Veracode Static Analysis provides fast, automated security feedback in the IDE and the pipeline, and conducts a full policy scan before deployment. It then provides clear guidance on what issues to focus on and how to fix them faster.
Security Feedback While Coding
As developers are writing code, the IDE Scan provides focused, real-time security feedback. It also helps developers remediate faster and learn on the job through positive reinforcement, remediation guidance, code examples, and links to Veracode AppSec Tutorials.
The Pipeline Scan is run on every build and provides security feedback on the code at a team level – with a median scan time of 90 seconds and the ability to break the build if new security issues are found.
A Policy Scan completes a full assessment of the code with an audit trail for compliance purposes – in a median scan time of 8 minutes. Development teams can preview compliance in a sandbox before promoting the scan to policy.
Get best practices on application security policies