Platform updates
The updates on this page apply to the Veracode Platform. Updates that apply to certain regions are marked with a region icon.
March 24, 2025
Map multiple domains to a single identity provider 
If you've configured single sign-on (SSO) to use service provider (SP)-initiated Security Assertion Markup Language (SAML), you can now map multiple domains to a single identity provider (IdP) for an organization. For more information, see Service provider-initiated SAML authentication.
March 7, 2025
Reporting REST API now available in European Region
The Reporting REST API is now available in the European Region. To access this API, submit a request to Veracode Technical Support via an email to [email protected]. For more details about the Reporting API, see the Veracode documentation.
March 6, 2025
Customizable PDF displays SCA Component License Risk policy compliance
The Customizable PDF takes into account policy rules for SCA Component License Risk. The components' license risk policy compliance status will now be displayed in the Executive Summary and Detailed SCA Findings by Component sections of the report.
February 19, 2025
Upgrade to Looker 24.18 
Veracode has upgraded Veracode Analytics to use Looker version 24.18 in the United States Federal region.
SCA Component Blocklist rule removed from built-in policies
Veracode has removed the SCA Component Blocklist rule from the built-in Veracode Recommended policies in the United States Federal Region instance. This change does not impact policy compliance for existing applications. For more details, see the Product Announcement on the Veracode Community.
February 18, 2025
New look for Veracode Platform pages
The following pages in the Veracode Platform have an updated look and feel, and support light and dark mode based on your selected theme.
- Platform Home
- Your Account Settings
- API Credentials
- Notification Settings
These updated pages and theme settings are currently available to a limited set of users in the Commercial region. Veracode is gradually updating more pages and will make them available in other regions in future updates.
February 12, 2025
Customize columns in the All Users table
Administrators can now select the Set Columns button to customize the All Users table on the Administration page.
February 7, 2025
Customer Managed Encryption Keys
Veracode Customer Managed Encryption Keys (CMEK) allows you to encrypt your data in Veracode Platform using your own root encryption key. With CMEK you can:
- Control encryption and access to your data
- Manage your root encryption key in your KMS
- Configure Veracode application profiles to use your root encryption key
- Periodically rotate your root encryption key
This feature is available for both new and existing application profiles.
February 5, 2025
SCA Component Blocklist rule removed from built-in policies
Veracode has removed the SCA Component Blocklist rule from the built-in Veracode Recommended policies in the European Region instance. This change does not impact policy compliance for existing applications. For more details, see the Product Announcement on the Veracode Community.
January 30, 2025
SCA Component Blocklist rule removed from built-in policies
Veracode has removed the SCA Component Blocklist rule from the built-in Veracode Recommended policies in the Commercial Region instance. This change does not impact policy compliance for existing applications. For more details, see the Product Announcement on the Veracode Community.
January 28, 2025
Reporting REST API v1.4
Veracode has released Reporting REST API version 1.4. This update adds support for filtering Findings and Scans reports using development sandbox IDs. The API specification is available on SwaggerHub.
January 23, 2025
Upgrade to Looker 24.18
Veracode has upgraded Veracode Analytics to use version 24.18 of the Looker platform in the Commercial and European regions.
January 6, 2025
Longer passwords required
Veracode has changed the minimum length for passwords from 8 characters to 10. For existing users, this change will take effect the next time you change your password.
December 16, 2024
US Federal region status page
You can now get status about planned maintenance events and incidents, and subscribe to notifications for the US Federal region at the new US Federal region status page, available at https://status.veracode.us.
November 22, 2024
Updated SCA Findings dashboard
The SCA Findings dashboard includes the following improvements:
- Libraries with Vulnerable Methods: The Library Issues Count measure is now called Libraries Count to provide a more accurate representation of impacted libraries.
- How Risky Are My Licenses?: The Vulnerability Count measure is now called Issue Count to improve consistency with other metrics.
November 22, 2024
PCI 4.0 support
The Veracode PCI Report now supports the latest version of the PCI standard.
October 9, 2024
Custom roles for user accounts and API service accounts
You can now create, edit, and manage unique, tailored roles for more precise control over user access and permissions in your organization. With custom roles, you can:
- Design new roles with specific permissions
- Create new roles from existing roles to adapt to changing business needs
For more details, see the Veracode documentation and the updated Identity API specification on SwaggerHub.
