About
Veracode offers a holistic, scalable way to manage security risk across your entire application portfolio. Veracode provides visibility into application status across all common testing types in a single view. When integrated into the Vulcan Platform, you are able to review vulnerabilities and code project assets ingested into the Vulcan Platform, risks, and take remediation actions.
Prerequisites
The Veracode SCA connector uses XML API to pull data. To enable the sync between the Vulcan Platform and Veracode SCA, you need to have the appropriate Veracode API user permission.
Permission required: Reviewer with Results API Role
Note: The connector pulls only data the user has access to.
Configure Veracode SCA Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Veracode SCA icon.
Enter the following information into the connector setup page.
API Key ID and API Key Secret
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Veracode SCA instance, then click Create (or Save Changes).
Allow some time for the sync to complete. You can review the sync status under Log.
To confirm that the sync is complete, navigate to the Connectors tab to check the sync status. Once the Veracode SCA icon shows Connected, the connection is complete.
From Veracode SCA to the Vulcan Platform - Fields Mapping
Connector Fields Mapping
Veracode SCA field | Vulcan field | Value Example |
Application Name | Asset Name | Sast-Scan2 |
Code Project | Asset type |
|
Component/Component Filename | Asset library - Name |
|
Version | Asset library - Version |
|
Publish Date | First Seen |
|
Applications → Specific application → Profile → Tags (separate with commas) | Asset Tags |
|
Vulnerability Status Mapping
Veracode SCA Status | Vulcan Status |
OPEN | Vulnerable |
CLOSED | Fixed |
N/A | Ignored - false/positive |
N/A | Ignored - risk acknowledged |
Vulnerability Score Mapping
Veracode SCA Score | Vulcan Score |
V. High | 10 |
High | 7 |
Medium | 5 |
Low | 3 |
V. Low | 1 |
Info | 0 |
Locate Veracode SCA vulnerabilities in the Vulcan Platform
As Veracode SCA discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. With a large number of assets and potential vulnerabilities discovering specific vulnerabilities via source is made easy with filters.
Go to Vulnerabilities.
Click on the "Search or filter vulnerabilities" search box.
Scroll and select the Vulnerability Source option.
Locate Veracode SCA on the vulnerability source list and click to filter results.
Click on any vulnerability/CVE to view further information and potentially take action by clicking the Take Action drop-down.
Locate Veracode SCA Code Projects assets in the Vulcan Platform
Go to Assets > Code Projects tab.
Click on the Search or filter codeProjects input box and select Connector from the drop-down selection.
Scroll to select the Veracode SCA option and view the results.
Automating Veracode SCA vulnerability remediation actions in the Vulcan Platform
Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Veracode SCA connector.