Static Analysis updates
· 26 min read
The updates on this page apply to Veracode Static Application Security Testing (SAST). Updates that apply to specific Veracode regions show a region icon.
For language support specific to Veracode Pipeline Scan, see Pipeline Scan Supported Languages.
March 27, 2025
Updated language and framework support
.NET
- Enhanced support for .NET 9
- Improved detection of CWE-89 flaws
Apex
- Added support for Apex 61 and 62
COBOL
- Improved parsing of COBOL code
Dart and Flutter
- Added support for Dart 3.7 and Flutter 3.29
Go
- Added support for Go 1.24
Java
- Improved detection of CWE-942 flaws
- Enhanced detection of third-party code
JavaScript and TypeScript
- Enhanced detection of third-party code
Python
- Improved detection of hardcoded passwords and credentials (CWE-259 and CWE-798)
PL/SQL
- Improved parsing of PL/SQL code
T-SQL
- Improved parsing of T-SQL code
Other languages
- Improved detection of CWE-259 and CWE-798 flaws across all languages, reducing false positives
February 27, 2025
Updated language and framework support
C/C++
- Improved flaw detection for exported functions.
iOS
- Improved detection accuracy for taint-based flaws.
JavaScript
- Enhanced support for Angular 18.
PL/SQL
- Enhanced flaw detection for out-of-scope code, reducing false positives.
- Improved detection of flaws in variables initialized with a taint source, which might increase the number of reported flaws.
- Enhanced SQL injection detection.
Ruby on Rails
- Added support for Rails 3.4 and Rails 8.
Other languages
- Improved detection for CWE-259 and CWE-798 flaws, reducing false positives across all languages.
- Enhanced flaw descriptions and remediation details for CWE-284 and CWE-115.
- Updated CWE Top 25 to the 2024 version, impacting all policies with Auto-Update CWE Top 25 as a requirement.
January 27, 2025
Updated language and framework support
.NET
- Improved CWE-1174 flaw detection resulting in a reduction in false positives
Dart and Flutter
- Dart 3.6 and Flutter 3.27 support
Java
- Improved third-party code detection
- Improved cleanser detection for CWE-117
JavaScript and TypeScript
- Improved CWE-80 flaw detection
- Improved third-party code detection
PHP
- Enhanced overall flaw detection for PHP, which may lead to an increase in the number of reported flaws
PL/SQL
- Improved parsing for PL/SQL
T-SQL
- Improved SQL injection detection
- Improved parsing for T-SQL
Other languages
- Improved CWE-259 and 798 flaw detection, resulting in a reduction in false positives for all languages
December 17, 2024
Updated language and framework support
.NET
- .NET 8 MAUI support
Go
- Cobra support
iOS
- Enhanced support for iOS 18
- Improved mobile behavioral detection for iOS 18
- Improved Foundation framework support for iOS 18
- Improved HealthKit framework support for iOS 18
- Improved Swift Memory Management support for iOS 18
Java
- Improved third-party code detection
JavaScript
- Added NestJS 10.3.x support