Static Analysis updates

March 27, 2025 · 26 min read

The updates on this page apply to Veracode Static Application Security Testing (SAST). Updates that apply to specific Veracode regions show a region icon.

For language support specific to Veracode Pipeline Scan, see Pipeline Scan Supported Languages.

March 27, 2025

Updated language and framework support

.NET

Enhanced support for .NET 9
Improved detection of CWE-89 flaws

Apex

Added support for Apex 61 and 62

COBOL

Improved parsing of COBOL code

Dart and Flutter

Added support for Dart 3.7 and Flutter 3.29

Go

Added support for Go 1.24

Java

Improved detection of CWE-942 flaws
Enhanced detection of third-party code

JavaScript and TypeScript

Enhanced detection of third-party code

Python

Improved detection of hardcoded passwords and credentials (CWE-259 and CWE-798)

PL/SQL

Improved parsing of PL/SQL code

T-SQL

Improved parsing of T-SQL code

Other languages

Improved detection of CWE-259 and CWE-798 flaws across all languages, reducing false positives

February 27, 2025

Updated language and framework support

C/C++

Improved flaw detection for exported functions.

iOS

Improved detection accuracy for taint-based flaws.

JavaScript

Enhanced support for Angular 18.

PL/SQL

Enhanced flaw detection for out-of-scope code, reducing false positives.
Improved detection of flaws in variables initialized with a taint source, which might increase the number of reported flaws.
Enhanced SQL injection detection.

Ruby on Rails

Added support for Rails 3.4 and Rails 8.

Other languages

Improved detection for CWE-259 and CWE-798 flaws, reducing false positives across all languages.
Enhanced flaw descriptions and remediation details for CWE-284 and CWE-115.
Updated CWE Top 25 to the 2024 version, impacting all policies with Auto-Update CWE Top 25 as a requirement.

January 27, 2025

Updated language and framework support

.NET

Improved CWE-1174 flaw detection resulting in a reduction in false positives

Dart and Flutter

Dart 3.6 and Flutter 3.27 support

Java

Improved third-party code detection
Improved cleanser detection for CWE-117

JavaScript and TypeScript

Improved CWE-80 flaw detection
Improved third-party code detection

PHP

Enhanced overall flaw detection for PHP, which may lead to an increase in the number of reported flaws

PL/SQL

Improved parsing for PL/SQL

T-SQL

Improved SQL injection detection
Improved parsing for T-SQL

Other languages

Improved CWE-259 and 798 flaw detection, resulting in a reduction in false positives for all languages

December 17, 2024

Updated language and framework support

.NET

.NET 8 MAUI support

Go

Cobra support

iOS

Enhanced support for iOS 18
Improved mobile behavioral detection for iOS 18
Improved Foundation framework support for iOS 18
Improved HealthKit framework support for iOS 18
Improved Swift Memory Management support for iOS 18

Java

Improved third-party code detection

JavaScript

Added NestJS 10.3.x support

November 21, 2024

Updated language and framework support

.NET

Initial support for .NET 9

Go

Go 1.23 support

iOS

Improved Contacts framework support

T-SQL

Improved scan performance

October 31, 2024

Updated language and framework support

.NET

Improved third-party detection

Java

Added JDK 23 support
Improved Spring Security 5 and 6 support
Improved CWE-352 flaw detection
Improved CWE-80 flaw detection resulting in a reduction in false positives
Improved third-party detection

JavaScript

Improved CWE-80 and CWE-601 flaw detection resulting in a reduction in false positives
Improved third-party detection

September 26, 2024

Updated language and framework support

.NET

Improved cleanser detection for CWE-113

Android

Initial support for Android 15

Go

Enhanced Go AWS Lambda package support

iOS

Enhanced support for iOS 17
Improved CWE-259 and 798 flaw detection, resulting in a reduction in false positives

Java

Improved handling of detected third-party class files in Uber JAR applications and third-party JAR files in WAR, EAR, and Spring Boot applications. As a result, analysis is more concise and accurate, resulting in both improved scan performance and more accurate findings
Improved CWE-73 and 327 flaw detection
Improved third-party detection

