Veracode Static Analysis (SAST)
Vulnerability Management integrated with Veracode
Veracode Static Analysis provides vulnerability scanning services for static applications to find vulnerabilities before code is deployed.
Nucleus integrates with Veracode Static Analysis to ingest vulnerabilities discovered by Veracode. Nucleus then enables you to prioritize application security vulnerabilities within your organization and aid in the analysis and remediation process. Nucleus uniformly aggregates vulnerability data from Veracode Static Analysis with vulnerability data collected by other scanners, streamlining the vulnerability management process for organizations using different scanning tools across departments or assets.
Use Cases
Common security use cases for Veracode Static Analysis with Nucleus include:
- Gain unified visibility into code vulnerabilities across an organization.
- Prioritize Application Vulnerabilities Based on Risk including business criticality, threat exploitability and Veracode custom fields.
- Surface code vulnerabilities to developers for remediation leveraging their existing development workflows.
Veracode Reference Diagram
1: Sync code vulnerability data and asset context from Veracode Static Analysis and other sources
2: Nucleus aggregates asset and vulnerability context across systems providing unified visibility
3: Threat intelligence is applied to vulnerabilities and business context is applied to assets
4: High risk threats are prioritized for remediation
5: Workflows help streamline remediation so the right development teams can quickly take action
6: Track, report and measure the success of your vulnerability management program
How to Configure Veracode Static Analysis
Veracode connector setup documentation is available on the Nucleus help portal.