You can use the Veracode Annotations API to annotate findings, including adding comments and proposing, accepting, and rejecting mitigations.
Permissions and Authentication
Before you can use this API, you must have one of these account types:
- An API service account with the Results API role
- A user account with the Reviewer, Security Lead, or Mitigation Approver role
This API uses API ID/key credentials and HMAC authentication to provide improved security. Before you can send requests, you must complete these configurations:
Ensure you access the APIs with the domain for your region.
Annotations API Specification
The Annotations API specification is available from SwaggerHub.