Dynamic Analysis REST API
You can use the Dynamic Analysis API to automate major dynamic scanning tasks.
This API enables you to programmatically initiate dynamic scanning with the flexibility necessary for incorporating this type of security scanning into your Software Development Life Cycle.
The API endpoints perform these tasks:
- Create analyses with URL scans
- Configure analyses and URL scans
- Schedule and run analyses
- Link analyses to Veracode application profiles
After completing a dynamic analysis scan, you can use the Findings API to get information on a discovered flaw.
This API does not support DAST.
Permissions
Before you can use all endpoints of this API, you must have one of the following accounts with the required roles:
- An API user account with the Upload and Scan API role.
- A UI user account with the Security Lead, Creator, or Submitter role.
Authentication
This API requires secure authentication to Veracode.
Authentication errors
To see authentication errors for the Dynamic Analysis REST API, send:
http --auth-type=veracode_hmac GET https://api.veracode.com/was/configservice/v1/code_groups/errorcode
Dynamic Analysis API specification
The Dynamic Analysis API specification is available from SwaggerHub.
Scanning APIs
By default, any POST or PUT request to the Dynamic Analysis REST API assumes that the target is a web application. For a Dynamic Analysis API scan, append the scan_type=API_SCAN query parameter to your POST or PUT request.
For example:
http --auth-type=veracode_hmac POST "https://api.veracode.com/was/configservice/v1/analyses?scan_type=API_SCAN" < input.json
To scan web applications, exclude this parameter or change it to scan_type=WEB_SCAN.