Troubleshooting Veracode APIs and Wrappers

Veracode APIs

This section helps you remedy common problems and understand how better to use Veracode APIs and wrappers.

API or Wrapper Issue Solution
Any API or Wrapper I received a HTTP 401 or Access Denied error. I do not have access to the APIs or I am unsure what kind of access I need.
Any API I cannot log in to Veracode when using the APIs.
  • Veracode APIs and integrations require access to analysiscenter.veracode.com and api.veracode.com. Contact your IT team to ensure these domains are on the allowlist for your organization and that there is one-way communication on port 443 to api.veracode.com. Refer to the complete list of domains and IP addresses to add to your allowlist.
  • Verify that your IP address is in the list or range of addresses in the Allowed IP Addresses field of your user account login settings. If the IP range is set incorrectly, edit the Allowed IP Addresses field to include the IP address of the location of your login.
Any API The scan stopped after prescan. To determine why a scan that started from an API failed after prescan, review the response code returned from the beginscan.do API call. When your script calls beginscan.do, the API returns a status code that confirms the scan successfully started, or provides an error message to explain why the scan did not start.
Any API I received cURL error 35. If you receive the cURL error 35: Unknown SSL protocol error in connection to ..., you need to update your version of cURL. Alternatively, you can pass the option -3, which forces cURL to use SSL version 3 when negotiating with a remote SSL server.
Any Wrapper I received a message that displays missing mandatory parameters. Provide all mandatory parameters in your call. If you do not provide all mandatory parameters, the wrapper returns the missing mandatory parameters in your console.
Any Wrapper I cannot connect to Veracode through my proxy. If your organization uses a proxy for outbound connections, provide this information to the wrapper to successfully connect to Veracode.
Archer API See Troubleshooting GRC Integrations.  
Dynamic Analysis API I need to open a support case with Veracode Technical Support. Provide this information to Veracode Technical Support:
  • API call you are trying to make
  • Response error code. For example, 201 or 401.
  • Response body from the call
  • Description of the error you receive
  • The username and API ID for the account
  • API ID
  • Whether the API call is programmatic or by an application like Postman. If an application is calling the API, then provide the name of the application.
Veracode Jenkins Plugin or Java API wrapper See Troubleshooting Build and Release Management System Integrations.  
Java API wrapper I experience a PKIX path building failure when installing the plugin from Eclipse. Add these lines to the eclipse.ini file in your Eclipse installation directory:
-vmargs
--Djavax.net.ssl.trustStore="path for cacerts"
--Djavax.net.ssl.trustAnchors="path for cacerts"
Results API The getappbuilds.do call is slow to deliver information. Veracode recommends that you use getapplist.do to generate a list of all applications and getbuildlist.do to generate a list of all builds for an application. You can then use getappinfo.do and getbuildinfo.do to retrieve the information about specific applications and builds.
Upload API I do not know if the prescan is complete or successful. To check the prescan results in the Upload API, call getprescanresults.do.
Upload API My scan does not complete due to non-fatal errors. If you want to ensure the scan completes even though there are non-fatal errors such as unsupported frameworks, ensure you use the scan_all_top_level_modules parameter when you use the beginscan.do call.
Upload API and Integrations I received a fatal error after prescan, which is preventing my static analysis from starting automatically. Before the next time your static analysis is scheduled to start automatically, you need to:
  1. Review the prescan results to identify the modules that have fatal errors.
  2. Resolve the errors.
Optionally, if you do not want to resolve the errors, you can: If you have not added or deleted any modules since the last analysis that contained the fatal errors, the next automated analysis uses the same selected modules.
Any Plugin, Any API When using either a Veracode plugin, the Veracode API wrappers, or a custom script, I see this returned in the output text: App not in state where new builds are allowed. This message indicates that a previous static scan did not succeed for the specific application. Log into the Veracode Platform and review the application's current scans to determine if the previous scan did not successfully complete. A previous scan may still be in progress. If a previous scan is still running due to an error, select Delete. You can then use the plugin to submit a new scan request.
Any Plugin, Any API I receive an error when an API or integration attempts to access Veracode. Veracode APIs and integrations require access to analysiscenter.veracode.com and api.veracode.com. Contact your IT team to ensure these domains are on the allowlist for your organization and that there is one-way communication on port 443 to api.veracode.com. Refer to the complete list of domains and IP addresses to add to your allowlist.