RSA Archer

The RSA Archer dashboard is a platform for Governance, Risk, and Compliance (GRC) solutions. The Archer dashboard consumes XML data feeds to integrate data from a variety of sources into a unified view of enterprise-wide risk.

Veracode provides Archer feeds that include information about the applications in an account. For assessments of internally developed or maintained applications, a feed includes scores, a listing of all discovered flaws, and status information about the flaws (new, open, fixed, or re-opened). The feeds also include summary data, such as scores and top-risk categories, for third-party assessments.

After you generate a report, it is only available for you to download for 30 days. Each login account is limited to downloading the five most recently generated reports at a time.

note

RSA Archer does not support HMAC authentication, which prevents you from executing Veracode Archer API calls from within the RSA Archer interface. Veracode recommends that you write a small, external batch or shell script that calls the Archer APIs on a periodic schedule and writes the output to a fixed-name XML file. You must configure Archer to parse the XML file. Veracode provides an implementation guide to assist you with configuring the Veracode Platform with RSA Archer GRC. The guide is available from the Archer Community.

Prerequisites

• You must have an API service account with the Archer Report API role.
• Veracode strongly recommends that you read API usage and access guidelines.
• Ensure you access the APIs with the domain for your region.