You can use the Veracode Results API to access your application assessment data from
another application or a script.
The Veracode Results API is a basic HTTPS-based request API that uses simple HTTP calls. You can
use any technology that supports making HTTP calls and parsing XML to access the API. For
example, you can write a script to automatically download newly published analysis results
into a bug tracking system. You can also use this API to retrieve information, in XML format,
about these items:
- Application profiles
- Completed and in-progress builds
- Detailed analysis results, which includes call stacks and findings information, or a
summary of results, which does not include call stacks and findings information
To learn how to use the Results API, see API Tutorial: How to Access Scan Results.
reasons, this API automatically compresses the XML output, regardless of file
size, in Gzip format. When accessing this API in production, Veracode strongly
recommends that you use a user agent, such as HTTPie, which is the default, that
supports Gzip. To test this API, you can use any tool that supports
If you want to query tags in applications, you can add unique tags as metadata when creating
your applications. You can then query your applications based on any of the metadata. Use
to create an application with metadata.
Use these calls of the Results API
to get the scan
results of applications:
- getapplist.do to get the full list of your
- getappinfo.do to get information for a specific
application, including any metadata, if applicable.
- detailedreport.do to get a detailed report for any application, as an
REST API Equivalent
The REST API equivalents of many of these calls are available with the Applications API, the Findings
API, and the Summary
Report API. Veracode strongly recommends that you use the REST
For new integrations, always use the REST APIs.
Before using the Results API, you must meet these prerequisites: