Using the Static Flaw Information Endpoint

Veracode APIs

Publication
Veracode APIs
Edition date
2022-12-01
Last publication
2022-12-01T00:14:58.434817

You can use the static_flaw_info endpoint of the Findings API to get additional information about a single finding discovered during a static analysis.

The static_flaw_info endpoint returns this information:

  • Name of the scanned module
  • Filepath to the file that contains the finding
  • Name of the function that contains the finding
  • Code line numbers where the finding exists
  • Attack vectors associated with the request
  • Calls in the associated call stack

Permissions and Authentication

Before you can use all the endpoints of the Findings API, you must have one of these account types:

This API uses API ID/key credentials and HMAC authentication to provide improved security. Before you can send requests, you must complete these configurations:

Ensure you access the APIs with the domain for your region.

Static Finding Data Path API Specification

The static_flaw_info endpoint uses the Static Finding Data Path API specification available from SwaggerHub.