Our application built on Pega 8.8.2 and I am planning to do Pega application code scan using ‘Veracode’.
I am doing Static scanning, I have created product file and shared the jar/zip file to Veracode team to scan the code; We are getting error message while importing the jar file; If anyone already scanned the Pega application using the Veracode, please help to find the process of providing the Pega code to VERACODE.
@RameshP8036 Pega supports Rule Security Analyzer for SAST on client-written code, but we do not have a way to support the use of commercial SAST tools (such as Veracode, Fortify, or others) on client-written code.
This is a GenAI-powered tool. All generated answers require validation against the provided references.
For unresolved issues, Veracode Technical Support will need:
Troubleshooting APIs and integrations
Troubleshooting CI/CD system integrations
From a pega perspective: For details on static scans of Pega’s product code, please contact your Pega Account Executive who will help you further.
Application Security Compliance in Pega Cloud
@morem I found an 8 year old post here and wondered if you had any more up-to-date information?
@MarijeSchillern, @morem is it possible to scan the Pega code again rules. If yes, can you please help us in understanding the process of providing the Pega Rules code to Veracode for code scan.
I send an email with my questions to [email protected], but no one is responding to my email.
@RameshP8036 please see the analysis passed on to me by SME’s on question which you yourself posted in September last year:
Vulnerability testing process for application on premise
@ettar can you add anything here?
@MarijeSchillern We have packaged application (Excluded OOTB applications and Rulesets) in zip file and we are getting errors while uploading zip file (Product file) in Veracode.
@RameshP8036I have been informed that the VendorAssessment Inquiries mailbox is no longer active.
—> Please get in touch with your Pega Account Executive and they will help you further.