Using the Archer API

GRCs

The Archer dashboard is a platform for governance, risk, and compliance solutions. The Archer dashboard consumes XML data feeds to integrate data from a variety of sources into a unified view of enterprise-wide risk.

Veracode provides Archer feeds that include information about the applications in an account. For assessments of internally developed or maintained applications, a feed includes scores, a listing of all discovered flaws, and status information about the flaws (new, open, fixed, or re-opened). Summary data is included for third-party assessments, including scores and top-risk categories.

Customers who have purchased a subscription that includes access to the Archer API can generate and retrieve Archer reports. Once you generate a report, it is only available to download for 30 days. Each login account is limited to downloading the five most recently generated reports at a time.

To use the Archer API, you must have a Veracode non-human API user account that has the Archer API role. You cannot access the Archer API using a human account.

The Archer API comprises the following calls:
generatearcherreport.do
Initiates the creation of an Archer report and provides a token for gathering and downloading the data.
downloadarcherreport.do
Returns the Archer report when it is generated and available.
archer.do
This is a deprecated call that downloads the Archer feed. Although this call is functional, Veracode recommends that you use the asynchronous Archer API calls above to avoid lengthy wait times and timeouts when retrieving large data sets.