RSA Archer XML API

The Archer API integrates with RSA Archer and enables you to generate reports for GRC.

We provide Archer feeds that include information about the applications in an account. For assessments of internally developed or maintained applications, a feed includes scores, a listing of all discovered flaws, and status information about the flaws (new, open, fixed, or re-opened). The feeds also include summary data, such as scores and top-risk categories, for third-party assessments.

After you generate a report, it is only available for you to download for 30 days. Each login account is limited to downloading the five most recently generated reports at a time.

note

RSA Archer does not support HMAC authentication, which prevents you from executing Veracode Archer API calls from within the RSA Archer interface. Veracode recommends that you write a small, external batch or shell script that calls the Archer APIs on a periodic schedule and writes the output to a fixed-name XML file. You must configure Archer to parse the XML file. Veracode provides an implementation guide to assist you with configuring the Veracode Platform with RSA Archer GRC. The guide is available from the Archer Community.

Prerequisites

• You must have an API service account with the Archer Report API role.
• Veracode strongly recommends that you read API usage and access guidelines.
• Ensure you access the APIs with the domain for your region.
• Ensure that all required Veracode IP addresses for the Veracode APIs and integrations are on the allowlist for your organization. The APIs use these addresses to authenticate with Veracode. To update your allowlist, you might need to contact your IT team.