Not a customer? Try Veracode!
Secure your app without leaving Visual Studio. Try your first scan on us!
Veracode Visual Studio Extension
Veracode enables you to find and fix security vulnerabilities in your application without leaving Visual Studio. Using the power of Veracode Static Analysis, you can perform highly accurate security testing for your application within Visual Studio, plus get easy access to all the information you need to prioritize and fix security findings—fast.
The Veracode Visual Studio Extension is part of the Veracode ecosystem of integrations that helps you connect Veracode with your software development process, including extensions for Visual Studio Team Services and Team Foundation Services and integrations for other build servers, IDEs and defect tracking solutions. For more information about Veracode's integrations and APIs, see the Veracode Help Center.
The Veracode Visual Studio Extension lets you work with security findings, jump to the line of code, view data path information, and view remediation guidance all from within Visual Studio.
- The easiest way to test your .NET application with Veracode: The Veracode Visual Studio Extension allows you to start a scan, review security findings, and triage the results, all from within the Visual Studio environment. To ensure the best possible coverage and highest quality results, the extension automates the preparation of your application for scanning. In addition, you can easily see which findings violate your security policy and view the data path information to understand how your code may be vulnerable to attack.
- Integrate application security into your development workflow: When security is integrated, you remove friction. You can use the Veracode Visual Studio Extension to test code changes prior to checking in, then test the whole application by integrating Veracode Static Analysis into your Visual Studio Team Services or Team Foundation Services pipeline—or into other build and release systems such as Jenkins, Bamboo or Maven. And, you can review security findings in Visual Studio.
- Don’t stop for false alarms: Because Veracode gives you accurate results and prioritizes them based on severity, you won’t need to waste resources dealing with hundreds of false positives. We have assessed over 2 trillion lines of code in 15 languages and 70+ frameworks, and we get better with every assessment due to our rapid update cycles and continuous improvement processes. If something does get through, just mitigate it using an easy Veracode workflow; we’ll remember that mitigation the next time we find that flaw.
- Align your AppSec practices with your development practices: Do you have a large or distributed development team? Are you drowning in revision control branches? You can use the Veracode Visual Studio Extension with the Veracode Developer Sandbox, which supports multiple development branches, feature teams and other parallel development practices. Veracode’s focus on making security DevOps-friendly is one reason why our customers have fixed 70 percent of the 10 million vulnerabilities they found in 2015.
- Don't just find vulnerabilities, fix them: Veracode gives you remediation guidance with each finding, as well as the data path that an attacker would use to reach the weak point in the application. Veracode also highlights the most common sources of vulnerabilities to help prioritize remediation. In addition, when vulnerability reports don’t provide enough clarity, you can set up one-on-one developer consultations with our experts who have backgrounds in both security and software development.
Getting started with Veracode Visual Studio Extension
After you receive your Veracode Platform login information, read the help instructions to get started. Not yet a customer? Try Veracode!