SCA Annotations REST API

You can use the SCA Annotations API to annotate findings, including adding comments and proposing, accepting, and rejecting mitigations to findings from SCA Upload and Scan. It uses the values for component ID, CVE name, and license ID, which you can retrieve from the Findings API.

To annotate findings from a Static Analysis or Dynamic Analysis, use the Annotations REST API.

Permissions

Before you can use all endpoints of this API, you must have one of the following accounts with the required roles:

A UI user account with the following roles:
- Reviewer or Security Lead: to propose mitigations.
- Mitigation Approver: to approve or reject mitigation proposals.
An API user account with the following roles:
- Results API: to propose mitigations.
- Mitigation API: to approve or reject mitigation proposals.

All of these roles have permission to add comments, and all of these roles can retrieve mitigation information from the API.

Authentication

This API requires secure authentication to Veracode.

SCA Annotations API specification

The SCA Annotations API specification is available on SwaggerHub.

Permissions​

Authentication​

SCA Annotations API specification​

Did you find this helpful?

Permissions

Authentication

SCA Annotations API specification