Using the Veracode XML APIs

Veracode APIs

The Veracode Application Programming Interfaces (APIs) and their wrappers automate the actions involved in testing. You can use plugins to extend your workflow to seamlessly include Veracode security scanning.

Veracode provides an XML API for every task involved in scanning with Veracode. These APIs and the wrappers enable you to automate most of the tasks involved in scanning your applications.

Note: The XML API and the wrappers use a different syntax. For the wrappers, the parameter names omit the underscores, the parameter values omit spaces, and some parameters use different names. For example, the parameter app_id in the API is appid in the wrapper and the parameter value Very High in the API is VeryHigh in the wrapper. The parameter business_criticality in the API is criticality in the wrapper. The syntax is not interchangeable and using the wrong syntax causes your command to fail. To ensure you are using the correct syntax, see the documentation provided in the Help directory for each wrapper.

All the API information is available as a PDF you can download.

API Wrappers
Veracode provides API wrappers for Java and C#. Veracode recommends using API wrappers when working with the Veracode XML APIs.
Upload API
Use the Upload API to automatically send new builds of your applications to the Veracode Platform for static analysis scans.
Results API
Use the Results API to get a list of available applications and retrieve detailed application results.
Mitigation and Comments API
Integrate flaw comments and mitigation workflow tasks into IDEs and bug tracking systems.
Admin API
Use the Admin API to create and manage users and teams in the Veracode Platform.
Flaw Report API
The Flaw Report API creates a report that lists all fixed and unfixed flaws for the specified applications and/or scan type.
DynamicDS APIs
Several APIs are available to automate your DynamicDS scans.
The Veracode VAST program has APIs for automating vendor and enterprise tasks.
Sandbox APIs
Use the Sandbox API calls to automate creating, updating, deleting, listing, and promoting development sandboxes.