Troubleshooting APIs and wrappers

This section helps you remedy common problems and understand how better to use Veracode APIs and wrappers.

note

Veracode APIs and integrations require access to specific Region Domains, depending on the region for your Veracode account. Contact your IT team to ensure the correct domains for your region are on the allowlist for your organization. Also, ensure that there is one-way communication on port 443 to the domain for the REST APIs. Refer to the complete list of domains and IP addresses to add to your allowlist.

API or wrapper	Issue	Solution
Any API or wrapper	I received an HTTP 401 or Access Denied error. I do not have access to the APIs or I am unsure what kind of access I need.	You must have a Veracode account with the required API roles assigned by your Veracode administrator. Ensure your Veracode API credentials are valid and have not expired. You can generate new credentials in the Veracode Platform.
Any API	I cannot log in to Veracode when using the APIs.	Ensure you have added the required domains for your Veracode account to the allowlist for your organization. Refer to the complete list of domains and IP addresses to add to your allowlist. Verify that your IP address is in the list or range of addresses in the Allowed IP Addresses field of your user account login settings. If the IP range is set incorrectly, edit the Allowed IP Addresses field to include the IP address of the location of your login.
Any API	The scan stopped after prescan.	To determine why a scan that started from an API failed after prescan, review the response code returned from `beginscan.do`. When your script calls `beginscan.do`, the API returns a status code that confirms the scan successfully started, or provides an error message to explain why the scan did not start.
Any API	I received cURL error 35.	If you receive the cURL error `35: Unknown SSL protocol error in connection to ...`, you need to update your version of cURL. Alternatively, you can pass the option `-3`, which forces cURL to use SSL version 3 when negotiating with a remote SSL server.
Any wrapper	I received a message that displays missing mandatory parameters.	Provide all mandatory parameters in your call. If you do not provide all mandatory parameters, the wrapper returns the missing mandatory parameters in your console.
Any wrapper	I cannot connect to Veracode through my proxy.	If your organization uses a proxy for outbound connections, provide this information to the wrapper to successfully connect to Veracode.
Archer API	See Troubleshooting GRC integrations.
Dynamic Analysis API	I need to open a support case with Veracode Technical Support.	Provide this information to Veracode Technical Support: API call you are trying to make. Response error code. For example, 201 or 401. Response body from the call. Description of the error you receive. The username and API ID for the account. API ID. Whether the API call is programmatic or by an application like Postman. If an application is calling the API, then provide the name of the application.
Java API wrapper or Veracode Jenkins Plugin, or TeamCity Plugin	See Troubleshooting CI/CD system integrations.
Java API wrapper	I experience a `PKIX` path building failure when installing the plugin from Eclipse.	Add these lines to the `eclipse.ini` file in your Eclipse installation directory: `-vmargs` `--Djavax.net.ssl.trustStore="path for cacerts"` `--Djavax.net.ssl.trustAnchors="path for cacerts"`
Flaw Report API	I see HTTPS status code `204` when I try to call `downloadflawreport.do`.	If you try to call `downloadflawreport.do` before `generateflawreport.do` has completed, you receive HTTP status code `204` to indicate no content is available. Try to download the report at a later time. After an excessively long time, if the Veracode Platform does not return the report, contact Veracode Technical Support.
Results API	The `getappbuilds.do` call is slow to deliver information.	Veracode recommends that you use `getapplist.do` to generate a list of all applications and `getbuildlist.do` to generate a list of all builds for an application. You can then use `getappinfo.do` and `getbuildinfo.do` to retrieve the information about specific applications and builds.
Upload API	I do not know if the prescan is complete or successful.	To check the prescan results in the Upload API, call `getprescanresults.do`.
Upload API	My scan does not complete due to non-fatal errors.	If you want to ensure the scan completes even though there are non-fatal errors such as unsupported frameworks, ensure you use the `scan_all_top_level_modules` parameter when you use the `beginscan.do` call.
Upload API and Integrations	I received a fatal error after prescan, which is preventing my static analysis from starting automatically.	Before the next time your static analysis is scheduled to start automatically, you need to: Review the prescan results to identify the modules that have fatal errors. Resolve the errors. Optionally, if you do not want to resolve the errors, you can: Update your uploaded files to remove the modules that have errors. Start the analysis manually. If you have not added or deleted any modules since the last analysis that contained the fatal errors, the next automated analysis uses the same selected modules.
Any Plugin, Any API	When using either a Veracode plugin, the Veracode API wrappers, or a custom script, I see this returned in the output text: `App not in state where new builds are allowed.`	This message indicates that a previous static scan did not succeed for the specific application. Log into the Veracode Platform and review the application's current scans to determine if the previous scan did not successfully complete. A previous scan may still be in progress. If a previous scan is still running due to an error, select Delete. You can then use the plugin to submit a new scan request.
Any Plugin, Any API	I receive an error when an API or integration attempts to access Veracode.	Ensure you have added the required domains for your Veracode account to the allowlist for your organization. Refer to the complete list of domains and IP addresses to add to your allowlist.
Any wrapper or plugin	The following messages appear in the console output: `Error: Unable to start a scan.` `Error: Module list must contain only top-level module ids for the scan.`	Ensure the `include` parameter is applied only to the intended top-level modules for scanning, and not to unintended dependencies modules with similar names. To check for top-level modules and see which modules are available for selection from the API, run `getprescanresults.do`. Resource URL: `https://analysiscenter.veracode.com/api/5.0/getprescanresults.do`. The `getprescanresults.do` call returns the `prescanresults` XML document, which you can check for each module. To identify top-level modules, look for `is_dependency="false"`, and for non-selectable dependencies, look for `is_dependency="true"`.

Did you find this helpful?