README
¶
Veracode API Package
Package Documentation
See here: https://godoc.org/github.com/brian1917/vcodeapi
Description
Go package that provides easy access to the Veracode APIs. Each API typically has two files: one for making the http request and one for parsing the response.
For example, detailedreport.go calls the Veracode API and returns a [byte] and detailedreportparser.go parses the
XML response and returns usable objects such as flaws.
Credentials File
Must be structured like the following:
veracode_api_key_id = ID HERE
veracode_api_key_secret = SECRET HERE
Included APIs
- Get App List (
/api/5.0/getapplist.do) - Get Build List (
/api/5.0/getbuildlist.do) - Get Sandbox List (
/api/5.0/getsandboxlist.do) - Get Detailed Report (
/api/5.0/detailedreport.do) - Get Team Info (
api/3.0/getteaminfo.do) - Updated Mitigation Info (
api/updatemitigationinfo.do) - Upload File (
api/5.0/uploadfile.do) - Begin Prescan (
api/5.0/beginprescan.do)
Documentation
¶
Index ¶
- func ParseBeginPreScan(credsFile, appID, sandboxID string, autoScan bool) error
- func ParseDetailedReport(credsFile, buildID string) (DetReport, []Flaw, []CustomField, error)
- func ParseUpdateMitigation(credsFile, buildID, action, comment, flawList string) error
- func ParseUploadFile(credsFile, appID, sandboxID, path string) error
- type Annotation
- type Annotations
- type App
- type Build
- type Component
- type CustomField
- type DetReport
- type DetReportMeta
- type DynamicAnalysis
- type FilePath
- type FilePaths
- type Flaw
- type License
- type Licenses
- type ManualAnalysis
- type Mitigation
- type Mitigations
- type Module
- type Modules
- type PolicyRule
- type Sandbox
- type SoftwareCompositionAnalysis
- type StaticAnalysis
- type Team
- type TeamInfo
- type User
- type ViolatedPolicyRules
- type Vulnerabilities
- type Vulnerability
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ParseBeginPreScan ¶
ParseBeginPreScan process an begin prescan request and returns an error if applicable
func ParseDetailedReport ¶
func ParseDetailedReport(credsFile, buildID string) (DetReport, []Flaw, []CustomField, error)
ParseDetailedReport parses the detailedreport.do API and returns an DetailedReport struct, an array of Flaws, and an array of Custom Fields.
func ParseUpdateMitigation ¶
ParseUpdateMitigation process an update mitigation request and returns an error if applicable
func ParseUploadFile ¶
ParseUploadFile processes a file upload request and returns an error if applicable
Types ¶
type Annotation ¶
type Annotation struct {
Action string `xml:"action,attr"`
Description string `xml:"description,attr"`
User string `xml:"user,attr"`
Date string `xml:"date,attr"`
}
Annotation is a comment on a flaw (separate from comments attached to mitigation actions)
type Annotations ¶
type Annotations struct {
Annotation []Annotation `xml:"annotation"`
}
Annotations are an array of individual annotations (comments)
type App ¶
App represents a Veracode Application Profile
func ParseAppList ¶
ParseAppList calls the Veracode getapplist.do API and returns an array of Apps
type Build ¶
type Build struct {
BuildID string `xml:"build_id,attr"`
Version string `xml:"version,attr"`
PolicyUpdatedDate string `xml:"policy_updated_date,attr"`
}
A Build represents a Veracode Build within an application.
func ParseBuildList ¶
ParseBuildList calls the Veracode getbuildlist.do API and returns an array of Builds
type Component ¶
type Component struct {
AddedDate string `xml:"added_date,attr"`
ComponentAffectsPolicyCompliance string `xml:"component_affects_policy_compliance,attr"`
Description string `xml:"description,attr"`
FileName string `xml:"file_name,attr"`
Library string `xml:"library,attr"`
MaxCvssScore string `xml:"max_cvss_score,attr"`
New string `xml:"new,attr"`
Sha1 string `xml:"sha1,attr"`
Vendor string `xml:"vendor,attr"`
Version string `xml:"version,attr"`
FilePaths FilePaths `xml:"file_paths"`
Licenses Licenses `xml:"licenses"`
ViolatedPolicyRules ViolatedPolicyRules `xml:"violated_policy_rules"`
Vulnerabilities Vulnerabilities `xml:"vulnerabilities"`
}
Component is a third-party library identifed by SCA
type CustomField ¶
CustomField is metadata for an application profile (extracted from detailed report API)
type DetReport ¶
type DetReport struct {
AppName string `xml:"app_name,attr"`
AppID string `xml:"app_id,attr"`
PolicyName string `xml:"policy_name,attr"`
PolicyComplianceStatus string `xml:"policy_compliance_status,attr"`
PolicyRulesStatus string `xml:"policy_rules_status,attr"`
GracePeriodExpired string `xml:"grace_period_expired,attr"`
BusinessUnit string `xml:"business_unit,attr"`
StaticAnalysis StaticAnalysis `xml:"static-analysis"`
DynamicAnalysis DynamicAnalysis `xml:"dynamic-analysis"`
ManualAnalysis ManualAnalysis `xml:"manual-analysis"`
}
DetReport represents the detailed report returned for a build
type DetReportMeta ¶
type DetReportMeta struct {
AppName string `xml:"app_name,attr"`
AppID string `xml:"app_id,attr"`
PolicyName string `xml:"policy_name,attr"`
PolicyComplianceStatus string `xml:"policy_compliance_status,attr"`
PolicyRulesStatus string `xml:"policy_rules_status,attr"`
GracePeriodExpired string `xml:"grace_period_expired,attr"`
BusinessUnit string `xml:"business_unit,attr"`
}
DetReportMeta represents metadata in the detailed report XML
func ParseBuildMetaData ¶
func ParseBuildMetaData(credsFile, buildID string) (DetReportMeta, error)
ParseBuildMetaData parses the detailedreport.do API and returns a detailed report meta data struct.
