Create and run a web application scan
You can create a Dynamic Analysis in the Veracode Platform for scanning a web application.
Before you begin:
You must have the Administrator, Creator, Submitter, or Security Lead role to create and submit a Dynamic Analysis.
Veracode does not support running Dynamic Analysis scans through a VPN.
To complete this task:
-
In the Veracode Platform, select Scans & Analysis > Dynamic Analysis.
The All Dynamic Analyses page opens.
-
Select Scan Web Applications.
-
Enter a name for the Dynamic Analysis. Use a name that uniquely identifies the analysis within your organization. For example, use the scan name, the team, or business unit responsible for this web application as the name of the Dynamic Analysis.
-
Enter the URLs using one of these methods:
-
Upload a CSV file that contains a list of multiple URLs (250 maximum). Download the CSV template, enter all URLs and their respective credentials, save the file, and upload the saved file.
-
Enter the URLs manually (250 maximum). As you enter the URLs, they appear in the URLs to Scan list.
-
-
From Actions at the end of each URL row, you can link to an application or delete the URL from the Dynamic Analysis.
-
In the Visibility Settings section, select who can see the results of the Dynamic Analysis. Visibility settings apply to all the URL scans in the analysis.
-
Optionally, in the Organization Information section, select the business unit associated with the applications you are scanning and the name and email address of the person responsible for the applications.
-
In the Scanning Certification section, you must select the checkbox to confirm that your organization has the right to scan the URLs you have provided.
Next steps:
- Select Configure to optionally modify the default configuration of the Dynamic Analysis and the individual URL configurations.
- Select Schedule to optionally indicate when you want the Dynamic Analysis to start and how long you want it to run.
- Select Review and Submit if you do not want to provide any other information.