assistance you need.

   • Understanding how to configure and run a scan
   • Understanding my scan results
   note

   While a scan is being promoted from sandbox to policy, the Understanding my scan results radio button is disabled. This option is available when the scan finishes promotion to policy.

   Even if you have sandbox results, you can discuss only policy scan results in scan results calls scheduled from the Application page.

4. Select the type of consultation:

   • Specific Questions
   • General Walkthrough

5. Select the scan type you want to review.

6. If you select Specific Questions, select any of the options that apply to your questions, and enter details in the free-text fields.

7. Select Next.

8. In Your Details, enter your name, select your timezone, and enter your email address.

9. In Additional Call Attendees, add the email address for all the other people attending the consultation. There is no limit to the number of attendees you can invite.

10. Select Next.

11. Select the date and time in which you want to have the consultation.

12. Select Schedule.

    note

    If you schedule a Manual Penetration Testing consultation, you are prompted to provide three possible times when you can receive the consultation call.

Results:

Your consultation call is scheduled with Veracode.

note

If you need to cancel a consultation, please cancel it on the Veracode Platform or by contacting support@veracode.com at least 24 hours in advance. Declining the meeting invite does not cancel the meeting. If you do not cancel a scheduled consultation call at least 24 hours before the scheduled time, you incur a deduction of up to 2 hours of support or service hours from your account.

Banana

This is a banana 🍌