type DynamicAnalysis ¶
type DynamicAnalysis struct {
DynamicScanType string `xml:"dynamic_scan_type,attr"`
PublishedDate string `xml:"published_date,attr"`
Rating string `xml:"rating,attr"`
ScanExitStatusDesc string `xml:"scan_exit_status_desc,attr"`
ScanExitStatusID string `xml:"scan_exit_status_id,attr"`
Score string `xml:"score,attr"`
SubmittedDate string `xml:"submitted_date,attr"`
Version string `xml:"version,attr"`
Modules Modules `xml:"modules"`
}
DynamicAnalysis represents a dynamic scan from Veracode
type FilePath ¶
type FilePath struct {
Value string `xml:"value,attr"`
}
FilePath is the filepath of the third-party component
type FilePaths ¶
type FilePaths struct {
FilePath []FilePath `xml:"file_path"`
}
FilePaths is an array of filepaths
type Flaw ¶
type Flaw struct {
Issueid string `xml:"issueid,attr"`
CweName string `xml:"categoryname,attr"`
CategoryID string `xml:"categoryid,attr"`
CategoryName string
Cweid string `xml:"cweid,attr"`
RemediationStatus string `xml:"remediation_status,attr"`
MitigationStatus string `xml:"mitigation_status,attr"`
AffectsPolicyCompliance string `xml:"affects_policy_compliance,attr"`
PolicyName string
DateFirstOccurrence string `xml:"date_first_occurrence,attr"`
Severity string `xml:"severity,attr"`
ExploitLevel string `xml:"exploitLevel,attr"`
Module string `xml:"module,attr"`
SourcefilePath string `xml:"sourcefilepath,attr"`
Sourcefile string `xml:"sourcefile,attr"`
Line string `xml:"line,attr"`
Description string `xml:"description,attr"`
FlawURL string `xml:"url,attr"`
VulnParameter string `xml:"vuln_parameter,attr"`
Mitigations Mitigations `xml:"mitigations"`
Annotations Annotations `xml:"annotations"`
}
Flaw represents a finding from a Veracode test (static, dynamic, or MPT)
type License ¶
type License struct {
LicenseURL string `xml:"license_url,attr"`
Name string `xml:"name,attr"`
RiskRating string `xml:"risk_rating,attr"`
SpdxID string `xml:"spdx_id,attr"`
}
License is the license associated with a third-party component identified by SCA
type Licenses ¶
type Licenses struct {
License []License `xml:"license"`
}
Licenses is an array of licenses
type ManualAnalysis ¶
type ManualAnalysis struct {
PublishedDate string `xml:"published_date,attr"`
Rating string `xml:"rating,attr"`
Score string `xml:"score,attr"`
SubmittedDate string `xml:"submitted_date,attr"`
Version string `xml:"version,attr"`
Modules Modules `xml:"modules"`
}
ManualAnalysis represents a manual assessment from Veracode
type Mitigation ¶
type Mitigation struct {
Action string `xml:"action,attr"`
Description string `xml:"description,attr"`
User string `xml:"user,attr"`
Date string `xml:"date,attr"`
}
Mitigation is an individual documentation of a compensating control or reason a policy-violating flaw will not be addressed.