PHP

Added Laravel Blade and Views support

PL/SQL

Improved SQL parsing support

Ruby on Rails

Rails 7.2 support

T-SQL

Improved SQL parsing support

Other languages

Improved CWE-259 and 798 flaw detection, resulting in a reduction in false positives for all languages

September 16, 2024

Updated language and framework support

iOS

Initial support for iOS 18

Scan results for any iOS applications built with Xcode versions older than Xcode 15.3 may be degraded. Veracode recommends that iOS applications be built with Xcode 15.3 or later for best results

September 13, 2024

Updated language and framework support

iOS

Veracode has released version 0.5.0 of Gen IR, the iOS packaging tool, to GitHub and Homebrew. It includes the following new features and improvements:

Added PIFSupport library that integrates the Project Interchange Format (PIF) into Gen IR. This new library allows Veracode to better interact with project models from Xcode and SPM, offering a more structured and publicly documented alternative to PBXProject. With this change, Veracode can now discover and decode the PIF cache, which allows Gen IR to better parse and reason about complex project structures and dependencies between targets in a project. Benefits of this change include:
- Simplified project parsing: PIF’s structure is easier to consume and more robust.
- Enhanced compatibility: improved handling of dependencies and other existing issues.
- Future-proofing: aligns with modern development tools and workflows in Xcode and SwiftPM.
Support for projects built or generated with Xcode 16.

If you need to downgrade to the previous version, use a new Homebrew formula:

If you already have Gen IR installed: brew install [email protected]
If you do not have Gen IR installed: brew install [email protected]

To upgrade your installed Gen IR to the new version, run brew update && brew upgrade

August 26, 2024

Updated language and framework support

.NET

Improved CWE-316 flaw detection, resulting in a reduction in false positives

Apex

Enhanced Apex 60 support
Improved CWE-274 detection

Dart and Flutter

Dart 3.5 and Flutter 3.24 support

Go

Go AWS Lambda package support

iOS

Improved CWE-297 detection in Swift applications
Improved CWE-323 support for iOS 17 APIs
Improved third-party detection for NuGet repositories

Java

Improved third-party detection for Maven repositories
Improved CWE-259 and 798 flaw detection for Spring Boot applications, resulting in a reduction in false positives
Improved SQL injection detection

JavaScript

Angular 17 support

Kotlin

Kotlin 2.0 support

Scala

Enhanced Scala 3.4 support

Other languages

Improved CWE-259 and 798 flaw detection, resulting in a reduction in false positives for all languages

Sept. 20, 2024

Updated Pipeline Scan language support

Pipeline Scan now supports Apex.

Aug. 8, 2024

Updated Pipeline Scan language support

Pipeline Scan now supports COBOL.

July 31, 2024

Improved prescan performance

The Static Analysis prescan processor is updated to improve performance. This update has no impact on your scan results and requires no user action.

July 25, 2024

Updated language and framework support

.NET

Improved CWE-327 flaw detection

APEX

Added CWE-274 support for Apex

C/C++

Improved third-party detection for C/C++

iOS

Improved CWE-252 and 321 support for iOS 17 APIs

Java

Skip annotation if every data path has a corresponding cleanser

Python

Improved flaw detection for Python Lambda

T-SQL

Improved parsing for T-SQL

July 2, 2024

Updated Pipeline Scan language support

Pipeline Scan now supports iOS.

