XML API tutorial: How to access scan results
This tutorial provides basic step-by-step information on how to use the Veracode Results API to automate the retrieval of application scan results using the HTTPie command-line tool. This guide uses standalone HTTP request calls, but you can combine them in an API wrapper to process multiple API calls.
Before you begin:
Before you can access and use the APIs, your Veracode user account must have the required permissions.
To complete this task:
From the command prompt, send the following request to get a list of application profiles in your portfolio:
http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getapplist.do"
The returned
applist.xml
returns a list of application IDs and names, such asapp app_id="18766"
app_name="MyApp"
.Obtain the list of builds for your chosen application.
For policy scan results, send the following request, using the application ID returned in the previous step:
http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getbuildlist.do" "app_id==<your application ID>"
The returned
buildlist.xml
from this step contains the IDs of the builds for this application.For sandbox scan results, send the following request to obtain the IDs for your sandboxes, using the application ID returned in the previous step:
http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getsandboxlist.do" "app_id==<your application ID>"
When you have the ID for the chosen sandbox, send the following request to obtain the build IDs for that sandbox:
http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/getbuildlist.do" "app_id==<your application ID>" "sandbox_id==<your sandbox ID>"
To obtain the detailed report for your chosen build, send:
http --auth-type=veracode_hmac "https://analysiscenter.veracode.com/api/5.0/detailedreport.do" "build_id==<the policy or sandbox build ID>
Where indicated, insert the ID for the target application build or sandbox scan. Locate the build ID from the
buildlist.xml
orsandboxlist.xml
returned in the previous step.