Skip to main content

XML API tutorial: How to access scan results

This tutorial provides basic step-by-step information on how to use the Veracode Results API to automate the retrieval of application scan results using the HTTPie command-line tool. This guide uses standalone HTTP request calls, but you can combine them in an API wrapper to process multiple API calls.

Before you begin:

Before you can access and use the APIs, your Veracode user account must have the required permissions.

To complete this task:

  1. From the command prompt, send the following request to get a list of application profiles in your portfolio:

    http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getapplist.do"

    The returned applist.xml returns a list of application IDs and names, such as app app_id="18766" app_name="MyApp".

  2. Obtain the list of builds for your chosen application.

    • For policy scan results, send the following request, using the application ID returned in the previous step:

      http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getbuildlist.do" "app_id==<your application ID>"

      The returned buildlist.xml from this step contains the IDs of the builds for this application.

    • For sandbox scan results, send the following request to obtain the IDs for your sandboxes, using the application ID returned in the previous step:

      http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getsandboxlist.do" "app_id==<your application ID>"

      When you have the ID for the chosen sandbox, send the following request to obtain the build IDs for that sandbox:

      http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getbuildlist.do" "app_id==<your application ID>" "sandbox_id==<your sandbox ID>"

  3. To obtain the detailed report for your chosen build, send:

    http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/detailedreport.do" "build_id==<the policy or sandbox build ID>

    Where indicated, insert the ID for the target application build or sandbox scan. Locate the build ID from the buildlist.xml or sandboxlist.xml returned in the previous step.