June 27, 2024

Updated language and framework support

.NET

Improved CWE-117 and 1174 flaw detection for .NET resulting in a reduction in false positives

Apex

Improved parsing for Apex

C/C++

Added Visual Studio 2022 MSVC 14.4x compiler support
Improved scan performance for C/C++ Linux

COBOL

Improved parsing for COBOL
Improved CWE-248 flaw detection for COBOL resulting in a reduction in false positives

Dart and Flutter

Dart 3.4 and Flutter 3.22 support

iOS

Improved CWE-201 support for iOS 17 APIs
Improved third-party detection for iOS resulting in a reduction in false positives

Java

Improved line number detection for flaws

JavaScript

Added Next.js 14.x support
Improved parsing for TypeScript

Ruby on Rails

Ruby 3.3 and Rails 7.1 support

Other languages

Improved CWE-201 support for iOS 17 APIs
Improved CWE-331 support for Android
Improved CWE-259 and 798 flaw detection for all languages resulting in a reduction in false positives
Removed CGI-only restriction for Perl
Improved CWE-80 flaw detection for PHP
Improved parsing for T-SQL
Improved CWE-259 flaw detection for Python resulting in a reduction in false positives

May 23, 2024

Updated language and framework support

.NET

Improved CWE-73, 259, and 798 detection
Improved third-party detection
Improved SQL injection detection

APEX

Apex 57, 58, 59, and 60 support

COBOL

Stratus VOS COBOL support

Java

Enhanced JDK 21 and 22 support
Improved cleanser detection for CWE-78
Improved CWE-259, 798, and 916 flaw detection resulting in a reduction in false positives
Improved third-party detection for Maven repositories

Scala

Scala 3.4 support

Other languages

Improved CWE-259 and 798 detection for all languages
Improved CWE-89 detection for T-SQL
Improved CWE-259, 319, and mobile behavioral scan support for iOS 17 APIs
Improved parsing for T-SQL
Improved CWE-80 flaw detection for TypeScript resulting in a reduction in false positives
Improved SQL injection detection for Python

April 25, 2024

Updated language and framework support

.NET

Improved third-party detection

COBOL

You must now submit all COBOL files as separate files in a single archive. Veracode no longer supports uploading individual COBOL files outside of an archive.

C/C++

GCC 12 and 13 (RHEL 9) support
openSUSE Leap version 15 support
Improved CWE-121 and 454 detection

Dart and Flutter

Dart 3.3 and Flutter 3.19 support

Java

JDK 22 support
Improved CWE-259 and 798 flaw detection for Spring Boot applications, resulting in a reduction in false positives
Improved Generic modeling, which impacts all CWEs

JavaScript

JavaScript cleansers for CWE-80, 93, 113, and 117
Improved CWE-73 detection, resulting in a reduction in false positives

PHP

PHP 8.2 and 8.3 support

Other languages

Improved CWE-259 and 798 flaw detection, resulting in a reduction in false positives for all languages
Improved CWE-416 detection in iOS
Improved third-party detection in Android

March 28, 2024

Updated language and framework support

.NET

Improved CWE-1174 flaw detection resulting in a reduction in false positives

Android

Enhanced Android 14 support

Apex

Improved CWE-80 flaw detection resulting in a reduction in false positives

C/C++

Improved CWE-190 flaw detection resulting in a reduction in false positives
CentOS/RHEL 9 (x64) support

COBOL

Improved parsing for COBOL

Go

Go 1.22 support

Java

Improved CWE-259 flaw detection for Java
Improved processing of shaded JAR files

JavaScript

Improved processing of large JS files

Kotlin

Improved source file name parsing for Kotlin results

PL/SQL

Improved scan times for PL/SQL

Python

Improved CWE-80 handling for Python resulting in a reduction in false positives

React Native

Improved React Native handling of IPA files

T-SQL

Improved CWE-89 detection for T-SQL resulting in a reduction in false positives

March 12, 2024

Updated Pipeline Scan language support

Pipeline Scan now supports Ruby on Rails.

