Manage API Specifications in the Veracode Platform

Getting Started with Veracode API Scanning

Publication
Getting Started with Veracode API Scanning
Edition date
2023-02-03
Last publication
2023-02-03T16:57:41.447106

You can use the API Specification Management tab in the Veracode Platform to upload, update, and permanently delete your API specifications.

Before you begin:

  • You have a Veracode account with the Creator, Submitter, or Security Lead role. Any member of the team associated with the Dynamic Analysis is able to view the analysis and its results.
  • You have removed any API specification you want to update or delete from the associated analyses.

To complete this task:

  1. Log in to the Veracode Platform.
  2. Select Scans and Analysis > Dynamic Analysis.
  3. Click the API Specification Management tab.
  4. To upload a new API specification, click Upload API Specification. To manage an existing specification, locate it in the API Specification Management table and select from the following actions in the Actions column.
Action Description
View API Specification Details (eye icon) Opens a read-only window with detailed information about the API scanning configuration for the selected specification. The Associated Analysis field provides a list of analyses to which this specification is associated. You can click an analysis to view additional information, including options for reconfiguring and rerunning an analysis.
Update (pencil icon) Update the following configuration settings for the selected specification.
  • Rename the specification. If you do not enter a name for the API specification, by default, the Veracode Platform uses the filename of the uploaded specification.
  • Delete the specification file attached to the configuration and replace it with a different file. Depending on the size of your specification file, the upload might take several seconds to complete. Also, the Veracode Platform shows messages about any issues with the specification, such as unsupported file format, invalid syntax, or an issue with the relative URL.
  • For JSON and YAML files, you can add or update a custom base URL, which Veracode uses to identify the server to use during analysis. OpenAPI 2.0 only supports a single server, while OpenAPI 3.0 and HAR files support multiple servers. You typically use these servers to select different environments, such as a production instance and a staging environment, or multiple production instances located in different regions.
  • Change the visibility of the specification to either Security Leads only or both Security Leads and specific teams. After adding the specification to an analysis, you cannot change its visibility.
Delete (trash can icon) Delete the API specification and its configuration settings from Veracode. You cannot undo this action or recover the deleted specification file or its configuration settings.

Next steps:

Associate the API specification to a new or existing analysis.