This tutorial provides basic step-by-step information on how to use the Veracode
Results API to automate the retrieval of application scan results using the HTTPie
command-line tool. This guide uses standalone HTTP request calls, but you can combine them
in an API wrapper to process multiple API calls.
Before you can access and
use the APIs, your Veracode user account must have the required permissions.
To retrieve detailed results for a specific application:
-
From the command-line, request the list of applications in your portfolio by
entering the following:
http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getapplist.do"
The returned applist.xml returns a list of
application IDs and names, such as app app_id="18766"
app_name="MyApp".
-
Obtain the list of builds for your chosen application.
-
For policy scan results, enter the following command, using the
application ID returned in the previous step:
http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getbuildlist.do" "app_id==<your application ID>"
The returned buildlist.xml from this step contains
the IDs of the builds for this application.
-
For sandbox scan results, enter the following command to obtain the IDs
for your sandboxes, using the application ID returned in the previous
step:
http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getsandboxlist.do" "app_id==<your application ID>"
When you have the ID for the chosen sandbox, enter the following command
to obtain the build IDs for that sandbox:
http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getbuildlist.do" "app_id==<your application ID>" "sandbox_id==<your sandbox ID>"
-
To obtain the detailed report for your chosen build, enter:
http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/detailedreport.do" "build_id==<the policy or sandbox build ID>
Where indicated, insert the ID for the target application build or
sandbox scan. Locate the build ID from the buildlist.xml or
sandboxlist.xml returned in the previous
step.