February 22, 2024

Updated language and framework support

.NET

Enhanced .NET 8 support
Improved support for CultureInfo.InvariantCulture
Improved CWE-78 flaw detection
Improved CWE-117 flaw detection resulting in a reduction in false positives

C/C++

Improved CWE-121 flaw detection resulting in a reduction in false positives
Improved CWE-125, 129, 134, 170, 190, 191, 195, and 196 flaw detection
Improved CWE-477 flaw detection

COBOL

Improved flaw analysis for CWE-78, 89, 114, 201, 209, 242, 248, 252, 489, and 798
Improved parsing for COBOL
Improved scan performance for COBOL
Improved scan size calculations

Java

Improved CWE-80 fix detection with modern Spring Framework versions
Improved generic modeling and modeling of Spring Framework applications, which impacts all CWEs
Improved CWE-916 detection
Improved Java third-party detection

JavaScript and TypeScript

Improved analysis for numeric and boolean datatypes, which impacts all CWEs
Improved type detection to prevent false positives for CWE-601 and all other CWEs
Detect and ignore webpack-generated files that are concatenated or minified
Improved support for fs/promises, which impacts all CWEs

Other languages

Improved CWE-259 and 798 flaw detection resulting in a reduction in false positives for all languages
Improved analysis of conditionals for all languages
Improved CWE-89 flaw detection for Classic ASP
Improve support for error_log, which impacts CWE-73, 88, 93 and 117 for PHP

January 25, 2024

Updated language and framework support

.NET

Improved third-party detection
Enhanced .NET 8 support
Improved CWE-80, 89, 404, 501, and 1174 detection

Java

Improved flaw detection
Improved third-party detection
Improved CWE-117, 327, and 749 detection
Added ‘jsi’ filetype support

C/C++

Improved flaw detection
Added openSUSE (x86) version 12 support
Improved CWE-121 and 190 detection

Dart

Improved flaw detection
Improved third-party detection
Improved CWE-331 detection

Other languages

Improved Android third-party detection
Improved JavaScript flaw detection
Updated JavaScript third-party detection
Improved CWE-99 and 918 detection for Python
Improved CWE-259, 798 detection for PHP
Improved CWE-252, 259, 311, 522, 614, and 798 detection in iOS
Improved CWE-321 detection for all languages
Added CWE-639 support for COBOL

January 18, 2024

The Veracode CLI now supports auto-packaging for Veracode Static Analysis

The Veracode CLI now supports Static Analysis auto-packaging for Java, JavaScript, and Python. The package command removes manual packaging steps to streamline your application security tests.

December 27, 2023

New COBOL scanner for Static Analysis

The new COBOL scanner for Veracode Static Analysis includes advanced pattern recognition and static analysis techniques, allowing for more accurate and efficient detection of security vulnerabilities in COBOL code.

The improved detection may result in the identification of additional vulnerabilities and potential threats. The updates may also impact flaw matching for your applications. If you need help resolving these changes, contact Veracode Technical Support.

All COBOL scans now use the upgraded scanner.

More details are available in the Veracode Community.

December 14, 2023

Updated language and framework support

Added .NET 8 initial support
Added JavaScript / ECMAScript 2023 (ES14) support
Added Config support from AWS SDK for Go
Enhanced Android 13 support
Enhanced Node.js v20 support
Added Dart 3.2 and Flutter 3.16 support
Improved CWE-327 (Use of Broken or Risky Cryptographic Algorithm) and CWE-352 (Cross-Site Request Forgery (CSRF)) detection for Ruby on Rails
Improved CWE-566 (Authorization Bypass Through User-Controlled SQL Primary Key) detection for .NET
Improved CWE-352 (Unchecked Return Value) and CWE-915 (Improperly Controlled Modification of Dynamically-Determined Object Attributes) detection for .NET
Improved accuracy of modeling Python method calls resulting in a reduction in false positives
Improved CWE-926 (Improper Export of Android Application Components) detection for Android
Improved CWE-321 (Use of Hard-coded Cryptographic Key) detection for all languages
Improved CWE-331 (Insufficient Entropy) detection for Java
Improved CWE-601 (URL Redirection to Untrusted Site ('Open Redirect')) detection for PHP
Improved parsing for PL/SQL
Improved Python jsonify cleanser support for flaw class CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS))
Improved support for JavaScript crypto APIs
Improved iOS detection of CWE-252 (Unchecked Return Value)
Improved support for JavaScript Axios library
Improved .NET third-party detection
Improved mixed-Java/Kotlin analysis
Improved Java third-party detection
Improved Android version detection
Improved CWE-326 (Inadequate Encryption Strength) accuracy in .NET
Improved accuracy for CWE-259 (Use of Hard-coded Password)and CWE-798 (Use of Hard-coded Credentials)
Added detection of CWE-489 (Active Debug Code) in Go
Improved analysis of JavaScript listeners

