Skip to main content

Applications explore data dictionary

The following definitions describe the dimensions and measures used on the applications explore in Veracode Analytics.

Application dimensions

DimensionDescription
Application Custom FieldsThe metadata entered in application custom fields 1-25. Located from Application > Metadata > Asset > Custom Fields.
Application IDThe unique numerical identifier associated with the application profile, provided by Veracode.
Application NameThe name of the application, created by the user when creating an application on the Veracode Platform.
Application Passed Policy (Yes/No)Determines if the application did or did not pass policy compliance. Values are Yes or No.
Application PurposeThe business purpose of the application, located from the application metadata.
Application Rescanned (Yes/No)Determines if the application was rescanned. Values are Yes or No.
Application Scanned (Yes/No)Determines if the application was scanned. Values are Yes or No.
Archer Application NameThe application name where the data is published to Archer. Located from Application > Metadata > Archer Name.
Business CriticalityThe business criticality of the application ranging from very high to very low.
Business Owner EmailThe email address associated with the business owner of the application.
Business Owner NameThe first and last name of the user responsible for the application. Located from Application > Profile > Organizational Information.
Business UnitThe name of the business unit.
Created DateThe date the application was created.
Current PolicyThe current policy associated with the application.
Current Policy ComplianceThe application policy compliance based on the latest scan results.
Current Veracode LevelThe Veracode Level achieved by an application, which allows a user at a glance to see the how their application measures against best practises. The Veracode Level is determined by the type of scans performed, severity of flaws detected, and/or the security score achieved. Values are 1,2,3,4,5, with 5 being the highest.
Current Veracode Level Without MitigationsThe current Veracode level achieved by an application not including mitigations.
Deployment MethodThe type of deployment method for the application.
Dynamic Scan Due DateThe date by which a dynamic scan must run, per the application policy. If the date is in the past, the due date was missed.
Dynamic Scan FrequencyThe dynamic scan frequency, such as weekly, monthly, quarterly, that the policy determines for the application.
IndustryThe type of industry for which the application is used. Located from Application > Metadata > Industry.
First Published DateEarliest date that the scan for the application was published.
Initial Published DateThe earliest date that a scan for the application was published.
Latest Language ScannedEarliest date that the scan for the application was published.
Latest Published DateThe most-recent date that a scan for the application was published.
License AccountScans licensed by this account. For third-party applications, it is the account that paid for the scan. For SDLC applications, it is the same as the scanning account.
License TypeThe type of license: SDLC license or Third-party license. Most applications are software delivery lifecycle (SDLC) license, third-party license type is not commonly used. Veracode offers you the ability to scan your software supplier partners through the Veracode Platform. Values are either SDLC for internal testing of first-party software or third-party for permitting a software supplier to test the code they are developing for the Veracode user.
Manual Penetration Test Due DateThe date by which a manual penetration test is required, per the application policy. If the date is in the past, the due date was missed.
Manual Penetration Test FrequencyThe manual penetration test frequency, such as weekly, monthly, quarterly, that the policy determines for the application.
Number of Dynamic ScansThe number of dynamic scans of the application.
Number of Static ScansThe number of static scans of the application.
Requested a ConsultationVeracode offers the ability to schedule a consultation with application security consultants to better understand Veracode scanning and results. Values are No Readout Requested or Readout Requested based on if the application has had a consultation requested.
Scanning AccountThe account where scans occurred. For software delivery lifecycle (SDLC) applications, it is the same as the licensed account. For third-party applications, it is the vendor account. Third-party applications are not commonly used.
Scanning StatusThe scanning status for the application. Values are DynamicMP + SDLC, DynamicMP Only, No Published Policy Scans, and SDLC only.
Static Scan Due DateThe date by which a static scan must run, per the application policy. If the date is in the past, the due date was missed.
Static Scan FrequencyThe static scan frequency, such as weekly, monthly, quarterly, that the policy determines for the application.
Tags ListThe list of tags for the application that are added from the application metadata. Veracode allows users to provide a tag to organize their applications as part of the application metadata.
Target Veracode LevelThe application's Target Veracode Level.
Teams ListThe list of teams and security lead teams who need access to the specific applications and scan results.
Web Application FlagDetermines if the application is a web application or not.

Application measures

MeasureDescription
Application Scan CountsThe total count of applications scanned, rescanned, and not scanned in the past 90 and 365 days.
Applications with ConsultationsThe count of applications for which security consultations have been requested.
CountThe count of distinct application IDs
Percentage of Applications with Consultation RequestsThe percentage of applications for which a consultation call was requested.

Applications policy compliance history dimensions

DimensionDescription
Calendar DateThe calendar date, month, quarter, week, and year.
Days Since Last ScanDays from last scan to calendar date.
Policy Compliance StatusApplication policy compliance status: Calculating..., Conditional Pass, Did Not Pass, Pass, or Not Assessed.
Published DateThe published date of the last scan.

Applications policy compliance history measures

MeasureDescription
Days in ComplianceNumber of days that an application is in compliance.
Days Since Most Recent ScanNumber of days from most recent published date to current day.
Months in ComplianceNumber of months that an application is in compliance.

Security consultation dimensions

DimensionDescription
First NameThe first name of the user who requested a consultation.
Last NameThe last name of the user who requested a consultation.
Request DateThe date the consultation was requested.

Security consultation measures

MeasureDescription
CountThe count of consultations requested for the application.