This use case scenario provides the Annotations REST API command and payload for adding a comment against one or more findings for an application.
Veracode does not include comments in scan reports, so your comments are private to you and your team. You can consider comments as a private working area while you and your team remediate findings. You can use the Applications API to get the GUID for an application.
Use this command to add a comment to an application with two
findings:
http --auth-type=veracode_hmac POST "https://api.veracode.com/appsec/v2/applications/<Veracode application GUID>/annotations" < input.json
The API passes the JSON file that you populate with the necessary
values as shown in this example:
{
"issue_list": "1,2",
"comment": "This is my comment",
"action": "COMMENT"
}
| Name | Type | Description |
|---|---|---|
| issue_list Required |
String | Comma-separated list of finding (flaw) IDs. You can use the Findings API to get a list of finding IDs for an application. |
| comment Required |
String | Enter a brief comment about the findings for issue_list. |