September 30, 2024
New Scans report available for the Reporting API
The Reporting REST API can now generate a Scans report. Similar to the existing Findings report, you can query Veracode Analytics for information about Static Analysis, linked Dynamic Analysis, and Manual Penetration Testing scans.
For more details, see the Reporting API specification on SwaggerHub.
September 13, 2024
New status and maintenance REST API endpoint
The REST API endpoint for checking the current status and upcoming maintenance schedule for Veracode services has changed from https://api.status.veracode.com/status to https://status.veracode.com/api/v2/summary.json. Veracode recommends you move any automation to the new endpoint as soon as possible.
The previous endpoint will be retired on October 31, 2024.
September 9, 2024
The Manual Testing API has been migrated to the Findings API
Veracode has moved all functionality of the Manual Testing REST API to the Findings REST API. All endpoint signatures and response objects remain the same. However, the following input parameters have been updated:
- The
scanGUID parameter forgetScanhas been replaced with integerscanId.scanIdis found in the getScans response. - The
scanGUID parameter forgetFindingshas been replaced with integerscanId.scanIdis found in the getScan response. - The
findingGUID parameter forgetFindinghas been replaced with integerfindings[].id.findings[].idis found in the getFindings response.
The Findings API specification is available on SwaggerHub for more details.
August 13, 2024
Upgrade to Looker 24.6
Veracode has upgraded Analytics to use version 24.6 of the Looker platform in the Commercial and European regions.
June 20, 2024
Project scan IDs added to Reporting API
Added the following fields to the Findings report of the Reporting API for findings from agent-based scans that are linked to applications:
original_project_scan_id: The original project scan in which an SCA agent identified the application-linked finding.latest_project_scan_id: The most recent project scan in which an SCA agent identified the application-linked finding.
Changes to dates for application-linked SCA agent findings in Analytics
Veracode Analytics and the Reporting API have updated how they determine the values for date fields of agent-based scan findings that are linked to applications. The following fields now retrieve data from the agent-based scanning history instead of the SCA upload scan history:
- First Found Date
- First Found in Application Date
- Library First Found in Active Scans Date
- Last Found Date
- Reopened Date
- Fixed Date
This update impacts the following fields because they derive data from the updated fields listed above:
- Resolved Date
- Grace Period Expiration Date
- Flaw Age
May 6, 2024
New columns in SCA License Risk Data Export report
The SCA License Risk Data Export report now includes the following columns:
- Business Unit for applications associated with SCA upload scans
- Project Name for SCA agent-based scanning projects
- Library Version for libraries found in SCA agent-based scans
- Last Scanned Date and SPDX ID for libraries found in SCA agent-based scans or upload scans
April 28, 2024
Upgrade to Looker 24.0
Veracode has upgraded Analytics to use version 24.0 of the Looker platform. Key updates include:
- AND/OR filtering
- Performant field picker
- Quick resize and tile repositioning
The complete list of changes is available in the Looker documentation.
April 10, 2024
Add a Git repository to application metadata
You can now add the URL of a Git repository to the application profile metadata using the Applications REST API and the Veracode Platform.
April 4, 2024
Veracode Analytics updates
The Veracode Analytics Findings explore includes the following improvements:
- Updated the Policy Rule Passed (Yes / No) field to match the new policy logic changes to findings from a Software Compsition Analysis (SCA). If SCA findings violate policy, but are within the grace period, the Veracode Platform does not report them as not passing policy, or "No".
- Added a new Findings Policy Status field that you can use to tag findings that violate policy and are within grace period as Conditional Pass.
- The SCA Agent-Based Scan Issues page now provides data about the projects and workspaces that generated the issues.
April 3, 2024
Learning paths and improved docs search
The Veracode Documentation has the following improvements:
- New Learning paths provide a sequence of videos and documentation that walk you through using Veracode products. For example, the steps show you how to prepare applications for scanning, run a Static Analysis or Dynamic Analysis in the Veracode Platform, and then review the results. By following these paths, new users can onboard and experienced users can gain a deeper understanding of Veracode products, features, and best practices.
- New search experience that helps you more easily search across all documentation and filter the results.
March 26, 2024
Add Git repository to application metadata
You can now specify the URL of a Git repository in the application profile metadata using the Applications REST API and the Veracode Platform.
