Veracode
Veracode reports can be ingested in either XML or JSON Format
- Detailed XML Report
- JSON REST Findings from
/appsec/v2/applications/{application_guid}/findings/- Acceptable scan types include
STATIC,DYNAMIC, andSCA - Findings with a status of
CLOSEDwill not be imported into DefectDojo - Acceptable formats are as follows:
- Findings list
- Requires slight modification of the response returned from the API
- Exmample of a request being:
url <endpoint> | jq "{findings}" - Desired Format:
{ "findings": [ { ... }, ... ] }
- Embedded
- This response can be saved directly to a file and uploaded
- Not as ideal for crafting a refined report consisting of multiple requests
- Desired Format:
{ "_embedded": { "findings": [ { ... }, ... ] }, "_links": { ... }, "page": { ... } }
- Findings list
- Acceptable scan types include
Sample Scan Data
Sample Veracode scans can be found here.
Last modified November 18, 2024: Merge pull request #11287 from DefectDojo/master-into-dev/2.40.2-2.41.0-dev (3b0fd30)