Veracode
Veracode reports can be ingested in either XML or JSON Format
- Detailed XML Report
- JSON REST Findings from
/appsec/v2/applications/{application_guid}/findings/- Acceptable scan types include
STATIC,DYNAMIC, andSCA - Findings with a status of
CLOSEDwill not be imported into DefectDojo - Acceptable formats are as follows:
- Findings list
- Requires slight modification of the response returned from the API
- Exmample of a request being:
url <endpoint> | jq "{findings}" - Desired Format:
{ "findings": [ { ... }, ... ] }
- Embedded
- This response can be saved directly to a file and uploaded
- Not as ideal for crafting a refined report consisting of multiple requests
- Desired Format:
{ "_embedded": { "findings": [ { ... }, ... ] }, "_links": { ... }, "page": { ... } }
- Findings list
- Acceptable scan types include
Sample Scan Data
Sample Veracode scans can be found here.
Last modified January 19, 2024: :sparkles: advance parser docs to provide sample scan data (#9347) (f1e435e59)