API Tutorial: How to Access Scan Results

Veracode APIs

This tutorial provides basic step-by-step information on how to use the Veracode Results API to automate the retrieval of application scan results using the HTTPie command-line tool. This guide uses standalone HTTP request calls, but you can combine them in an API wrapper to process multiple API calls.

Before you can access and use the APIs, your Veracode user account must have the required permissions.

To retrieve detailed results for a specific application:

  1. From the command-line, request the list of applications in your portfolio by entering the following:
    http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getapplist.do"
    The returned applist.xml returns a list of application IDs and names, such as app app_id="18766" app_name="MyApp".
  2. Obtain the list of builds for your chosen application.
    • For policy scan results, enter the following command, using the application ID returned in the previous step:

      http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getbuildlist.do" "app_id==<your application ID>"

      The returned buildlist.xml from this step contains the IDs of the builds for this application.

    • For sandbox scan results, enter the following command to obtain the IDs for your sandboxes, using the application ID returned in the previous step:

      http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getsandboxlist.do" "app_id==<your application ID>"

      When you have the ID for the chosen sandbox, enter the following command to obtain the build IDs for that sandbox:

      http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getbuildlist.do" "app_id==<your application ID>" "sandbox_id==<your sandbox ID>"
  3. To obtain the detailed report for your chosen build, enter:
    http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/detailedreport.do" "build_id==<the policy or sandbox build ID>
    Where indicated, insert the ID for the target application build or sandbox scan. Locate the build ID from the buildlist.xml or sandboxlist.xml returned in the previous step.