Skip to content

Security: veracode/veracode-uploadandscan-action

Security

SECURITY.md

Our Commitment to Security

Veracode was founded on the idea that companies should be able to access technology that allows them to scan their software for vulnerabilities so that they can identify them, fix them and improve their security. Since that time, we have created new technologies and services to enable our customers to scan for flaws in along the entire software development lifecycle, seeing results in seconds or minutes, to allow them to code securely while also remaining on schedule with continuous release cycles.

Veracode envisions a world where the software fueling our economic growth and solving society's greatest challenges is developed secure from the start.

We value transparency in the security industry and openness with sharing information that could improve security for every organization. Veracode is committed to engaging the research community in a professional, positive and agreeable manner that protects our company and our customers.

As such, we encourage and welcome anyone who believes he or she has identified a vulnerability to contact us with security concerns or pertinent information to the integrity, functionality or confidentiality of our software.

The terms below apply to any website, application or service distributed by or hosted by Veracode, Inc.

Please use the email address security-alerts@veracode.com to alert us to:

  • Vulnerabilities or breaches in our software or environments which threaten the confidentiality, integrity or availability of our data, software, or services, or our customers’ data
  • Applications that mimic, mislabel, misdirect, or "copycat" Veracode, or phishing attacks even if they do not originate from Veracode sources
  • Written or verbal discussion, activities, or data in any public forum which you believe constitutes a threat to Veracode, our employees or our customers

For more, please refer to our Responsible Disclosure Policy

There aren’t any published security advisories