The Veracode Findings API enables you to access information about open and mitigated findings associated with applications and development sandboxes.
This API supports Static Analysis, Dynamic Analysis, Manual Penetration Testing, and Software Composition Analysis findings.
Note: You cannot get SCA findings in combination with other finding types.
The Findings API simplifies common reporting scenarios, such as obtaining the latest data for each application and accessing historical state-change information on findings.
Permissions and Authentication
Before you can use all the endpoints of the Findings API, you must have one of these
account types:
- An API service account with the Results API role
- A user account with the Reviewer or Security Lead role
The API provides improved security through HMAC authentication. Therefore, before using this API, you must configure your authentication.
Ensure you access the APIs with the domain for your region.
Findings API Specification
The Findings API specification is available from SwaggerHub.