The following methods call Veracode REST APIs and return JSON.
Findings().get_findings(app,scantype(opt),annot(opt),request_params(opt),sandbox(opt)): get the findings forapp(guid).scantype: Defaults to STATIC findings, but can be STATIC, DYNAMIC, MANUAL, SCA, or ALL (static, dynamic, manual). You can also pass a comma-delimited string of valid scantype options.annot: Defaults to TRUE but can be FALSEsandbox: The guid of the sandbox inappfor which you want findings. (Use the Sandboxes APIs to get the sandbox guid.)request_params: Dictionary of additional query parameters. See the full Findings API specification for some of the other options available.
Findings().get_static_flaw_info(app,issueid,sandbox(opt)): get the static flaw information, including data paths, for the finding identified byissueidinapp(guid) or itssandbox(guid).Findings().get_dynamic_flaw_info(app,issueid): get the dynamic flaw information, including request/response data, for the finding identified byissueidinapp(guid).Findings().add_annotation(app,issue_list,comment,action,sandbox(opt)): add an annotation (comment, mitigation proposal/acceptance/rejection) to the findings inissue_listforapp(guid) (or optionallysandbox(guid)). Note that you must have the Mitigation Approver role (regular user) to use the ACCEPTED or REJECTED action, or the Mitigation and Comments API role for an API service account to use this call.issue_list: must be passed as a Python list ofissue_idsaction: must be one of COMMENT, POTENTIAL_FALSE_POSITIVE, APP_BY_DESIGN, OS_ENV, NET_ENV, LIBRARY, ACCEPT_RISK, ACCEPTED, REJECTED
Findings().match_findings(origin_finding,potential_matches,approved_findings_only(opt),allow_fuzzy_match(opt)): return a matching finding frompotential_matchesfor theorigin_finding, based on the finding type.approved_findings_only: limits matches to findings with approved mitigations.allow_fuzzy_match: look for matches within a range of source lines around the origin finding. This allows for code movement but can result in flaws being mismatched; use sparingly.
SummaryReport().get_summary_report(app,sandbox(opt), build_id(opt)): get the summary report forapp(guid) or itssandbox(guid). Optionally specify abuild_idto get a summary report for an older scan.
ManualScans().get_for_app(appid): get the manual scans forappid(guid).ManualScans().get(scanid): get the manual scan information forscanid(int), returned byget_for_app().ManualScans().get_findings(scanid,include_artifacts(opt)): get the manual findings detail forscanid(int).include_artifacts: ifTrue, includes screenshots and code samples associated with the findings.
CWEs().get_all(): get metadata for all CWEs.CWEs().get(cwe_id): get metadata for the CWE identified bycwe_id(int).CWECategories().get_all(): get metadata for all CWE categories.CWECategories().get(category_id): get metadata for the CWE category identified bycategory_id(int).