Manage API specifications for Dynamic Analysis

For Veracode Dynamic Analysis scans, use the API Specification Management tab in the Veracode Platform to upload, update, and permanently delete your API specifications or Postman Collections.

You can also upload an API specification with the REST API.

Before you begin:

• You have a Veracode account with the Creator, Submitter, or Security Lead role. Any member of the team associated with the Dynamic Analysis is able to view the analysis and its results.
• You have removed any API specification you want to update or delete from the associated analyses.

To complete this task:

1. Sign in to the Veracode Platform.
2. Select Scans and Analysis > Dynamic Analysis.
3. Select API Specification Management.
4. To upload a new API specification, select Upload API Specification. To manage an existing specification, locate it in the API Specification Management table and select from the following actions in the Actions column.

API specification actions

Action	Description
View API Specification Details	Opens a read-only window with detailed information about the API scanning configuration for the selected specification. The Associated Analysis field provides a list of analyses to which this specification is associated. You can select an analysis to view additional information, including options for reconfiguring and rerunning an analysis.
Update	Update the following configuration settings for the selected specification. Rename the specification. If you do not enter a name for the API specification, by default, the Veracode Platform uses the filename of the uploaded specification. Delete the specification file attached to the configuration and replace it with a different file. Depending on the size of your specification file, the upload might take several seconds to complete. Also, the Veracode Platform shows messages about any issues with the specification, such as unsupported file format, invalid syntax, or an issue with the relative URL. For OpenAPI specifications and Postman Collections, you can add or update a custom base URL, which Veracode uses to identify the server to use during scanning. OpenAPI 2.0 and Postman Collection only support a single server, while OpenAPI 3.0 and HAR files support multiple servers. You typically use these servers to select different environments, such as a production instance and a staging environment, or multiple production instances located in different regions. Change the visibility of the specification to either Security Leads only or both Security Leads and specific teams. After you add the specification to an analysis, you cannot change its visibility.
Delete	Permanently delete the API specification and its configuration settings from Veracode. You cannot undo this action or recover the deleted specification file or its configuration settings.

Next steps:

Associate the API specification to a new or existing analysis.

Remove an API specification from an analysis

You can remove an API specification or Postman Collection from a Dynamic Analysis. Removing the specification only removes its association to the analysis, but it is still available in the Veracode Platform. After you remove a specification, you can associate it to the same or a different analysis.

If you want to permanently delete an API specification, use the API Specification Management tab.

Before you begin:

• You have a Veracode account with the Creator, Submitter, or Security Lead role. Any member of the team associated with the Dynamic Analysis is able to view the analysis and its results.
• You have created an analysis.

To complete this task:

1. Sign in to the Veracode Platform.
2. Select Scans and Analysis > Dynamic Analysis.
3. In the All Dynamic Analyses table, locate the analysis from which to remove the API specification.
4. Select the analysis name or select Configure Analysis from the Actions column.
5. In the Actions column, select Configure Analysis.
6. In the API Specifications to Scan table, locate the specification you want to remove.
7. In the Actions column, select Remove Specification from Analysis .
8. To confirm the deletion, select OK.