Creating a Credentials Variable for Dynamic Analysis Login Scripts

Veracode APIs

You can update credentials fields in login scripts by creating a scan engine variable that the Dynamic Analysis API uses at runtime.

Using a variable means login script creators do not need to know the credentials for the application to which Dynamic Analysis is logging in, nor do you need to create a new login script every time the credentials values change.

If you have the Security Lead role, you can create a scan engine variable for the Dynamic Analysis API.

To create a variable key/value pair, make a POST call to, specifying the description, value, and optional reference key. The reference key is the value you use in your login script. Alternatively, you can use the scanner_variable_id that the API returns in response to a POST in your login scripts.

This is an example of how to create a new scan engine variable key-value pair:

   "description": "Password key for my application",
   "reference_key": "MY_PASSWORD_KEY",
   "value": "hunter2"

The following is an excerpt of a Selenium command in a login script that references the key MY_PASSWORD_KEY. When the dynamic scan engine executes the login script, the value hunter2 replaces the key ${MY_PASSWORD_KEY} at runtime.

  "id": "5045080b-99ad-47e9-a8a6-7897bf4b5975",
  "comment": "",
  "command": "type",
  "target": "name=password",
  "targets": [
      "css=tr:nth-child(7) input:nth-child(2)",
  "value": "${MY_PASSWORD_KEY}"

Example Python code on how to use the scan engine variables API feature is available on GitHub.

For detailed documentation of this API, see the full Swagger specification.