Skip to main content

Veracode

Application Security

The Veracode Connector integrates with the Veracode application security platform through its REST APIs. It syncs application profiles and their security findings across all of Veracode's analysis types — Static Analysis (SAST), Dynamic Analysis (DAST), Software Composition Analysis (SCA), and Manual Penetration Testing — into Brinqa's Unified Data Model.

For each finding type the connector produces both a finding record (the occurrence on a specific application or web site) and a finding definition (the reusable weakness/vulnerability definition, keyed by CWE or CVE). It also discovers the assets those findings apply to: applications, dynamically scanned web sites, and open source software components (packages). Application custom fields configured in Veracode are discovered at sync time and added dynamically to the relevant model schemas.

Findings are retrieved by submitting asynchronous report requests to the Veracode Reporting (Analytics) API; the connector polls each report until it completes, then pages through the results.

Data retrieved from Veracode

Connector ObjectRequiredMaps to Data Model
ApplicationYesApplication
SiteYesSite
ComponentYesPackage
Static Code FindingYesStatic Code Finding
Static Code Finding DefinitionYesStatic Code Finding Definition
Dynamic Code FindingYesDynamic Code Finding
Dynamic Code Finding DefinitionYesDynamic Code Finding Definition
Pentest FindingYesPentest Finding
Pentest Finding DefinitionYesPentest Finding Definition
Open Source FindingYesOpen Source Finding
Open Source Finding DefinitionYesOpen Source Finding Definition

Model relationships

note

For detailed steps on how to view the data retrieved from Veracode in the Brinqa Platform, see How to view your data.