After the first full scan with Veracode SAST, when the programmer changes something in the code, does he scan the code again completely or only the changes?
After the first full scan with Veracode SAST, when you change something in the code, you can choose to scan the code again entirely or only the changes.
Scanning the code again completely
This option may be the most comprehensive, as it will identify all potential security vulnerabilities, even those introduced in the most recent changes. However, they say that this option can be time-consuming and resource-intensive.
Scanning only the changes
This option may be faster, and it could be the more efficient option, as it will only identify the potential security vulnerabilities that were introduced in the most recent changes. However, it may not identify all of the potential security vulnerabilities.
The best option for you will depend on your circumstances. If you are concerned about missing any potential security vulnerabilities, then scanning the code again completely may be best. However, if you are looking for a faster and more efficient option, scanning only the changes may be the option you can choose.
Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.
Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references....
After the first full scan with Veracode SAST, when you change something in the code, you can choose to scan the code again entirely or only the changes.
This option may be the most comprehensive, as it will identify all potential security vulnerabilities, even those introduced in the most recent changes. However, they say that this option can be time-consuming and resource-intensive.
This option may be faster, and it could be the more efficient option, as it will only identify the potential security vulnerabilities that were introduced in the most recent changes. However, it may not identify all of the potential security vulnerabilities.
The best option for you will depend on your circumstances. If you are concerned about missing any potential security vulnerabilities, then scanning the code again completely may be best. However, if you are looking for a faster and more efficient option, scanning only the changes may be the option you can choose.