Generating and Downloading Archer Reports

GRCs

The Archer dashboard is a platform for governance, risk, and compliance solutions. The Archer dashboard consumes XML data feeds to integrate data from a variety of sources into a unified view of enterprise-wide risk.

Veracode provides Archer feeds that include information about the applications in an account. For assessments of internally developed or maintained applications, a feed includes scores, a listing of all discovered findings, and status information about the findings (new, open, fixed, or re-opened). Summary data is included for third-party assessments, including scores and top-risk categories.

You can use the Archer API to generate and retrieve Archer reports. After you generate a report, it is only available to download for 30 days. Each login account is limited to downloading the five most recently generated reports at a time.

Veracode provides an implementation guide to assist you with configuring the Veracode Platform with RSA Archer GRC. To obtain this guide, go to https://community.rsa.com and search for Veracode - Platform 2016 - RSA Archer Implementation Guide.

Accessing the Archer API

To be able to access the Archer API, you must have a non-human user account that has the Archer API role.

Archer API Calls

The Archer API has three calls:
generatearcherreport.do
Initiates the creation of an Archer report and provides a token for gathering and downloading the data.
downloadarcherreport.do
Returns the Archer report when it is generated and available.
archer.do
This is a deprecated call that downloads the Archer feed. Although this call is functional, Veracode recommends that you use the asynchronous Archer API calls above to avoid lengthy wait times and timeouts when retrieving large data sets.