beginprescan.do

APIs

The beginprescan call runs the prescan of the application.

Before using this API, Veracode strongly recommends that you read API Usage and Access Guidelines.

The beginprescan call determines whether the auto-scan feature is on or off based on:

  • The command-line parameter boolean value of auto_scan: auto_scan=true or auto_scan=false.
  • The auto_scan setting of the previous scan of the same application.
  • If it is the first scan of an application, the auto_scan setting is based on the auto_scan feature switch value.

When the auto_scan setting is set to true, the specified build is automatically submitted for scan after prescan is complete.

Resource URL

https://analysiscenter.veracode.com/api/5.0/beginprescan.do

Parameters

app_id Integer. Required.
auto_scan Boolean. true or false. Optional. If you want to automatically submit a full scan, use this parameter. If this parameter is not present, auto_scan is set based on the:
  • auto_scan setting of previous scans of the application
  • feature switch value of auto_scan
The full scan does not submit if the prescan results in errors.
sandbox_id Integer. Optional. Enter the ID of the sandbox if you are performing a sandbox scan.
scan_all_nonfatal_top_level_modules

Boolean. true or false. Optional. If this parameter is not set, it defaults to false. If auto_scan is false, this parameter is ignored, and it defaults to false. Using this boolean value as true, if the application has more than one module, and at least one of the top-level modules does not have any fatal errors, it starts the scan for those modules after prescan is complete.

cURL Example

curl --compressed -u <VeracodeUsername>:<VeracodePassword>
        https://analysiscenter.veracode.com/api/5.0/beginprescan.do -F "app_id=10886" -F
        "sandbox_id=10391" -F "auto_scan=true"

cURL Results

The beginprescan.do call returns the buildinfo XML document, which references the buildinfo.xsd. Additional buildinfo.xml schema documentation is available. Use the XSD file to validate the XML data.

Java Examples

This example uses the Veracode username and password.

 java -jar vosp-api-wrappers-java-<version #>.jar -vuser <VeracodeUsername> -vpassword
        <VeracodePassword> -action beginprescan -appid <app id>

This example uses the Veracode API ID and key credentials.

java -jar vosp-api-wrappers-java-<version #>.jar -vid <VeracodeApiId> -vkey <VeracodeApiKey> -action beginprescan -appid <app id>      
      

Java Results

The beginprescan.do call returns the buildinfo XML document, which references the buildinfo.xsd. Additional buildinfo.xml schema documentation is available. Use the XSD file to validate the XML data. The following is an example of the returned XML when the Veracode username and password are supplied:

<?xml version="1.0"
        encoding="UTF-8" standalone="no"?> <buildinfo
        xmlns="https://analysiscenter.veracode.com/schema/4.0/buildinfo"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" account_id=<account id> app_id=<app id>
        build_id=<build id> buildinfo_version=<version #>
        xsi:schemaLocation="https://analysiscenter.veracode.com/schema/4.0/buildinfo
        https://analysiscenter.veracode.com/resource/4.0/buildinfo.xsd"> 
<build build_id=<build id> grace_period_expired="false" legacy_scan_engine="false" lifecycle_stage="Not Specified" 
        platform="Not Specified" policy_compliance_status="Not Assessed" policy_name="Veracode Recommended Very High" policy_version="1" results_ready="false" 
        rules_status="Not Assessed" scan_overdue="false" submitter=<VeracodeUsername> version="4 Dec 2018 Static">

<analysis_unit analysis_type="Static" status="Pre-Scan Submitted"/>

</build>

</buildinfo>