Downloading, Importing, and Viewing Veracode Results

IDEs

When your application scan is complete, you can use the Veracode extension to download the scan results to your local machine or from the Veracode Platform.

You must have the required user roles to use the Veracode Visual Studio Extension. To access the Results API, a human Veracode account must have either the Reviewer or Security Lead role, and a non-human API account you must have the Results API role to be able to download results. Ensure you have these permissions before attempting to integrate Veracode into your Visual Studio development lifecycle, otherwise you receive access denial errors.

Downloading Results Using the API

To download scan results using the Veracode Results API:
  1. Select Veracode > Download Results. If the Veracode menu is not visible, check you have correctly installed the extension.
  2. If prompted, enter your Veracode API username and password, and select Store username and password so that you only have to enter your credentials one time.
  3. Click Submit.
  4. In the Download Results window, select the required application, scan type, and specific scan, and click Download.

By default, Veracode saves the results file to the Downloads directory on the user's local computer. For example, for Windows, this is C:\Users\UserName\Downloads. To change this default location:
  1. Go to Veracode > Options.
  2. In the Detailed Reports tab, enter the path of the local location where you want to save the results.
  3. Click Apply and then OK.

Downloading Results Using the Veracode Platform

To download the scan results from the Veracode Platform:
  1. From the left navigation menu of your application, click Results.
  2. Click Download Report, and select Detailed XML Export (XML) from the dropdown menu.

  3. Click Download. The report is provided as a zip file that contains the XML document and the associated XSD XML schema.
  4. In Visual Studio, go Veracode > View Results.
  5. Navigate to the location of the XML zip file that you downloaded from the Veracode Platform, and select it.

If you do not have the Reviewer role or the Results API role, you are not able to download scan results to Visual Studio by using the Veracode extension. However, if you have downloaded the scan results XML report from the Veracode Platform, you can view these results in Visual Studio.

To view scan results you previously downloaded from the Veracode Platform, go to the Veracode menu and click View Results. Browse to and select the XML results file to open in Visual Studio.

When you download or import scan results, they open in a tab in Visual Studio, enabling you to review the summary data and flaw details while working in your development project. While reviewing the results you can:
  • Filter or search for discovered flaws.
  • Double-click a flaw to open the source file (if the solution is open) and highlight the line that contains the flaw.
  • Right-click a flaw to see other viewing options, such as viewing the call stack for that flaw.
  • Right-click a flaw and select Show Details to display a window that contains the description of that flaw and remediation guidance.

Review your scan results in Visual Studio