You can use the Veracode Annotations API to annotate findings, including adding comments and proposing, accepting, and rejecting mitigations.
Permissions and Authentication
Before you can use this API, you must have one of these account types:
- An API service account with the Results API role
- A user account with the Reviewer, Security Lead, or Mitigation Approver role
The API provides improved security through HMAC authentication. Therefore, before using this API, you must configure your authentication.
Ensure you access the APIs with the domain for your region.
Annotations API Specification
The Annotations API specification is available from SwaggerHub.