API Tutorial: How to Access Scan Results

APIs

This tutorial provides basic step-by-step information on how to use the Veracode Results API to automate the retrieval of application scan results using the cURL command line tool. This guide uses standalone HTTP request calls, but you can combine them in an API wrapper to process multiple API calls.

About this task

Note: Before starting with the APIs, ensure you have the correct permissions to use the APIs. Your Veracode user account must have sufficient permissions to access and use the APIs.

To retrieve detailed results for a specific application:

Procedure

  1. From the command line, request the list of applications in your portfolio by entering the following: curl --compressed -u <VeracodeUsername>:<VeracodePassword> https://analysiscenter.veracode.com/api/5.0/getapplist.do.
    The returned applist.xml returns a list of application IDs, such as app app_id="18766" app_name="MyApp".
  2. Get the list of builds of your chosen application.
    • For policy scan results, enter the following command, using the application ID returned in the previous step: curl --compressed -u <VeracodeUsername>:<VeracodePassword> https://analysiscenter.veracode.com/api/5.0/getbuildlist.do -F "app_id=<your application ID>"

      The returned buildlist.xml from this step contains the IDs of the builds for this application.

    • For sandbox scan results, enter the following command to get the IDs for your sandboxes, using the application ID returned in the previous step: curl --compressed -u <VeracodeUsername>:<VeracodePassword> https://analysiscenter.veracode.com/api/5.0/getsandboxlist.do -F "app_id=<your application ID>"
      When you have the ID for the chosen sandbox, enter the following command to get the build IDs for that sandbox:
      curl --compressed -u
                                      <VeracodeUsername>:<VeracodePassword>
                                      https://analysiscenter.veracode.com/api/5.0/getbuildlist.do -F
                                      "app_id=<your application ID>"–F “sandbox_id=<your sandbox
                                      ID>"
  3. To get the detailed report for your chosen build, enter: curl --compressed -k -v -u <VeracodeUsername> https://analysiscenter.veracode.com/api/5.0/detailedreport.do?build_id=<the policy or sandbox build ID>.
    Where indicated, insert the ID for the application build or sandbox scan whose scan results you want to see. Locate the build ID from the buildlist.xml or sandboxlist.xml returned in the previous step.