This table describes the fields in the Archer XML report.
Archer XML Field | Definition |
---|---|
any_scan_due_date |
When you must next run a scan, as dictated by the associated policy. |
app_name |
Name of the application. |
archer_app_name |
An optional name to match with the application name in Archer. |
app_origin |
Ultimate origin of the application, such as open source. |
assurance_level Deprecated |
The level of assurance for the application. Veracode has deprecated assurance level and replaced it with business criticality. |
business_owner |
First and last name of the person responsible for the application. |
business_unit |
Department or group associated with the application. |
custom0 |
Custom metadata field 1. |
custom1 |
Custom metadata field 2. |
custom2 |
Custom metadata field 3. |
custom3 |
Custom metadata field 4. |
custom4 |
Custom metadata field 5. |
custom5 |
Custom metadata field 6. |
custom6 |
Custom metadata field 7. |
custom7 |
Custom metadata field 8. |
custom8 |
Custom metadata field 9. |
custom9 |
Custom metadata field 10. |
custom10 |
Custom metadata field 11. |
custom11 |
Custom metadata field 12. |
custom12 |
Custom metadata field 13. |
custom13 |
Custom metadata field 14. |
custom14 |
Custom metadata field 15. |
custom15 |
Custom metadata field 16. |
custom16 |
Custom metadata field 17. |
custom17 |
Custom metadata field 18. |
custom18 |
Custom metadata field 19. |
custom19 |
Custom metadata field 20. |
custom20 |
Custom metadata field 21. |
custom21 |
Custom metadata field 22. |
custom22 |
Custom metadata field 23. |
custom23 |
Custom metadata field 24. |
custom24 |
Custom metadata field 25. |
dynamic_score |
Veracode security quality score of the most recent Dynamic Analysis scan of this application. |
flaws |
Parent field of the collection of ArcherRecords that describe flaws. |
flaws\app_name |
Name of the application. |
flaws\capecid |
Category ID for the flaw. |
flaws\categoryid |
ID number of flaw category. |
flaws\categoryname |
Name of the flaw category. |
flaws\cia_impact |
CIA value for the calculated CVSS score. |
flaws\count |
Number of times this flaw occurs in this scan. |
flaws\cwe_description |
Definition of the Common Weakness Enumeration (CWE). |
flaws\cweid |
ID number for the Common Weakness Enumeration (CWE). |
flaws\date_first_occurrence |
Date of the scan when this flaw first occurred. |
flaws\exploit_desc |
Description of the flaw discovered during Manual Penetration Testing. |
flaws\exploitdifficulty |
Level of vulnerability for the calculated CVSS score. |
flaws\exploitLevel |
Calculated level of exploitability after static scan. |
flaws\flaw_description |
Description of the flaw. |
flaws\flaw_issue_id |
Unique issue ID number of the flaw. |
flaws\functionprototype |
Class/function information for flaws in binaries that do not have debug symbols. |
flaws\functionrelativelocation |
Relative location of flaws in the class file of binaries that do not have debug symbols. |
flaws\is_latest_build |
Boolean value that indicates if this report is for the most recent scan of the application. |
flaws\line |
Line location of flaws in binaries that do not have debug symbols. |
flaws\module |
Calling module where the flaw is located. |
flaws\note |
Exploitability level: Very Unlikely to Very Likely |
flaws\pcirelated |
Boolean value that indicates if the flaw is PCI-related. |
flaws\platform |
Platform metadata from the application profile. |
flaws\published_date |
Date of the publication date of the scan results. |
flaws\remediation_desc |
Description of how to remediate flaws discovered during Manual Penetration Testing. |
flaws\remediation_status |
Remediation status: New , Open , Re-Open , Fixed |
flaws\remediationeffort |
Level of difficulty of effort to remediate the flaw with values ranging from 1 to 5 , where 5 is the most difficult. |
flaws\scope |
Approximate classpath for flaws in binaries that do not have debug symbols. |
flaws\severity |
Severity of the flaw. Value ranges from 1 -5 , where 5 is the most severe. |
flaws\severity_desc |
Flaw severity: 5 is Very High (VH), 4 is High, 3 is Medium, 2 is Low, 1 is Very Low (VL) |
flaws\sourcefile |
Name of the source code file that contains the flaw. |
flaws\sourcefilepath |
Filepath of the source code file that contains the flaw. |
flaws\type |
Flaw type. |
flaws\url |
For Dynamic Analysis, the URL where the flaw is located. |
flaws\version |
Version of the application that contains the flaw. |
generation_date |
Date of results report generation. |
grace_period_expired |
Parameter to indicate if flaws have existed in the most recent scan of this application for longer than the acceptable grace period. |
last_update_date |
Date of publication of the most recent scan of this application. |
lifecycle_stage |
Lifecycle stage of this application, such as external or beta testing. |
manual_score |
Security quality score for the most recently published results of Manual Penetration Testing of the application. |
mitigated_rating Deprecated |
Score in the previous Veracode scoring system. |
modules |
Parent field of the collection of ArcherRecords that describe the scans. |
modules\analysis_type |
Type of scan: static , dynamic , manual |
modules\architecture |
Architecture on which the application was built or compiled. |
modules\compiler |
Name and version of the compiler of the module. |
modules\module |
Name of the module. |
modules\os |
Name of the operating system for which the module is targeted. |
modules\target_url |
Target URL that the Dynamic Analysis scan is to analyze. |
planned_deployment_date |
Specified deployment date of the application, if provided. |
platform |
Platform used for the application scan. |
policy_compliance_status |
Description of the policy compliance of the application: Calculating , Did Not Pass , Conditional Pass , Pass |
policy_name |
Name of the policy assigned to the application. |
policy_rules_passed |
Boolean value that indicates if the application passed the policy rules. |
policy_version |
Policy version. |
rating Deprecated |
Score in the previous Veracode scoring system. |
scan_overdue |
Boolean value that indicates the length of time since the last scan of this application is unacceptable according to the associated policy. |
static_score |
Security Quality Score for the most recent static scan of this application. |
submitted_date |
Submission date of the most recent static scan of this application. |
tags |
Comma-separated list of metadata tags associated with this application. |
teams |
Teams assigned to the application. |
version |
Version of this application. |