SCA REST API

You can use the SCA REST API to retrieve, delete, insert, or update data related to agent-based scanning. You can also query Veracode's vulnerability database, annotate SCA upload findings, and generate SBOMs.

Permissions and authentication

Before you can use this API, you must have a user account. API service accounts cannot access this API.

This API uses API ID/key credentials and HMAC authentication to provide improved security. Before you can send requests, you must complete these configurations:

API credentials
HMAC authentication

Ensure you access the APIs with the domain for your region.

Required HTTP headers

The Veracode SCA API requires that you set these HTTP headers in the REST requests:

accept-encoding: gzip
user-agent: a value of your choice. Veracode recommends a company name, email domain, or application name.

SCA API specification

The API specification is available on SwaggerHub.

Permissions and authentication​

Required HTTP headers​

SCA API specification​

Did you find this helpful?

Permissions and authentication

Required HTTP headers

SCA API specification