Skip to main content

API wrappers

Veracode provides API wrappers for Java and C# to simplify the integration of the XML APIs.

API wrappers are language-specific kits or packages that wrap sets of XML API calls into easy-to-use functions. The wrapper programmatically calls multiple API calls without requiring user interaction, further automating projects.

The Veracode API wrappers are Veracode-developed CLI programs that can communicate with the Veracode XML APIs accelerating the integration of theVeracode XML APIs in your Software Development Life Cycle (SDLC). The CLI programs are available in both C# and Java versions. The wrapper manages the details of network connections, parameters, and interfaces so that you can focus on using the objects to integrate Veracode into your code. The content of the wrappers is commonly used as library or command-line tools. Ensure you access the APIs with the domain for your region.


The Veracode XML APIs and the wrappers use a different syntax. For the wrappers, the parameter names omit the underscores, the parameter values omit spaces, and some parameters use different names. For example, the parameter app_id in the API is appid in the wrapper and the parameter value Very High in the API is VeryHigh in the wrapper. The parameter business_criticality in the API is criticality in the wrapper. The syntax is not interchangeable and using the wrong syntax causes your command to fail. To ensure you are using the correct syntax, see the documentation provided in the Help directory for each wrapper.

For the best experience when using the APIs and wrappers, Veracode strongly recommends that you review the API best practices.

Veracode reserves the right to apply API rate limiting to any account that exceeds the allowed number of API requests within a specific period.


Veracode APIs and integrations require access to specific Region Domains, depending on the region for your Veracode account. Contact your IT team to ensure the correct domains for your region are on the allowlist for your organization. Also, ensure that there is one-way communication on port 443 to the domain for the REST APIs. Refer to the complete list of domains and IP addresses to add to your allowlist.

API wrapper versions

API wrapperCurrent versionRequirements
C# Wrapper24.1.10.1.NET 4.5–4.8.x
Java Wrapper23.8.12.0Java 8, 11, 17
Oracle or OpenJDK only.

Automating analysis with Veracode integrations

If you are using the Veracode integrations to automate Veracode Static Analysis or Veracode Software Composition Analysis of your applications, you must follow certain guidelines to ensure that your automations run successfully.

Any first-party modules you upload for static analysis or third-party components you select for Veracode SCA upload scanning must not have fatal or blocking errors. These errors prevent the analysis from starting and cause your automation to fail. Before running your automation, perform a prescan verification to identify and resolve any errors in your modules and files.

For CI/CD systems, each scan in the same automation must upload the same top-level modules. If the top-level modules change between scans, all scans in the automation pause automatically. Before you can restart the automation, you must review the changed or added modules to ensure that all uploads include the same top-level modules.