Using the Flaw Report API

APIs

The Flaw Report API has two calls that enable you to generate and download a summarized history of all findings for one, several, or all applications.

Veracode provides this API to simplify the process of identifying the current status, such as new, fixed, open, or reopened, of all the findings for a given application by returning one record per each finding discovered in the application history. The new calls are designed for integrating with external dashboards for vulnerability management.

The Flaw Report API comprises the following calls:
generateflawreport.do
Returns generateflawreport.xml, which contains the token you need for downloading the finding report.
downloadflawreport.do
Returns an XML report that lists all fixed and unfixed findings for the specified applications and/or scan type.

Prerequisites

Before using the Flaw Report API, you must meet the following prerequisites: