Archer XML Report Fields
This table describes the fields in the Archer XML report.
| Archer XML Field | Definition |
|---|---|
any_scan_due_date | When you must next run a scan, as dictated by the associated policy. |
app_name | Name of the application. |
archer_app_name | An optional name to match with the application name in Archer. |
app_origin | Ultimate origin of the application, such as open source. |
assurance_level Deprecated | The level of assurance for the application. Veracode has deprecated assurance level and replaced it with business criticality . |
business_owner | First and last name of the person responsible for the application. |
business_unit | Department or group associated with the application. |
custom0 | Custom metadata field 1. |
custom1 | Custom metadata field 2. |
custom2 | Custom metadata field 3. |
custom3 | Custom metadata field 4. |
custom4 | Custom metadata field 5. |
custom5 | Custom metadata field 6. |
custom6 | Custom metadata field 7. |
custom7 | Custom metadata field 8. |
custom8 | Custom metadata field 9. |
custom9 | Custom metadata field 10. |
custom10 | Custom metadata field 11. |
custom11 | Custom metadata field 12. |
custom12 | Custom metadata field 13. |
custom13 | Custom metadata field 14. |
custom14 | Custom metadata field 15. |
custom15 | Custom metadata field 16. |
custom16 | Custom metadata field 17. |
custom17 | Custom metadata field 18. |
custom18 | Custom metadata field 19. |
custom19 | Custom metadata field 20. |
custom20 | Custom metadata field 21. |
custom21 | Custom metadata field 22. |
custom22 | Custom metadata field 23. |
custom23 | Custom metadata field 24. |
custom24 | Custom metadata field 25. |
dynamic_score | Veracode security quality score of the most recent Dynamic Analysis scan of this application. |
flaws | Parent field of the collection of ArcherRecords that describe flaws. |
flaws\app_name | Name of the application. |
flaws\capecid | Category ID for the flaw. |
flaws\categoryid | ID number of flaw category. |
flaws\categoryname | Name of the flaw category. |
flaws\cia_impact | CIA value for the calculated CVSS score. |
flaws\count | Number of times this flaw occurs in this scan. |
flaws\cwe_description | Definition of the Common Weakness Enumeration (CWE). |
flaws\cweid | ID number for the Common Weakness Enumeration (CWE). |
flaws\date_first_occurrence | Date of the scan when this flaw first occurred. |
flaws\exploit_desc | Description of the flaw discovered during Manual Penetration Testing. |
flaws\exploitdifficulty | Level of vulnerability for the calculated CVSS score. |
flaws\exploitLevel | Calculated level of exploitability after static scan. |
flaws\flaw_description | Description of the flaw. |
flaws\flaw_issue_id | Unique issue ID number of the flaw. |
flaws\functionprototype | Class/function information for flaws in binaries that do not have debug symbols. |
flaws\functionrelativelocation | Relative location of flaws in the class file of binaries that do not have debug symbols. |
flaws\is_latest_build | Boolean value that indicates if this report is for the most recent scan of the application. |
flaws\line | Line location of flaws in binaries that do not have debug symbols. |
flaws\module | Calling module where the flaw is located. |
flaws\note | Exploitability level: Very Unlikely to Very Likely |
flaws\pcirelated | Boolean value that indicates if the flaw is PCI-related. |
flaws\platform | Platform metadata from the application profile. |
flaws\published_date | Date of the publication date of the scan results. |
flaws\remediation_desc | Description of how to remediate flaws discovered during Manual Penetration Testing. |
flaws\remediation_status | Remediation status: New, Open, Re-Open, Fixed |
flaws\remediationeffort | Level of difficulty of effort to remediate the flaw with values ranging from 1 to 5, where 5 is the most difficult. |
flaws\scope | Approximate classpath for flaws in binaries that do not have debug symbols. |
flaws\severity | Severity of the flaw. Value ranges from 1-5, where 5 is the most severe. |
flaws\severity_desc | Flaw severity: 5 is Very High (VH), 4 is High, 3 is Medium, 2 is Low, 1 is Very Low (VL) |
flaws\sourcefile | Name of the source code file that contains the flaw. |
flaws\sourcefilepath | Filepath of the source code file that contains the flaw. |
flaws\type | Flaw type. |
flaws\url | For Dynamic Analysis, the URL where the flaw is located. |
flaws\version | Version of the application that contains the flaw. |
generation_date | Date of results report generation. |
grace_period_expired | Parameter to indicate if flaws have existed in the most recent scan of this application for longer than the acceptable grace period. |
last_update_date | Date of publication of the most recent scan of this application. |
lifecycle_stage | Lifecycle stage of this application, such as external or beta testing. |
manual_score | Security quality score for the most recently published results of Manual Penetration Testing of the application. |
mitigated_rating Deprecated | Score in the previous Veracode scoring system. |
modules | Parent field of the collection of ArcherRecords that describe the scans. |
modules\analysis_type | Type of scan: static, dynamic, manual |
modules\architecture | Architecture on which the application was built or compiled. |
modules\compiler | Name and version of the compiler of the module. |
modules\module | Name of the module. |
modules\os | Name of the operating system for which the module is targeted. |
modules\target_url | Target URL that the Dynamic Analysis scan is to analyze. |
planned_deployment_date | Specified deployment date of the application, if provided. |
platform | Platform used for the application scan. |
policy_compliance_status | Description of the policy compliance of the application: Calculating, Did Not Pass, Conditional Pass, Pass |
policy_name | Name of the policy assigned to the application. |
policy_rules_passed | Boolean value that indicates if the application passed the policy rules. |
policy_version | Policy version. |
rating Deprecated | Score in the previous Veracode scoring system. |
scan_overdue | Boolean value that indicates the length of time since the last scan of this application is unacceptable according to the associated policy. |
static_score | Security Quality Score for the most recent static scan of this application. |
submitted_date | Submission date of the most recent static scan of this application. |
tags | Comma-separated list of metadata tags associated with this application. |
teams | Teams assigned to the application. |
version | Version of this application. |