sharedreport.do

Veracode APIs

The sharedreport.do call returns the details of a shared report.

Before using this API, Veracode strongly recommends that you read API Usage and Access Guidelines.

Resource URL

https://analysiscenter.veracode.com/api/4.0/sharedreport.do

Parameters

Name Type Description
app_id

Required

Integer Application ID.
shared_report_id

Required

Integer You can get the shared report ID from the sharedreportlist.xml file returned by the getsharedreportlist.do call.

HTTPie Example

Examples use the HTTPie command-line tool. See Using HTTPie with the Python Authentication Library.

http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/4.0/sharedreport.do" "app_id==<app id>" "shared_report_id==10651"

HTTPie Results

The sharedreport.do call returns the summaryreport XML document, which references the summaryreport.xsd schema file. You can use the XSD schema file to validate the XML data. See the summaryreport.xsd schema documentation.

A partial XML example. Veracode has deprecated assurance level and replaced it with business criticality.

<?xml version="1.0" encoding="UTF-8"?>

<summaryreport xmlns:xsi="http&#x3a;&#x2f;&#x2f;www.w3.org&#x2f;2001&#x2f;XMLSchema-instance" 
         xmlns="https&#x3a;&#x2f;&#x2f;www.veracode.com&#x2f;schema&#x2f;reports&#x2f;export&#x2f;1.0" 
         xsi:schemaLocation="https&#x3a;&#x2f;&#x2f;www.veracode.com&#x2f;schema&#x2f;reports&#x2f;export&#x2f;1.0 
         https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;resource&#x2f;summaryreport.xsd" 
         report_format_version="1.3" account_id="<account id>" app_name="<app name>" app_id="<app id>" 
         analysis_id="674675" static_analysis_unit_id="690423" sandbox_id="<sandbox id>" 
         first_build_submitted_date="2015-12-22 15&#x3a;47&#x3a;59 UTC" version="22 July 2019 Static" 
         build_id="<build id>" submitter="<vendor name>" platform="Not Specified" assurance_level="3" 
         business_criticality="3" generation_date="2019-10-03 18&#x3a;03&#x3a;20 UTC" veracode_level="VL1" 
         total_flaws="366" flaws_not_mitigated="365" teams="" life_cycle_stage="Not Specified" 
         planned_deployment_date="2019-12-22 15&#x3a;27&#x3a;13 UTC" last_update_time="2019-07-22 16&#x3a;05&#x3a;52 UTC" 
         is_latest_build="true" policy_name="3rd Party" policy_version="2" policy_compliance_status="Did Not Pass" 
         policy_rules_status="Did Not Pass" grace_period_expired="false" scan_overdue="false" business_owner="" 
         business_unit="Not Specified" tags="" legacy_scan_engine="false">
   <static-analysis rating="C" score="53" submitted_date="2015-12-22 15&#x3a;47&#x3a;47 UTC" 
         published_date="2015-12-22 16&#x3a;05&#x3a;49 UTC" version="22 July 2019 Static" mitigated_rating="C" 
         mitigated_score="53" next_scan_due="2019-12-01 15&#x3a;05&#x3a;49 UTC" analysis_size_bytes="5696667" 
         engine_version="88693">
      <modules>
         <module name="<module name>" compiler="JAVAC_7" os="Java J2SE 7" architecture="JVM" loc="77543" score="52" 
            numflawssev0="1" numflawssev1="0" numflawssev2="22" numflawssev3="321" numflawssev4="20" numflawssev5="2"/>
      </modules>
   </static-analysis>
   <severity level="5">
      <category categoryname="Command or Argument Injection" severity="Very High" count="2"/>
   </severity>
   <severity level="4">
      <category categoryname="SQL Injection" severity="High" count="20"/>
   </severity>
   <severity level="3">
      <category categoryname="Cross-Site Scripting &#x28;XSS&#x29;" severity="Medium" count="252"/>
      <category categoryname="Credentials Management" severity="Medium" count="44"/>
      <category categoryname="CRLF Injection" severity="Medium" count="8"/>
      <category categoryname="Cryptographic Issues" severity="Medium" count="5"/>
      <category categoryname="Insufficient Input Validation" severity="Medium" count="4"/>
      <category categoryname="Code Quality" severity="Medium" count="3"/>
      <category categoryname="Directory Traversal" severity="Medium" count="3"/>
      <category categoryname="Encapsulation" severity="Medium" count="2"/>
   </severity>
   <severity level="2">
      <category categoryname="Information Leakage" severity="Low" count="10"/>
      <category categoryname="Cryptographic Issues" severity="Low" count="5"/>
      <category categoryname="Code Quality" severity="Low" count="5"/>
      <category categoryname="API Abuse" severity="Low" count="2"/>
   </severity>
   <severity level="1"/>
   <severity level="0">
      <category categoryname="Potential Backdoor" severity="Informational" count="1"/>
   </severity>
   <flaw-status new="366" reopen="0" open="0" cannot-reproduce="0" fixed="0" total="366" not_mitigated="365" 
       sev-1-change="0" sev-2-change="22" sev-3-change="321" sev-4-change="20" sev-5-change="2"/>
   <customfields>
      <customfield name="JIRA" value=""/>
      <customfield name="JenkinsID" value=""/>
      <customfield name="SDLC Stage" value=""/>
      <customfield name="Custom 4" value=""/>
      <customfield name="Custom 5" value=""/>
      <customfield name="Custom 6" value=""/>
      <customfield name="Custom 7" value=""/>
      <customfield name="Custom 8" value=""/>
      <customfield name="Custom 9" value=""/>
      <customfield name="Custom 10" value=""/>
   </customfields>
   <software_composition_analysis third_party_components="0" violate_policy="false" components_violated_policy="0" 
         sca_service_available="false">
      <vulnerable_components/>
   </software_composition_analysis>
</summaryreport>