November 15, 2023

Updated language and framework support

Added Javax to Jakarta transition support
Added support for Java Records
Added Spring Boot 3 support
Added Spring Security 6 support
Added Spring Core 6 support
Added Android 14 Initial support
Added KMS support for AWS SDK for Go
Improved flaw detection for Dart apps
Improved CWE-259 (Use of Hard-coded Password) and CWE-798 (Use of Hard-coded Credentials) detection for all languages
Improved CWE-1174 (ASP.NET Misconfiguration: Improper Model Validation), CWE-352 (Cross-Site Request Forgery), and CWE-915 (Improperly Controlled Modification of Dynamically-Determined Object Attributes) detection for .NET
Improved third-party detection for Android, C/C++, Dart, and JavaScript
Improved CWE-73 (External Control of File Name or Path) detection for Java
Improved third-party detection in Java WAR files
Improved CWE-252 (Unchecked Return Value), CWE-201(Insertion of Sensitive Information Into Sent Data), and CWE-297 (Improper Validation of Certificate with Host Mismatch) detection for iOS
No longer report MemoryStream for CWE-404 in .NET
Improved detection for unsupported mobile applications

October 26, 2023

Updated language and framework support

Added Dart 3.1 and Flutter 3.13 support
Added JDK 21 (LTS) support
Improved CWE-259 (Use of Hard-coded Password) and CWE-798 (Use of Hard-coded Credentials) detection for Kotlin
Improved .NET analysis to ignore .NET ClickOnce “.deploy” files
Improved third-party detection for Java, JavaScript, PHP, iOS, PL/SQL and C++
Improved parsing for PL/SQL
Improved CWE-798 (Use of Hard-coded Credentials) detection for PHP
Enhanced Python analysis to treat modules consisting of all third-party code as first-party modules
Improved Groovy analysis of objects
Improved CWE-252 (Unchecked Return Value) detection for iOS
Improved JavaScript analysis of objects
Improved analysis of iOS apps to reduce CWE-284 (Improper Access Control) false positives
Improved CWE-693 (Protection Mechanism Failure), CWE-926 (Improper Export of Android Application Components), CWE-327 (Use of a Broken or Risky Cryptographic Algorithm) and CWE-798 (Use of Hard-coded Credentials) detection for Android

October 2, 2023

Updated language and framework support

Added iOS 17 initial support
Added Go 1.21 support
Added PHP Laravel 10 support
Added .NET Minimal API support
Enhanced .NET 7 support
Enhanced Groovy 3 support
Enhanced AWS SDK for Go support
Enhanced Android 13 support
Improved third-party detection for JavaScript
Improved CWE-80 detection for Vue.js
Improved CWE-259 detection for all languages
Improved CWE-89 detection for Transact-SQL
Improved third-party detection for C++
Improved symmetric-key parsing rules for Transact-SQL
Improved attribute idiomatic transformation support for Jakarta
Improved CWE-693 detection for Android
Improved scan performance for Micronaut framework
Improved Node.js modeling to reduce false positives
Improved handling of explicitly typed generic function calls in Go
Improved data path quality for JavaScript
Improved reporting of CWE-352 and CWE-915 in .NET to consolidate flaws reported on the same line and file as separate flaws into one flaw
Added CWE-566 (Authorization Bypass Through User-Controlled SQL Primary Key) detection for .NET applications

Deprecated support for some .NET cleansing functions

Veracode has deprecated support of .NET cleansers for the following functions for flaw classes CWE-93, CWE-113, and CWE-117:

antixsslibrary.dll : Microsoft.Security.Application.AntiXss.HtmlAttributeEncode
antixsslibrary.dll : Microsoft.Security.Application.AntiXssEncoder.HtmlAttributeEncode
antixsslibrary.dll : Microsoft.Security.Application.Encoder.HtmlAttributeEncode
antixsslibrary.dll : Microsoft.Security.Application.Encoder.HtmlEncode
mscorlib.dll : System.Security.SecurityElement.Escape
system.dll : System.Net.WebUtility.HtmlEncode
system.web.dll : System.Web.HttpServerUtility.HtmlEncode
system.web.dll : System.Web.Security.AntiXss.AntiXssEncoder.HtmlEncode
system.web.dll : System.Web.Util.HttpEncoder.HtmlAttributeEncode
system.web.dll : System.Web.Util.HttpEncoder.HtmlEncode
system.web.mvc.dll : System.Web.Mvc.HtmlHelper.AttributeEncode
system.web.mvc.dll : System.Web.Mvc.HtmlHelper.Encode
system.windows.browser.dll : System.Windows.Browser.HttpUtility.HtmlEncode
system.windows.dll : System.Net.HttpUtility.HtmlEncode
System.Runtime.dll : System.Net.WebUtility.HtmlEncode

These cleansing functions are insufficient for addressing their targeted flaw classes and better alternatives are available.

For more details on why Veracode deprecated support for these functions and how to protect your applications against CRLF injection attacks, see the Veracode Community.

September 11, 2023

Fixed bug causing false positives for CWE-798

In last month’s release, Veracode added improved support for CWE-798 (Use of Hard-coded Credentials) detection. However, a bug in the pattern matching caused a significant number of false positives for some users. Veracode has resolved this issue and the improvement should result in significantly fewer CWE-798 false positives.

August 23, 2023

Updated language and framework support

Added Kotlin 1.9 support
Added TypeScript 5.x support
Added GCC 12 (RHEL 8) support
Improved CWE-1174 (ASP.NET Misconfiguration: Improper Model Validation) detection on controller-derived classes
Improved support for JavaScript URLSearchParams API
Improved support for Spring produces annotation attribute
Improved third-party detection for JavaScript
Improved third-party detection for Android
Improved third-party detection for Java
Improved hardcoded password/credential detection (CWE-259 and 798)
Improved .NET CWE-80 basic XSS detection
Improved JavaScript detection of document elements
Improved performance for Vue applications
Improved .NET Entity Framework support
Added ability to allow third-party PHP software if the entire upload is third-party
Improved detection of Java CWE-611 XXE
Improved support for Python Django views

July 25, 2023

New Veracode Static Analysis Support for Languages and Frameworks

Veracode has added support for Quarkus, a Kubernetes-native Java stack tailored for OpenJDK HotSpot and GraalVM.

Veracode has improved static analysis by adding support for these new versions of supported technologies:

Improved Detection of CWE-259 and CWE-798

Improvements to the detection methods Veracode uses to identify CWE-259 (Use of Hard-coded Password), and CWE-798 (Use of Hard-coded Credentials) vulnerabilities should reduce the number of false positives during static analysis. Improved CWE-259 coverage for Python language submissions.

June 22, 2023

New Veracode Static Analysis Support for Languages and Frameworks

Veracode has added support for Micronaut 3.8.x, which is a JVM-based framework you use to build lightweight, modular applications.

Veracode has improved static analysis by enhancing support for Android 12.

Veracode has improved static analysis by adding support for these new versions of supported technologies:

Improved CWE-259 (Use of Hard-coded Password) and CWE-798 (Use of Hard-coded Credentials) Detection

Improvements to the detection methods utilized to identify CWE-259 and CWE-798 vulnerabilities should reduce the number of false positives found during static analysis.

Additional CWE-693 Coverage for Android

Veracode has added an additional CWE-693 (Protection Mechanism Failure) check for Android applications to ensure that the Play Integrity API is used appropriately.

