Overview


About

Veracode offers a holistic, scalable way to manage security risk across your entire application portfolio. Veracode provides visibility into application status across all common testing types in a single view. When integrated into the Vulcan Platform, you are able to review vulnerabilities and code project assets ingested into the Vulcan Platform, risks, and take remediation actions.


Prerequisites

The Veracode SCA connector uses XML API to pull data. To enable the sync between the Vulcan Platform and Veracode SCA, you need to have the appropriate Veracode API user permission.
Permission required: Reviewer with Results API Role

See instructions on how to create an API non-human role on Veracode.

Note: The connector pulls only data the user has access to.


Configure Veracode SCA Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Veracode SCA icon.

  4. Enter the following information into the connector setup page.

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Veracode SCA instance, then click Create (or Save Changes).

  6. Allow some time for the sync to complete. You can review the sync status under Log.

  7. To confirm that the sync is complete, navigate to the Connectors tab to check the sync status. Once the Veracode SCA icon shows Connected, the connection is complete.


From Veracode SCA to the Vulcan Platform - Fields Mapping

Connector Fields Mapping

Veracode SCA field

Vulcan field

Value Example

Application Name

Asset Name

Sast-Scan2

Code Project

Asset type

Component/Component Filename

Asset library - Name

Version

Asset library - Version

Publish Date

First Seen

Applications → Specific application → Profile → Tags (separate with commas)

Asset Tags

Vulnerability Status Mapping

Veracode SCA Status

Vulcan Status

OPEN

Vulnerable

CLOSED

Fixed

N/A

Ignored - false/positive

N/A

Ignored - risk acknowledged

Vulnerability Score Mapping

Veracode SCA Score

Vulcan Score

V. High

10

High

7

Medium

5

Low

3

V. Low

1

Info

0


Locate Veracode SCA vulnerabilities in the Vulcan Platform

As Veracode SCA discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. With a large number of assets and potential vulnerabilities discovering specific vulnerabilities via source is made easy with filters.

  1. Go to Vulnerabilities.

  2. Click on the "Search or filter vulnerabilities" search box.

  3. Scroll and select the Vulnerability Source option.

  4. Locate Veracode SCA on the vulnerability source list and click to filter results.

  5. Click on any vulnerability/CVE to view further information and potentially take action by clicking the Take Action drop-down.


Locate Veracode SCA Code Projects assets in the Vulcan Platform

  1. Go to Assets > Code Projects tab.

  2. Click on the Search or filter codeProjects input box and select Connector from the drop-down selection.

  3. Scroll to select the Veracode SCA option and view the results.


Automating Veracode SCA vulnerability remediation actions in the Vulcan Platform

Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Veracode SCA connector.

Learn how to create automation

Did this answer your question?