November 27, 2023
Free trial of DAST Essentials
Veracode now offers a free 14-day trial of DAST Essentials in the Veracode Platform. To sign up, on the Sign in page, select Sign Up to create your account. If you are a Veracode customer and want to try DAST Essentials, contact your sales associate.
November 27, 2023
Free trial of DAST Essentials
Veracode now offers a free 14-day trial of DAST Essentials in the Veracode Platform. To sign up, on the Sign in page, select Sign Up to create your account. If you are a Veracode customer and want to try DAST Essentials, contact your sales associate.
October 17, 2023
New Veracode Analytics fields available
The new Second Party Component and Fixable (Yes / No) fields in the Veracode Analytics Findings explore are now available.
October 16, 2023
New Veracode Analytics fields available in European Region
The new Second Party Component and Fixable (Yes / No) fields in the Veracode Analytics Findings explore are now available in the European Region.
September 29, 2022
New Application Security Platform features available in European Region
The following features are now available in the European Region.
- CWE Top 25 now reflects 2022 version
- Issue vulnerability count update in Analytics
- Sandbox Information Available in Unsubmitted Scans Report
July 19, 2023
Upgrade to Looker 22.20
Veracode has upgraded Analytics to use version 22.20 of the Looker platform. All existing dashboards now reflect the new Looker experience.
This upgrade introduces a known issue that prevents you from scrolling in the Timeline visualization. Additionally, you may experience an issue that automatically enables the Row Totals column in some pivot tables, which can cause rows to be double counted in stacked visualizations. To fix this issue, edit the dashboard and visualization, clear the Row Totals option, and save your changes.
Updated Security Program Overview Dashboard
The default number of applications displayed in the What is my policy compliance over time? section of the Security Program Overview dashboard in Veracode Analytics has decreased from 100 to 25.
To view additional applications, customize the visualization and adjust the Application Rank by Published Date Descending filter.
July 15, 2022
CWE Top 25 Now Reflects 2022 Version
The Auto-Update CWE Top 25 security standard that you use in Veracode policies now reflects the 2022 CWE Top 25 list.
June 28, 2022
Updated Single Sign-On and Just-In-Time Provisioning
New single sign-on (SSO) and Just-In-Time (JIT) provisioning capabilities in the Veracode Platform improve reliability and supportability and extend the roles that JIT provisioning supports. Before using this feature, you must update your SSO settings in your identity provider.
To begin the process of enabling these capabilities, contact Veracode Support.
May 19, 2022
The Issues Vulnerability Count Measure Changed
Issues Vulnerability Count now includes only issues where the Issue Type is a Vulnerability Issue. In the past, this measure included the count of Vulnerability, License, and Library issues. The calculation of Issues Vulnerability Count is still based on the filters you select.
- Issues Issue Count: count of issues, regardless of type
- Issues Vulnerability Count: count of vulnerability issues
- Issues Libraries with Issues: total number of unique libraries with at least one issue
May 10, 2022
Sandbox Information Available in Unsubmitted Static Scans Data Export
Veracode has added sandbox information to the Unsubmitted Static Scans data export to make it easier to find the incomplete static scans for an application.
SCA dashboards available in Analytics
Data from Veracode Software Composition Analysis (SCA) agent-based scans and upload scans is now available in Veracode Analytics for the European Region. The predefined Veracode dashboards, including the SCA Findings dashboard, now contain SCA scan data. You can also use the Findings, SCA Agent-Based Scans, and SCA Agent-Based Scan Issues data explores for custom reporting.
May 6, 2022
End of Support for Internet Explorer 11
Veracode will no longer support Microsoft Internet Explorer 11 after June 30, 2022. This change follows the Microsoft updates to its support model for Internet Explorer. Veracode recommends that you switch to a supported browser to avoid issues.
Official Support for Microsoft Edge
The Veracode Docs are updated to confirm that Microsoft Edge is a supported browser.
May 3, 2022
Support cases and scheduled consultations now available
You can now raise a support case and schedule a consultation from the Veracode Platform in the European Region.
Veracode Platform services updated to current versions
Applications and policies for the European Region now run on the current versions in the Veracode Platform.
April 4, 2022
Improved Team Management in the Veracode Platform
March 22, 2022
View Applications by Policy Evaluation Date
You can now view the date and time of the most recent event that triggered a policy evaluation for an application in a new field in the Applications REST API and the Applications list in the Veracode Platform. You can use this field to search for applications that have had new scans or approved mitigations since the listed date.