You can use the SCA REST API to retrieve, delete, insert, or update data related to Agent-Based Scanning. You can also query Veracode's vulnerability database, annotate SCA upload findings, and generate SBOMs.
Permissions and authentication
Before you can use this API, you must have a user account. API service accounts cannot access this API.
This API uses API ID/key credentials and HMAC authentication to provide improved security. Before you can send requests, you must complete these configurations:
Ensure you access the APIs with the domain for your region.
Required HTTP headers
The Veracode SCA API requires that you set these HTTP headers in the REST requests:
user-agent: a value of your choice. Veracode recommends a company name, email domain, or application name.
SCA API specification
The API specification is available on SwaggerHub.