Skip to content

chuckorde/veracode-python

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

This is not an official Veracode repo. I no longer work at Veracode and this project is unmaintained.

Veracode API wrapper

A python wrapper for communicating with the Veracode APIs.

This python module currently supports the following APIs.

There is also a top level helper class Application, this can be instantiated with an application name which exposes properties that will lazy load data from the corresponding API.

Install

$ pip3 install veracode-python

Configuration

To use this module you will need to configure your API credentials. Visit the Veracode help center for more information.

Create a file ~/.veracode/credentials containing your API id and secret in the following format.

[DEFAULT]
VERACODE_API_KEY_ID = 5318f66b17e00...
VERACODE_API_KEY_SECRET = 4dc495318f66b1037c...

You can setup multiple profiles if needed and select the profile via the VERACODE_API_PROFILE enviroment variable.

Usage

Using the top level classes you can do fairly complex tasks with a few lines of code. Keep in mind that the structure of these modules may change as I add more classes.

NOTE: You can set the VERACODE_LOG_LEVEL enviroment varible to any valid python logger loglevel. The default is NOTSET. Of course you can set the loglevel directly in your code rather than setting an enviroment variable.

Application

>>> from veracode.application import Application
>>> app = Application('verademo')
>>> app
<Veracode Application: name='verademo', id=552948>

>>> app.build
<Veracode Build: version='Wed Oct 30 - 8522bfa6', id=5347783>

>>> app.policy
'Production - Critical + SCA'

>>>  app.sandbox
<Veracode Sandbox: name='None', id=None>

>>> app.sandbox = app.sandboxes[2]
>>> app.sandbox
<Veracode Sandbox: name='CI Nightly Sandbox', id=1556344>

>>> app.build
<Veracode Build: version='Wed Oct 29 Nightly Sandbox Build', id=5346981>

>>> app.sandbox = None
>>> app.build
<Veracode Build: version='Wed Oct 30 - 8522bfa6', id=5347783>

>>> app.build.report
<Veracode Report: application='verademo', sandbox='None', build='Wed Oct 30 - 8522bfa6', flaws=160>

>>> list(app.build.report.flaws)[0]
<Veracode Flaw: CWE='78', severity=5>

Direct SDK access

Returns a python object with a one-to-one mapping to the returned XML.

from veracode import SDK

result = SDK.results.SummaryReport(build_id=5347783)
print('The number of unmitigated flaws is:', result.flaws_not_mitigated)
The number of unmitigate flaws is: 160

Direct API access

Returns a custom response object with properties data: returned XML and status_code: server response code. The full response is also avialable.

If the API requires parameters you can pass them to the constructor as a python dictionary. The parameter names match the API parameters for the coresponding API that can be found on the help center.

from veracode import API

builds = API.results.GetAppBuilds.get()
print('Server returned:', builds.status_code)
print('The first 20 bytes of the response XML is:', builds.data[:20])
Server returned: 200
The first 20 bytes of the response XML is: '<?xml version="1.0" '