Annotations REST API

You can use the Annotations API to annotate findings, including adding comments and proposing, accepting, and rejecting mitigations. This API applies to findings from a Static Analysis or Dynamic Analysis.

Permissions and authentication

Before you can use this API, you must have one of these accounts with the required roles:

• A human user account with the following roles:

  • Reviewer or Security Lead: to add comments or propose mitigations.
  • Mitigation Approver: to approve or reject mitigation proposals.

• An API service account with the following roles:

  • Results API: to add comments or propose mitigations.
  • Mitigation API: to approve or reject mitigation proposals.

This API uses API ID/key credentials and HMAC authentication to provide improved security. Before you can send requests, you must complete these configurations:

• Veracode API credentials
• HMAC authentication

Ensure you access the APIs with the domain for your region.

Annotations API specification

The Annotations API specification is available from SwaggerHub.

The SCA Annotations API specification is also available from SwaggerHub.