Link Dynamic Analysis Results to an Application with the REST API

Veracode APIs

You can use the Dynamic Analysis API to link analysis scan results to a Veracode application profile.

Overview

Linking results allows you to aggregate all scan types of the target URL into a single report and also evaluate the results against policy.

Steps

  1. Run this command to get a list of application profiles by name:

    http --auth-type=veracode_hmac GET "https://api.veracode.com/was/configservice/v1/platform_applications"
    

    You can also get application details by making a GET call to the Applications API.

  2. Locate the application UUID and add the UUID to the linked_platform_app_uuid property in your JSON file.

  3. Run this command to create an analysis that links the results to the specified UUID for your application:

    http --auth-type=veracode_hmac POST "https://api.veracode.com/was/configservice/v1/analyses" < input.json
    

The API passes the JSON file that you populate with the necessary values as shown in this example payload:

{
  "name": "Name-of-Your-Dynamic-Analysis",
  "scans": [
    {
      "linked_platform_app_uuid": "abcd1234-e6d0-475d-ac70-abff5388fa75",
      "scan_config_request": {
        "target_url": {
          "url": "http://www.example.com/",
          "http_and_https": true,
          "directory_restriction_type": "DIRECTORY_AND_SUBDIRECTORY"
        }
      }
    }
  ],
  "schedule": {
    "now": true,
    "duration": {
      "length": 1,
      "unit": "DAY"
    }
  }
}         

In this example, linked_platform_app_uuid specifies the UUID of the application profile to link to the scan results. target_url specifies the URL configuration for the target web application you want to scan.