Veracode App Sec Readiness & Roadmap Engagement Package

Technical Service Package - BRONZE Includes:

  1. Up to 12 hours/year utilized for API/integration Support, Upload and Result Review calls to discuss Remediation and Mitigation guidance with Development Teams. Unused Hours do not carry over from year to year.
  2. Phone Support is available from 3 AM to 8 PM ET (excluding Holidays and Weekends). Case response time during hours for email and phone cases is 2 Business Days.
  3. Up to 3 tokens to be used for two-factor authentication. Support activities are provided on a remote basis. Travel and related expenses associated with onsite activities will be invoiced and be payable as incurred. Additional support hours can be purchased through a Veracode Support Package, please contact Veracode Sales for details.

Quantity (5) INT-APP-STATIC provides:

Unlimited static analysis Assessments for 1 Customer Application. The Application may be a Mobile Application. Customer Application is defined as a collection of uploaded files of up to 50MB or less in total size (Note: System libraries typically included as part of an operating systems distribution are not counted against the Customer Application size limit) -Following guardrails on usage apply: Static: Up to 10 Customer Applications per day if the automated upload api is being used. No limits on Customer Application submission rate if the submissions are done manually using the Veracode platform. If Customer Application size exceeds 50MB, it is counted as 2 (or equivalent multiple) Applications.

Quantity (5) SCA provides:

Assessment of known vulnerabilities in third-party software components. The assessment is done for all third-party components found in JAVA or .NET software applications that also go through static analysis assessment. This product requires a valid contract for static analysis assessment. The number of applications that may be assessed for known vulnerabilities is the same as the number of applications that may be scanned statically. Information provided includes the bill of materials for each scanned application, list of third-party components as well as known vulnerabilities associated with third party components.

Quantity (100) DYN-WAPM-QRT provides:

Subscription with quarterly DynamicMP Assessments for one customer owned and operated web Application throughout the Subscription Term defined by the Subscription Start and End Dates referenced in the table above.

  • Subscription includes monthly Discovery Assessments, enabling an organization to run at least one Discovery Assessment each month throughout the Subscription Term of up to 150,000 input IP Addresses and Hosts. Each Discovery Assessment shall be capped at a processing time of no more than 5 days and regardless of the number of subscriptions purchased, Customer shall only be entitled to conduct one Discovery Assessment per month.
  • For purposes of this subscription, a web Application is defined as a single URL (scheme, host and port) supporting a single business process that is accessible via a desktop or mobile web browser (for example,,,,, and would usually be treated as separate applications).