type Mitigations ¶
type Mitigations struct {
Mitigation []Mitigation `xml:"mitigation"`
}
Mitigations are an array individual mitigations
type Module ¶
type Module struct {
Architecture string `xml:"architecture,attr"`
Compiler string `xml:"compiler,attr"`
Domain string `xml:"domain,attr"`
Loc string `xml:"loc,attr"`
Name string `xml:"name,attr"`
Numflawssev0 string `xml:"numflawssev0,attr"`
Numflawssev1 string `xml:"numflawssev1,attr"`
Numflawssev2 string `xml:"numflawssev2,attr"`
Numflawssev3 string `xml:"numflawssev3,attr"`
Numflawssev4 string `xml:"numflawssev4,attr"`
Numflawssev5 string `xml:"numflawssev5,attr"`
Os string `xml:"os,attr"`
Score string `xml:"score,attr"`
TargetURL string `xml:"target_url,attr"`
}
Module represents a scannable module in Veracode
type PolicyRule ¶
type PolicyRule struct {
Desc string `xml:" desc,attr"`
Type string `xml:" type,attr"`
Value string `xml:" value,attr" `
}
PolicyRule is a rule violated by a third-party component identifed by SCA
type Sandbox ¶
type Sandbox struct {
SandboxID string `xml:"sandbox_id,attr"`
SandboxName string `xml:"sandbox_name,attr"`
Owner string `xml:"owner,attr"`
}
Sandbox is a an individual sandbox with an application profile
func ParseSandboxList ¶
ParseSandboxList parses the getsandboxlist.do API and returns an array of Sandboxes
type SoftwareCompositionAnalysis ¶
type SoftwareCompositionAnalysis struct {
ComponentsViolatedPolicy string `xml:"components_violated_policy,attr"`
ThirdPartyComponents string `xml:"third_party_components,attr"`
ViolatePolicy string `xml:"violate_policy,attr"`
VulnerableComponents []Component `xml:"vulnerable_components"`
PublishedDate string
AppName string
}
SoftwareCompositionAnalysis represents the SCA section of the detailed report
func ParseSCAReport ¶
func ParseSCAReport(credsFile, buildID string) (SoftwareCompositionAnalysis, error)
ParseSCAReport parses the detailedreport.do API and returns a SoftwareCompositionAnalysis struct
type StaticAnalysis ¶
type StaticAnalysis struct {
AnalysisSize string `xml:"analysis_size_bytes,attr"`
EngineVersion string `xml:"engine_version,attr"`
PublishedDate string `xml:"published_date,attr"`
Rating string `xml:"rating,attr"`
Score string `xml:"score,attr"`
SubmittedDate string `xml:"submitted_date,attr"`
Version string `xml:"version,attr"`
Modules Modules `xml:"modules"`
}
StaticAnalysis represents a static scan from Veracode
type Team ¶
type Team struct {
TeamID string `xml:"team_id,attr"`
TeamName string `xml:"team_name,attr"`
CreationDate string `xml:"creation_date,attr"`
}
Team represents a Veracode team of users
func ParseTeamList ¶
ParseTeamList calls the getteamlist.do API and returns an array of teams
type TeamInfo ¶
type TeamInfo struct {
TeamName string `xml:"team_name,attr"`
Users []User `xml:"user"`
Apps []App `xml:"application"`
}
TeamInfo represents the Team Information for a Veracode Team
type User ¶
type User struct {
Username string `xml:"username,attr"`
FirstName string `xml:"first_name,attr"`
LastName string `xml:"last_name,attr"`
Email string `xml:"email_address,attr"`
}
User represents a User in the Veracode Platform
type ViolatedPolicyRules ¶
type ViolatedPolicyRules struct {
PolicyRule []PolicyRule `xml:"Policy_rule"`
}
ViolatedPolicyRules is an array of rules violating by the third-party component identifed by SCA
type Vulnerabilities ¶
type Vulnerabilities struct {
Vulnerability []Vulnerability `xml:"vulnerability"`
}
Vulnerabilities is an array of vulnerabilities
type Vulnerability ¶
type Vulnerability struct {
CveID string `xml:"cve_id,attr"`
CveSummary string `xml:"cve_summary,attr"`
CvssScore string `xml:"cvss_score,attr"`
CweID string `xml:"cwe_id,attr"`
Mitigation string `xml:"mitigation,attr"`
Severity string `xml:"severity,attr"`
SeverityDesc string `xml:"severity_desc,attr"`
VulnerabilityAffectsPolicyCompliance string `xml:"vulnerability_affects_policy_compliance,attr"`
}
Vulnerability is a CVE associated with a third-party component identified by SCA
Source Files
¶
- applist.go
- applistparser.go
- beginprescan.go
- beginprescanparser.go
- buildlist.go
- buildlistparser.go
- categorymapping.go
- detailedreport.go
- detailedreportparser.go
- detailedreportparsermeta.go
- sandboxlist.go
- sandboxlistparser.go
- scaparser.go
- teaminfo.go
- teaminfoparser.go
- teamlist.go
- teamlistparser.go
- updatemitigationinfo.go
- updatemitigationinfoparser.go
- uploadfile.go
- uploadfileparser.go