Archer XML Report Fields

GRCs

Provides definitions for the fields in the Archer XML report.

Archer XML Field Definition
any_scan_due_date When you must next run a scan, as dictated by the associated policy
app_name Name of the application
archer_app_name An optional name to match with the application name in Archer
app_origin Ultimate origin of the application, such as open source
assurance_level

Deprecated

The level of assurance for the application
business_owner First and last name of the person responsible for the application
business_unit Department or group associated with the application
custom0 Custom metadata field 1
custom1 Custom metadata field 2
custom2 Custom metadata field 3
custom3 Custom metadata field 4
custom4 Custom metadata field 5
custom5 Custom metadata field 6
custom6 Custom metadata field 7
custom7 Custom metadata field 8
custom8 Custom metadata field 9
custom9 Custom metadata field 10
custom10 Custom metadata field 11
custom11 Custom metadata field 12
custom12 Custom metadata field 13
custom13 Custom metadata field 14
custom14 Custom metadata field 15
custom15 Custom metadata field 16
custom16 Custom metadata field 17
custom17 Custom metadata field 18
custom18 Custom metadata field 19
custom19 Custom metadata field 20
custom20 Custom metadata field 21
custom21 Custom metadata field 22
custom22 Custom metadata field 23
custom23 Custom metadata field 24
custom24 Custom metadata field 25
dynamic_score Veracode security quality score of the most recent DynamicDS scan of this application
flaws Parent field of the collection of ArcherRecords that describe flaws
flaws\app_name Name of the application
flaws\capecid Category ID for the flaw
flaws\categoryid ID number of flaw category
flaws\categoryname Name of the flaw category
flaws\cia_impact CIA value for the calculated CVSS score
flaws\count Number of times this flaw occurs in this scan
flaws\cwe_description Definition of the Common Weakness Enumeration (CWE)
flaws\cweid ID number for the Common Weakness Enumeration (CWE)
flaws\date_first_occurrence Date of the scan when this flaw first occurred
flaws\exploit_desc Description of the flaw discovered during Manual Penetration Testing
flaws\exploitdifficulty Level of vulnerability for the calculated CVSS score
flaws\exploitLevel Calculated level of exploitability after static scan
flaws\flaw_description Description of the flaw
flaws\flaw_issue_id Unique issue ID number of the flaw
flaws\functionprototype Class/function information for flaws in binaries that do not have debug symbols
flaws\functionrelativelocation Relative location of flaws in the class file of binaries that do not have debug symbols
flaws\is_latest_build Boolean value that indicates if this report is for the most recent scan of the application
flaws\line Line location of flaws in binaries that do not have debug symbols
flaws\module Calling module where the flaw is located
flaws\note Information about the exploitability level (Very Unlikely to Very Likely)
flaws\pcirelated Boolean value that indicates if the flaw is PCI-related
flaws\platform Platform metadata from the application profile
flaws\published_date Date of the publication date of the scan results
flaws\remediation_desc Description of how to remediate flaws discovered during Manual Penetration Testing
flaws\remediation_status Remediation status:
  • New
  • Open
  • Re-Open
  • Fixed
flaws\remediationeffort Level of difficulty of effort to remediate the flaw with values ranging from 1 to 5, where 5 is the most difficult
flaws\scope Approximate classpath for flaws in binaries that do not have debug symbols
flaws\severity Severity of the flaw. Value ranges from 1-5, where 5 is the most severe
flaws\severity_desc Description of the flaw severity:
  • 5 is Very High (VH)
  • 4 is High
  • 3 is Medium
  • 2 is Low
  • 1 is Very Low (VL)
flaws\sourcefile Name of the source code file in which the flaw is located
flaws\sourcefilepath Filepath of the source code file in which the flaw is located
flaws\type Description of the type of flaw
flaws\url URL where flaw is located by the DynamicDS scan
flaws\version Version of application in which the flaw is located
generation_date Date of results report generation
grace_period_expired Parameter to indicate if flaws have existed in the most recent scan of this application for longer than the acceptable grace period
last_update_date Date of publication of the most recent scan of this application
lifecycle_stage Lifecycle stage of this application, such as external or beta testing
manual_score Security quality score for the most recently published results of Manual Penetration Testing of the application
mitigated_rating

Deprecated

Score in the previous Veracode scoring system
modules Parent field of the collection of ArcherRecords that describe the scans
modules\analysis_type Type of scan:
  • static
  • dynamic
  • manual
modules\architecture Architecture on which the application was built or compiled
modules\compiler Name and version of the compiler of the module
modules\module Name of the module
modules\os Name of the operating system for which the module is targeted
modules\target_url Target URL that the DynamicDS scan is to analyze
planned_deployment_date Specified deployment date of the application, if provided
platform Platform used for the application scan
policy_compliance_status Description of the policy compliance of the application:
  • Calculating
  • Did Not Pass
  • Conditional Pass
  • Pass
policy_name Name of the policy assigned to the application
policy_rules_passed Boolean value that indicates if the application passed the policy rules
policy_version Policy version
rating

Deprecated

Score in the previous Veracode scoring system
scan_overdue Boolean value that indicates the length of time since the last scan of this application is unacceptable according to the associated policy
static_score Security Quality Score for the most recent static scan of this application
submitted_date Submission date of the most recent static scan of this application
tags Comma-separated list of metadata tags associated with this application
teams Customer teams assigned to the application
version Version of this application