Commenting on Findings with the Annotations API

Veracode APIs

Veracode APIs
Edition date
Last publication

Veracode does not include comments in scan reports, so your comments are private to you and your team.

You can consider comments as a private working area while you and your team remediate findings (flaws). You can use the Applications API to get the GUID for an application.

Use this command to add a comment to an application with two findings:

http --auth-type=veracode_hmac POST "{application_guid}/annotations" < input.json

The API passes the JSON file that you populate with the necessary values as shown in this example payload:

  "issue_list": "1,2",
  "comment": "This is my comment",
  "action": "COMMENT"
Name Type Description
String Comma-separated list of finding IDs. You can use the Findings API to get a list of finding IDs for an application.
String Enter a brief comment about the findings for issue_list.