uploadfile.do

Veracode APIs

The uploadfile.do call uploads a file to an existing build or creates a build. Veracode recommends that you use the uploadlargefile.do call to avoid timeout errors when uploading a large file.

Before using this API, Veracode strongly recommends that you read API Usage and Access Guidelines.
Before uploading additional files, ensure that:
  • An upload or prescan is not in progress.
  • The beginscan.do call is not in progress.
  • If you recently ran the beginscan.do call, you did not set auto_scan to true.

Since the uploadfile.do call creates a build, if one does not already exist or if the most recent build has a published static scan, you do not need to call createbuild.do. If the call creates a build, the build name is the date of the build with the scan type. For example, 03 Mar 2019 Static.

If you want to upload a file that does not have the same name as a previous file, you can use the save_as parameter to change the name, enabling flaw-matching with previously scanned files.

Resource URL

https://analysiscenter.veracode.com/api/5.0/uploadfile.do

Parameters

Name Type Description
app_id

Required

Integer Application ID.
file

Required

String

File to upload. The maximum file size is 2GB.

Requirements:
  • Set Content-Type: multipart/form-data.
  • Open the file in binary mode.

If you see timeout errors during the upload, you can use the uploadlargefile.do call.

Note: You must enter the @ symbol before the entire pathname, including the specific filename.
sandbox_id Integer Enter the ID of the target sandbox for the upload file.
save_as String Enter a new, unique filename for the uploaded file. The filename cannot begin or end with slashes or periods.

HTTPie Example

This call supports the HTTP POST method. Examples use the HTTPie command-line tool. See Using HTTPie with the Python Authentication Library.

http --auth-type=veracode_hmac POST -f "https://analysiscenter.veracode.com/api/5.0/uploadfile.do" "app_id==<application ID>" "file@c:\myappfiles\myappzip.zip" "save_as==myappfile.zip"

HTTPie Results

The uploadfile.do call returns the filelist XML document, which references the filelist.xsd schema file. You can use the XSD schema file to validate the XML data.
<?xml version="1.0" encoding="UTF-8"?>

<filelist xmlns:xsi="http&#x3a;&#x2f;&#x2f;www.w3.org&#x2f;2001&#x2f;XMLSchema-instance" 
      xmlns="https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;schema&#x2f;2.0&#x2f;filelist" 
      xsi:schemaLocation="https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;schema&#x2f;2.0&#x2f;filelist 
      https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;resource&#x2f;2.0&#x2f;filelist.xsd" filelist_version="1.1" 
      account_id="<account ID>" app_id="<application ID>" build_id="<build ID>">
   <file file_id="<file ID>" file_name="myappfile.zip" file_status="Uploaded" file_md5="<file md5>/>
   <file file_id="<file ID>" file_name="myappfile2.zip" file_status="Uploaded" file_md5="<file md5>"/>
</filelist>

Java Example

java -jar vosp-api-wrappers-java-<version>.jar -vid <Veracode API ID> -vkey <Veracode API key> -action uploadfile -appid <application ID> -filepath c:\Users\<username>\<filename>

Java Results

The uploadfile.do call returns the filelist XML document, which references the filelist.xsd schema file. You can use the XSD schema file to validate the XML data.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<filelist xmlns="https://analysiscenter.veracode.com/schema/2.0/filelist" 
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
      account_id=<account ID> app_id=<application ID> build_id=<build ID> filelist_version="1.1" 
      xsi:schemaLocation="https://analysiscenter.veracode.com/schema/2.0/filelist 
      https://analysiscenter.veracode.com/resource/2.0/filelist.xsd">
   <file file_id=<file ID> file_name="<filename>" file_status="Uploaded"/>
</filelist>