Veracode static scan – Application vulnerability test clarification
As part of the vulnerability test our client engaged “Veracode” to do static code analysis.
The tool has identified quite a few flaws in out of the box Chordiant API’s. We have mitigated that these flaws are from Chordiant framework jars which we will not able to do any modifications. Due to these flaws our client doesn’t signoff for go live.
I have attached the Veracode report for your review. We have checked the class names in the report and identified the following OOTB jars which are having flaws.