generateflawreport.do

Veracode APIs

The generateflawreport.do creates a report listing all fixed and unfixed flaws for the specified applications, scan types, or both. The return contains the token needed for downloading the flaw report.

Before using this API, Veracode strongly recommends that you read API Usage and Access Guidelines. Ensure you access the APIs with the domain for your region.

Resource URL

https://analysiscenter.veracode.com/api/3.0/generateflawreport.do

Permissions

You need the Archer API role to use this call.

Parameters

Name Type Description
app_id_list

Required

Integer Comma-separated list of the IDs for the applications you want included in the report. This parameter does not support wildcards.
scan_type String Values include:
  • static
  • dynamic
  • manual

HTTPie Example

Examples use the HTTPie command-line tool. See Using HTTPie with the Python Authentication Library.

http --auth-type=veracode_hmac -o reporttoken.xml "https://analysiscenter.veracode.com/api/3.0/generateflawreport.do" "app_id_list==<app1 id>,<app2 id>,<app3 id>" "scan_type==static"

HTTPie Results

The generateflawreport.do call initiates the process of creating the generateflawreport XML document, which references the archerreportrequest.xsd schema file. You can use the XSD schema file to validate the XML data.

The XML return contains the token string you need to retrieve the report, when it is available, using the downloadflawreport.do call.
<?xml version="1.0" encoding="UTF-8"?>

<archerreport xmlns:xsi="http&#x3a;&#x2f;&#x2f;www.w3.org&#x2f;2001&#x2f;XMLSchema-instance" 
      xmlns="https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;schema&#x2f;1.0&#x2f;archerapi" 
      xsi:schemaLocation="https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;schema&#x2f;1.0&#x2f;archerapi 
      https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;resource&#x2f;1.0&#x2f;archerreportrequest.xsd" 
      token="4aaa2b4e-c42a-44c3-a696-c650a82d9c78" archer_report_version="3.0">
</archerreport>