Managing application profiles
The application profile describes your application, identifies the policy to evaluate the application with, and provides metadata that enables a thorough analysis of security performance across all the applications in your organization.
To access the Applications page, click All Applications on the Veracode Platform homepage.
From the Applications page, you can:
- Add an application to the portfolio.
- Bulk-add several applications at one time to the portfolio.
- Edit an existing application profile.
- Delete an existing application profile.
You can also manage application profiles with the Applications REST API.
You must have the appropriate roles to perform the application profile tasks.
The following table lists some of the common application architectures and the number of application profiles you might need to create for each architecture.
| Application architecture | Number of application profiles |
|---|---|
| Monolith or single application | One |
| Front-end and back-end | Two |
| Microservices | Multiple |
| Customized versions of the same codebase | Multiple |
| Application Suite | Multiple |
Considerations for application profiles
When you create an application profile for Static Analysis, consider the following:
- The policy you select in an application profile applies to all applications associated with that application profile.
- Flaws, mitigations, and comments are specific to an application profile. You cannot transfer them to another application profile. To match flaws between scans, see flaw matching. There are several Community projects that allow you to copy some of this information.
- Don't associate a binary or a source file directory with multiple application profiles unless an application uses it as a library or framework.
- Profiles for applications such as web pages or desktop applications require an entry point to access the functions and data in the application associated with the application profile.
- Ensure that all dependencies (binary or source code) are packaged along with the corresponding application so that they are mapped to the relevant application profile. Do not create a separate application profile for binary or source code that cannot be accessed directly (over the network or through the CLI).
- For compiled languages, such as C, C++, Java, and .NET, do not place multiple versions of the same library in the root of a packaged application being scanned. Instead, add each version of this library to separate WAR files, or statically compile each version into separate applications.
- Some Veracode Static Analysis licenses limit the number of application profiles you can create and use. If you are not sure if these limitations apply to your licenses, please contact your Veracode Customer Success Manager.
- To ensure consistent scan results, upload the same packaged application files for each scan. Various features, such as flaw matching, in application profiles rely on consistent uploads of the same application.
- Scans of small uploads usually take less time to complete. If you use a single application profile to upload a large, complex application, the scan can take a long time to complete, and you might get inconsistent results.