Commenting on Findings with the Annotations API

Veracode APIs

Publication
Veracode APIs
Edition date
2023-01-27
Last publication
2023-01-27T02:45:54.600583

Veracode does not include comments in scan reports, so your comments are private to you and your team.

You can consider comments as a private working area while you and your team remediate findings (flaws). You can use the Applications API to get the GUID for an application.

Use this command to add a comment to an application with two findings:

http --auth-type=veracode_hmac POST "https://api.veracode.com/appsec/v2/applications/{application_guid}/annotations" < input.json

The API passes the JSON file that you populate with the necessary values as shown in this example payload:

{
  "issue_list": "1,2",
  "comment": "This is my comment",
  "action": "COMMENT"
}
Name Type Description
issue_list
Required
String Comma-separated list of finding IDs. You can use the Findings API to get a list of finding IDs for an application.
comment
Required
String Enter a brief comment about the findings for issue_list.