Using the Archer API

GRCs

The Archer dashboard is a platform for Governance, Risk, and Compliance (GRC) solutions. The Archer dashboard consumes XML data feeds to integrate data from a variety of sources into a unified view of enterprise-wide risk.

Veracode provides Archer feeds that include information about the applications in an account. For assessments of internally developed or maintained applications, a feed includes scores, a listing of all discovered flaws, and status information about the flaws (new, open, fixed, or re-opened). The feeds also include summary data, such as scores and top-risk categories, for third-party assessments.

After you generate a report, it is only available for you to download for 30 days. Each login account is limited to downloading the five most recently generated reports at a time.

Note: RSA Archer does not support HMAC authentication, which prevents you from executing Veracode Archer API calls from within the RSA Archer interface. Veracode recommends that you write a small, external batch or shell script that calls the Archer APIs on a periodic schedule and writes the output to a fixed-name XML file. You must configure Archer to parse the XML file. Veracode provides an implementation guide to assist you with configuring the Veracode Platform with RSA Archer GRC. To obtain this guide, go to https://community.rsa.com and search for Veracode. In the search results, click Veracode Platform Integration.

Before You Begin