En

Veracode

Veracode reports can be ingested in either XML or JSON Format

  • Detailed XML Report
  • JSON REST Findings from /appsec/v2/applications/{application_guid}/findings/
    • Acceptable scan types include STATIC, DYNAMIC, and SCA
    • Findings with a status of CLOSED will not be imported into DefectDojo
    • Acceptable formats are as follows:
      • Findings list
        • Requires slight modification of the response returned from the API
        • Exmample of a request being: url <endpoint> | jq "{findings}"
        • Desired Format:
          {
    "findings": [
        {
            ...
        },
        ...
    ]
}
      • Embedded
        • This response can be saved directly to a file and uploaded
        • Not as ideal for crafting a refined report consisting of multiple requests
        • Desired Format:
          {
    "_embedded": {
        "findings": [
           {
                ...
            },
            ... 
        ]
    },
    "_links": {
        ...
    },
    "page": {
       ...
    }
}

Sample Scan Data

Sample Veracode scans can be found here.

Prev
Using Risk Acceptances
Next
Veracode SourceClear