veracode dynamic

Perform a Dynamic Analysis of a web application or REST API, check the status of an analysis, and review the results of an analysis.

To use these commands, create at least one target in DAST Essentials on the Veracode Platform. A target defines the URLs of the web applications or REST APIs that you want to scan. You can run multiple analyses within the same target, called analysis runs.

Commands

Command	Description
`scan`	Runs an analysis in the specified target and outputs the discovered vulnerabilities.
`status`	Returns the status of an analysis run.
`results`	Returns the results of an analysis run.

veracode dynamic scan

Runs an analysis and outputs the discovered vulnerabilities. Make a note of the numeric analysis run ID listed in the output. You provide the analysis run ID when you run the commands veracode dynamic status or veracode dynamic results.

Usage

./veracode dynamic scan --webhook <string> [flags]

Flags

Flag	Description
`--api-spec-file`	Path to a REST API specification file, in JSON or YAML format, on the local file system. The analysis scans the endpoints defined in this file. If not specified, the analysis uses the API specification file uploaded to the target in the Veracode Platform.
`--app-auth-username`	For standard or form-based authentication, the username to sign in to the application.
`--app-auth-password`	Required if you include `--app-auth-username`. For standard or form-based authentication, the password to sign in to the application.
`--app-auth-url`	Required if you include `--app-auth-username` and `--app-auth-password`. For form-based authentication, enter the URL to the sign-in form.
`--background`	Run the analysis silently and do not display the status.
`--basic-auth-username`	For HTTP basic authentication, the username to sign in to the application.
`--basic-auth-password`	For HTTP basic authentication, the username to sign in to the application.
`--fail-on-severity`	Fail the command based on one or more severity levels of the discovered vulnerabilities. Values are: `Critical` `High` `Medium` `Low` `Informational` The default is `Informational`.
`-h`, `--help`	Show help for this command.
`--param-auth-type`	Required if you include `--param-auth-key` and `--param-auth-value`. For parameter authentication, the configuration type. Values are: `HTTP_HEADER` `COOKIE` `GET_PARAMETER` `SESSION_STORAGE` `LOCAL_STORAGE`
`--param-auth-key`	Required if you include `--param-auth-type` and `--param-auth-value`. For parameter authentication, the key name.
`--param-auth-value`	Required if you include `--param-auth-type` and `--param-auth-key`. For parameter authentication, the key value.
`--payload-file`	Path to a custom payload file, in JSON format, on the local file system.
`-w`, `--webhook`	Required. The webhook UUID of the target that contains the analysis run. For example, `290c0aa5-5554-4f9b-b564-9544f9fb7323`. To generate a webhook UUID, use the target configuration options in the Veracode Platform.

Examples

To run an analysis, run:

./veracode dynamic scan --webhook 290c0aa5-5554-4f9b-b564-9544f9fb7323

To run an analysis and change a form-based authentication configuration, run:

./veracode dynamic scan -w 290c0aa5-5554-4f9b-b564-9544f9fb7323 --app-auth-username [email protected] --app-auth-password rand0m123 --app-auth-url https://app.yourodmain.tld/login

To run an analysis and change a parameter authentication configuration, run:

./veracode dynamic scan -w 290c0aa5-5554-4f9b-b564-9544f9fb7323 --param-auth-type COOKIE --param-auth-key gdpr_overlay --param-auth-value false

To run an analysis and change multiple settings of a parameter authentication configuration, run:

./veracode dynamic scan -w 290c0aa5-5554-4f9b-b564-9544f9fb7323 --param-auth-type COOKIE --param-auth-key gdpr_overlay --param-auth-value false --param-auth-type GET_PARAMETER --param-auth-key auth_provider --param-auth-value local

To run an analysis on a REST API using a local API specification file, run:

./veracode dynamic scan -w 290c0aa5-5554-4f9b-b564-9544f9fb7323 --api-spec-file ./swagger.json  

veracode dynamic status

Returns the status of an analysis run.

Usage

./veracode dynamic status --analysis-run-id <integer> --webhook <string> [flags]

Flags

Flag	Description
`-a`, `--analysis-run-id`	Required. The numeric ID of the analysis run. The ID is listed in the output of the command `veracode dynamic scan`. In the following output examples, the ID is `18063`: `Starting Dynamic Scan with analysis run ID: 18063`, `Scan complete: analysis run ID 18063`.
`-w`, `--webhook`	Required. The webhook UUID of the target that contains the analysis run. For example, `290c0aa5-5554-4f9b-b564-9544f9fb7323`. To generate a webhook UUID, use the target configuration options in the Veracode Platform.

Example

To return the status of an analysis run, run:

./veracode dynamic status -w 290c0aa5-5554-4f9b-b564-9544f9fb7323 -a 18063

veracode dynamic results

Returns the results of an analysis run.

Usage

./veracode dynamic results --webhook <string> --analysis-run-id <integer> [flags]

Flags

Flag	Description
`-w`, `--webhook`	Required. The webhook UUID of the target that contains the analysis run. For example, `290c0aa5-5554-4f9b-b564-9544f9fb7323`. To generate a webhook UUID, use the target configuration options in the Veracode Platform.
`-a`, `--analysis-run-id`	Required. The numeric ID of the analysis run. The ID is listed in the output of the command `veracode dynamic scan`. In the following output examples, the ID is `18063`: `Starting Dynamic Scan with analysis run ID: 18063`, `Scan complete: analysis run ID 18063`.
`--format`	Optional. Format of the results output. Values are: `json` `junit` `pdf` By default, the results are listed in the command prompt window and saved as JSON in the current directory. If you enter `junit` or `pdf`, by default, the results are saved as `./results.xml` or `./results.pdf`.
`--output`	Optional. Path and filename of the results output. By default, the output file is `results.json` in the current directory. To change the file format and extension, include `--format`.

Examples

To print the results in the command prompt window, run:

./veracode dynamic results -w 290c0aa5-5554-4f9b-b564-9544f9fb7323 -a 18063

To output the results in JUnit format, run:

./veracode dynamic results -w 290c0aa5-5554-4f9b-b564-9544f9fb7323 -a 18063 --format junit --output ./my_results.xml

To output the results in PDF format, run:

./veracode dynamic results -w 290c0aa5-5554-4f9b-b564-9544f9fb7323 -a 18063 --format pdf --output ./my_results.pdf

Commands​

veracode dynamic scan​

Usage​

Flags​

Examples​

veracode dynamic status​

Usage​

Flags​

Example​

veracode dynamic results​

Usage​

Flags​

Examples​

Did you find this helpful?

Commands

veracode dynamic scan

Usage

Flags

Examples

veracode dynamic status

Usage

Flags

Example

veracode dynamic results

Usage

Flags

Examples