Veracode APIs

Veracode APIs Datasheet

Veracode APIs allow development teams to maximize the benefits of static and dynamic cloud-based security testing in an on-premise development environment while improving productivity, application security quality and policy compliance. Developers who work in rapid build and test cycles, such as Agile, can use Veracode APIs to fully automate security verification for entire software portfolios and integrate with internal build and bug tracking systems.

Veracode APIs allow customers to automate all the necessary security verification steps from creating application profiles, uploading applications and submitting the application for a scan, to getting status. With specific line-of-code vulnerability identification and remediation instructions, the results may be integrated directly into defect tracking systems without negatively impacting the development cycle. Additional benefits include:

Timeliness of Alerts: With more rapid results, developers can identify flaws early in the development cycle before they become production issues.
Decrease Time to Fix: By identifying flaws immediately after checking the application into the build server, developers are able to fix problems more efficiently.
Improved Policy Compliance: Results are not only delivered quickly, but also through the lens of the company’s security policy; this means development teams receive a severity-based list to prioritize their efforts.

These changes enable full integration with a customer's SDLC and will allow for richer IDE and build system integration.

Integrated Application Security Testing through the Cloud

Static Binary Scanning Through Developer IDEs

Veracode provides plugins to IDEs like Eclipse and Visual Studio. With the plugin installed developer’s can use their IDE to upload executables to Veracode when they want. Developers view flaws in their IDE linked to exact line numbers.

The plugins can be used in online or offline mode. In online mode, with a login that can access Veracode's Results API and Upload API, the plugin can connect to the Veracode platform and directly download flaws and upload new builds for the application of your choice. In offline mode, the plugin can read flaws from a Veracode Results XML file.

Veracode Admin API

Reduce cost of rollout and user maintenance through Veracode's APIs for automated user provisioning. Used independently or in combination with a directory service or federated authentication via SAML, the APIs make it easy to roll out access to Veracode's cloud-based platform for thousands of users--and revoke access when necessary to protect corporate data.

An integration built using the Admin API allows the Veracode Platform to work with Single Sign On technologies like Ping Identity and Symplified so that customers can seamlessly enforce identity and access management security policies with just a few mouse clicks. This integration enables Veracode customers to enforce access control policies, provide single sign-on (SSO) and audit usage of the Veracode risk management platform.

Veracode Archer Integration

The Archer dashboard is a platform for governance, risk and compliance solutions from Archer Technologies. The Archer dashboard consumes XML data feeds to integrate data from a variety of sources into a unified view of enterprise-wide risk.

The Veracode Archer feed includes information about all applications in an account. For assessments of internally developed or maintained applications, the feed includes score, a listing of all flaws, and status information about the flaws (New, Open, Fixed, or Re-opened). Summary data is included for third-party assessments, including score and top risk categories.