Veracode APIs

Veracode APIs
Edition date
Last publication

The uploadfile.do call uploads a file to an existing build or creates a build. Veracode recommends that you use the uploadlargefile.do call to avoid timeout errors when uploading a large file.

Before using this API, Veracode strongly recommends that you read API Usage and Access Guidelines. Ensure you access the APIs with the domain for your region.

Before uploading additional files, ensure that:

  • An upload or prescan is not in progress.
  • The beginscan.do call is not in progress.
  • If you recently ran the beginscan.do call, you did not set auto_scan to true.

Because the uploadfile.do call creates a build, if one does not already exist or if the most recent build has a published static scan, you do not need to call createbuild.do. If the call creates a build, the build name is the date of the build with the scan type. For example, 03 Mar 2019 Static.

If you want to upload a file that does not have the same name as a previous file, you can use the save_as parameter to change the name, enabling flaw-matching with previously scanned files.

Resource URL



Name Type Description
Integer Application ID.
String File to upload. The maximum file size is 2GB.
  • Set Content-Type: multipart/form-data.
  • Open the file in binary mode.
If you see timeout errors during the upload, you can use the uploadlargefile.do call.

Note: You must enter the @ symbol before the entire pathname, including the specific filename.

sandbox_id Integer Enter the ID of the target sandbox for the upload file.
save_as String Enter a new, unique filename for the uploaded file. The filename cannot begin or end with slashes or periods.

HTTPie Example

This call supports the HTTP POST method. Examples use the HTTPie command-line tool.

http --auth-type=veracode_hmac POST -f "https://analysiscenter.veracode.com/api/5.0/uploadfile.do" "app_id==<application ID>" "[email protected]:\myappfiles\myappzip.zip" "save_as==myappfile.zip"

HTTPie Results

The uploadfile.do call returns the filelist XML document, which references the filelist.xsd schema file. You can use the XSD schema file to validate the XML data.

<?xml version="1.0" encoding="UTF-8"?>

<filelist xmlns:xsi="http&#x3a;&#x2f;&#x2f;www.w3.org&#x2f;2001&#x2f;XMLSchema-instance" 
      https&#x3a;&#x2f;&#x2f;analysiscenter.veracode.com&#x2f;resource&#x2f;2.0&#x2f;filelist.xsd" filelist_version="1.1" 
      account_id="<account ID>" app_id="<application ID>" build_id="<build ID>">
   <file file_id="<file ID>" file_name="myappfile.zip" file_status="Uploaded" file_md5="<file md5>/>
   <file file_id="<file ID>" file_name="myappfile2.zip" file_status="Uploaded" file_md5="<file md5>"/>

Java Example

java -jar vosp-api-wrappers-java-<version>.jar -vid <Veracode API ID> -vkey <Veracode API key> -action uploadfile -appid <application ID> -filepath c:\Users\<username>\<filename>

Java Results

The uploadfile.do call returns the filelist XML document, which references the filelist.xsd schema file. You can use the XSD schema file to validate the XML data.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<filelist xmlns="https://analysiscenter.veracode.com/schema/2.0/filelist" 
      account_id=<account ID> app_id=<application ID> build_id=<build ID> filelist_version="1.1" 
   <file file_id=<file ID> file_name="<filename>" file_status="Uploaded"/>