Fetching Application Events for Reports

About Veracode API Best Practices

You might need to import Veracode data, such as events for the applications you are scanning, to an external vulnerability management system, dashboard, or business intelligence (BI) tool. If you have custom integrations that routinely fetch data for several, or all, of your applications, these requests can degrade the performance of your Veracode account.

To simplify the process of identifying which applications have changed since you last retrieved data, you can use the last_policy_compliance_check_date property of the Applications API.

Each time Veracode evaluates the policy for an application, it updates the value for this property based on these events:

  • Publishing a new policy scan
  • Approving a mitigation
  • Assigning a different policy to the application

To get only the applications that have had a policy check since the last time you retrieved data, you can use the policy_compliance_checked_after query filter with the Applications API. This allows you to process only changed applications, which significantly decreases total processing time and reduces the number of required API calls.