Veracode APIs allow development teams to maximize the benefits of static and dynamic cloud-based security testing in an on-premise development environment while improving productivity, application security quality and policy compliance. Developers who work in rapid build and test cycles, such as Agile, can use Veracode APIs to fully automate security verification for entire software portfolios and integrate with internal build and bug tracking systems.
Veracode APIs allow customers to automate all the necessary security verification steps from creating application profiles, uploading applications and submitting the application for a scan, to getting status. With specific line-of-code vulnerability identification and remediation instructions, the results may be integrated directly into defect tracking systems without negatively impacting the development cycle. Additional benefits include:
Integrated Application Security Testing through the Cloud
Static Binary Scanning Through Developer IDEs
Veracode provides plugins to IDEs like Eclipse and Visual Studio. With the plugin installed developer’s can use their IDE to upload executables to Veracode when they want. Developers view flaws in their IDE linked to exact line numbers.
Veracode Admin API
Reduce cost of rollout and user maintenance through Veracode's APIs for automated user provisioning. Used independently or in combination with a directory service or federated authentication via SAML, the APIs make it easy to roll out access to Veracode's cloud-based platform for thousands of users--and revoke access when necessary to protect corporate data.
An integration built using the Admin API allows the Veracode Platform to work with Single Sign On technologies like Ping Identity and Symplified so that customers can seamlessly enforce identity and access management security policies with just a few mouse clicks. This integration enables Veracode customers to enforce access control policies, provide single sign-on (SSO) and audit usage of the Veracode risk management platform.
Veracode Archer Integration
The Archer dashboard is a platform for governance, risk and compliance solutions from Archer Technologies. The Archer dashboard consumes XML data feeds to integrate data from a variety of sources into a unified view of enterprise-wide risk.
The Veracode Archer feed includes information about all applications in an account. For assessments of internally developed or maintained applications, the feed includes score, a listing of all flaws, and status information about the flaws (New, Open, Fixed, or Re-opened). Summary data is included for third-party assessments, including score and top risk categories.