May 23, 2023

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these new versions of supported technologies:

Full support for iOS 16
Enhanced support for Java 20

Improved CWE-89 Coverage for Java and JavaScript/TypeScript

The improved coverage increases the number of potential CWE-89 flaws that Veracode discovers in Java and JavaScript/TypeScript applications, which might affect your scan results.

Added CWE-451 Coverage for Android

Veracode has added CWE-451 (Tapjacking) coverage for Android applications.

May 18, 2023

Pipeline Scan Adds Support for Module Selection

Pipeline Scan adds a new --include parameter. You use this parameter to specify the top-level modules to include during scanning. The scan results now show both the modules that Veracode identified during prescan and the modules included in the scan.

This update is available with Veracode CLI version 23.4.3-0 and Veracode Docker image version 23.4.3.

April 27, 2023

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these new versions of supported technologies:

Support for JDK 20
Enhanced support for .NET 7
Enhanced support for Python SQLAlchemy
Enhanced support for React Native 0.7x
Support for AWS SDK for Go v2

Improved Static Analysis for Python Language Submissions

Static analysis of Python applications inaccurately reports certain CWE-918 (Server-Side Request Forgery (SSRF)) flaws as CWE-201 (Insertion of Sensitive Information Into Sent Data) flaws. This update recategorizes these incorrectly reported flaws as CWE-918. This update might impact existing flaw matching and you might need to apply new mitigations to these flaws.

After you apply this update, any Python applications that contain CWE-201 flaws and have any of the following policy requirements might fail your security policy:

Security Standard rule for Auto-Update CWE Top 25
Findings by Severity rule for Medium or higher
Minimum Scan Score rule

March 23, 2023

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these new versions of supported technologies:

Support for Vue 3.x
Support for React Native 0.7x
Enhanced support for Python Flask 2.x

Improved Static Analysis for WebMethodAttribute use in ASP.NET Classic

Veracode has improved static analysis for WebMethodAttribute use in ASP.NET Classic (non MVC and/or MVC Core) WebForms and WebServices. This will affect the flaws found and associated policy results for customers by reducing the number of FPs found.

February 23, 2023

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these new versions of supported technologies:

Support for Go 1.20
Support for Angular 14 & 15
Support for React 18
Support for Dart 2.17, 2.18, 2.19 and Flutter 3.0, 3.3, 3.7

Improved COBOL Parser Error Handling

Veracode no longer reports parser errors in standalone copybook files that COBOL files do not include. These files are not relevant for security scanning unless COBOL files reference them.

January 26, 2023

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these new versions of supported technologies:

Initial Support for .NET 7

Veracode has improved static analysis by adding support for:

Server-side request forgery (SSRF) reporting for JavaScript

Veracode has released a new version of our new iOS packaging tool:

Gen IR version 0.2.1: gen-ir

December 15, 2022

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these new versions of supported technologies:

Support for Node.js 18
Support for PHP Laravel 6-9
Initial Support for Kotlin 1.7
Initial Support for Android 13
Support for Python Flask 2.x
Support for Go 1.18-1.19
Support for React Native 0.67

Veracode improved static analysis by adding support for these new languages and frameworks:

Support for Dart and Flutter
Support for .NET MAUI

Veracode has improved static analysis by adding a new iOS packaging tool to support Xcode 14 without the Enable_Bitcode setting:

New iOS packaging tool: gen-ir
Updated documentation: iOS and tvOS Application Packaging

November 17, 2022

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these languages and frameworks:

Support for JDK 19
Support for Azure Functions v4 for .NET

October 27, 2022

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these languages and frameworks:

Support for Visual C++ 14.3.x for Visual Studio 2022
Support for Azure Functions for Python

October 19, 2022

New Packaging Guidance Tool

You can use the new Veracode Packaging Cheat Sheet to generate language-specific packaging guidance for Static Analysis.

October 4, 2022

New Veracode Static Analysis Support for Languages and Frameworks

Veracode improved static analysis by adding support for these languages and frameworks:

Support for JDK 18
Full support for .NET 6
Initial support for iOS 16
Enhanced support for Golang Gorilla
Enhanced support for React and React Router