Veracode provides both XML and REST APIs for automating application security testing tasks. The XML APIS are also available as wrappers. Veracode strongly recommends that you use the REST APIs. For new integrations, always use the REST APIs.
Veracode provides an XML API for every task involved in scanning with Veracode. These APIs and the wrappers enable you to automate most of the tasks involved in scanning your applications. Ensure you access the APIs with the domain for your region.
For the best experience when using the APIs and wrappers, Veracode strongly recommends that you review the API Best Practices.
Veracode reserves the right to apply API rate limiting to any account that exceeds the allowed number of API requests within a specific period.
For instructions on using Veracode APIs with Postman, see https://github.com/veracode/veracode-postman.
- API Wrappers
- Veracode provides API wrappers for Java and C#. Veracode recommends using API wrappers when working with the Veracode XML APIs.
- Upload API
- Use the Upload API to automatically send new builds of your applications to the Veracode Platform for static analysis scans.
- Results API
- Use the Results API to get a list of available applications and retrieve detailed application results.
- Mitigation and Comments API
- Integrate flaw comments and mitigation workflow tasks into IDEs and bug tracking systems.
- Admin API
- Use the Admin API to create and manage users and teams in the Veracode Platform.
- Flaw Report API
- The Flaw Report API creates a report that lists all fixed and unfixed flaws for the specified applications and/or scan type.
- VAST APIs
- The Veracode VAST program has APIs for automating vendor and enterprise tasks.
- Sandbox APIs
- Use the Sandbox API calls to automate creating, updating, deleting, listing, and promoting development sandboxes.