Using the Flaw Report API

APIs

The Flaw Report API has two calls that enable you to generate and download a summarized history of all flaws for one, several, or all applications.

Veracode provides this API to simplify the process of identifying the current status, such as new, fixed, open, or reopened, of all the flaws for a given application by returning one record per each flaw discovered in the application history. The new calls are designed for integrating with external dashboards for vulnerability management.

To use the Flaw Report API, you must have a Veracode non-human API user account that has the Archer API role. You cannot access the Archer API using a human account.

The Flaw Report API comprises the following calls:
generateflawreport.do
Returns generateflawreport.xml which contains the token you need for downloading the flaw report.
downloadflawreport.do
Returns an XML report that lists all fixed and unfixed flaws for the specified applications and/or scan type.