Skip to main content

Reviewing scan results

The Results page provides a single point of reference for the results of all completed scans. From this page you can download reports, bookmark reports, and schedule a consultation call with Veracode Technical Support.

In the Veracode Platform, select an application and select Results in the left navigation menu to go to the Results page.

Results reports

From the Results page, you can download reports, bookmark reports, share results, and request a scan results consultation call with Veracode Technical Support. You can also view the Veracode and PCI Compliance reports.

Select Veracode Report or PCI Compliance Report to open these reports. The Veracode Report contains the same information as the Detailed Report that you can download from the Results page. The Veracode Report summarizes the security flaws identified during this scan, explains how the application fared against the associated policy controls, and outlines the Veracode recommendations. The PCI Compliance Report provides guidance on how to fix the discovered flaws to achieve PCI compliance and how the application performed against the PCI policy.

From the Results page, you can use the buttons to:

Download Reports

Select the Download button to view the drop-down menu of reports you can download.

Bookmark this Report

You can bookmark this results page, enabling you to come back to it later.

Share this Report

If you have a vendor-enterprise relationship with other organizations, you can share scan results using this button.

Schedule a Consultation

If you want to receive assistance in interpreting your scan results, select this button to schedule a consultation call with Veracode Technical Support.

Policy evaluation

The Policy Evaluation section of the Results page provides an overview of how the application fared against its associated policy.

The policy evaluation indicates if the application was assessed against rules, required scans, and a remediation grace period. The Veracode Level the application achieves is based on the security score it receives after the scans.

Select the scan names in the Static, Dynamic, and Manual columns to go to the overview pages to see more details of the scan results.

Summarized results

The Summarized Results section of the Results page provides an overview of all the flaws by severity and status, as well as a summary of the top risks and how your metrics data is trending.

At a glance, you can see the number and types of flaws the application currently contains.

Open Flaw Severities shows open flaws characterized by potential impact to confidentiality, integrity, and availability of the application as defined in the CVSS.

SeverityCVSS rating (SCA and MPT only)Description
5 - Very High8.1-10These lines of code have a very serious weakness and are an easy target for an attacker. Fix this finding immediately to avoid potential attacks.
4 - High6.1-8These lines of code have a serious weakness and are an easy target for an attacker. Fix this finding immediately to avoid potential attacks.
3 - Medium4.1-6These lines of code have a moderate weakness and might be an easy target for an attacker. Fix this finding after fixing all Very High and High findings.
2 - Low2.1-4These lines of code have a low weakness. Consider fixing this finding after fixing all Very High, High, and Medium findings.
1 - Very Low0.1-2These lines of code have a very low weakness. The finding might indicate other problems in the code, but you do not need to mitigate it.
0 - Informational0These lines of code have an issue with no impact on the security of the application, but the finding might indicate other problems in the code. You can safely ignore this issue.

Remediation Status data shows the number of flaws found in an application, characterized by remediation status.

StatusScan typeDescription
NewPolicyThe number of flaws that Veracode did not find in any previous policy scan.
NewSandboxThe number of flaws that Veracode did not find in any previous scan.
OpenPolicyThe number of flaws Veracode found in a previous policy scan.
OpenSandboxThe number of flaws Veracode found in a previous scan, not necessarily within this sandbox.
ReopenedPolicy or SandboxThe number of flaws Veracode found in a previous scan within the sandbox or policy scan, not found in a subsequent scan within the sandbox or policy scan, but found again in the current scan.
FixedPolicy or SandboxThe number of flaws Veracode found in a previous scan within the policy or sandbox scan, but did not find again in the current scan.
MitigatedPolicy or SandboxThe number of flaws that someone approved as mitigated by OS environment, mitigated by network environment, and mitigated by design.
Potential False PositivePolicy or SandboxThe number of flaws that someone approved as a potential false positive.

Trend Data shows the history of the scans and their scores over time. You can hover over data points on the chart to view the name, date, and score of each scan.