veracode

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 26, 2025 License: MIT Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	VeryHigh BusinessCriticality = "VERY_HIGH"
	High     BusinessCriticality = "HIGH"
	Medium   BusinessCriticality = "MEDIUM"
	Low      BusinessCriticality = "LOW"
	VeryLow  BusinessCriticality = "VERY_LOW"

	Static  ScanType = "STATIC"
	Dynamic ScanType = "DYNAMIC"
	Manual  ScanType = "MANUAL"

	Passed          PolicyCompliance = "PASSED"
	ConditionalPass PolicyCompliance = "CONDITIONAL_PASS"
	DidNotPass      PolicyCompliance = "DID_NOT_PASS"
	NotAssessed     PolicyCompliance = "NOT_ASSESSED"
	VendorReview    PolicyCompliance = "VENDOR_REVIEW"
	Determining     PolicyCompliance = "DETERMINING"

	Created                           ScanStatus = "CREATED"
	Unpublished                       ScanStatus = "UNPUBLISHED"
	Deleted                           ScanStatus = "DELETED"
	PartialPublish                    ScanStatus = "PARTIAL_PUBLISH"
	PartialUnpublish                  ScanStatus = "PARTIAL_UNPUBLISH"
	Incomplete                        ScanStatus = "INCOMPLETE"
	ScanSubmitted                     ScanStatus = "SCAN_SUBMITTED"
	InQueue                           ScanStatus = "IN_QUEUE"
	Stopping                          ScanStatus = "STOPPING"
	Pausing                           ScanStatus = "PAUSING"
	InProgress                        ScanStatus = "IN_PROGRESS"
	AnalysisErrors                    ScanStatus = "ANALYSIS_ERRORS"
	ScanCanceled                      ScanStatus = "SCAN_CANCELED"
	InternalReview                    ScanStatus = "INTERNAL_REVIEW"
	VerifyingResults                  ScanStatus = "VERIFYING_RESULTS"
	SubmittedForNtoPreScan            ScanStatus = "SUBMITTED_FOR_NTO_PRE_SCAN"
	SubmittedForDynamicPreScan        ScanStatus = "SUBMITTED_FOR_DYNAMIC_PRE_SCAN"
	PreScanFailed                     ScanStatus = "PRE_SCAN_FAILED"
	ReadyToSubmit                     ScanStatus = "READY_TO_SUBMIT"
	NtoPendingSubmission              ScanStatus = "NTO_PENDING_SUBMISSION"
	PreScanComplete                   ScanStatus = "PRE_SCAN_COMPLETE"
	ModuleSelectionRequired           ScanStatus = "MODULE_SELECTION_REQUIRED"
	PendingVendorAcceptance           ScanStatus = "PENDING_VENDOR_ACCEPTANCE"
	ShowOsrdb                         ScanStatus = "SHOW_OSRDB"
	Published                         ScanStatus = "PUBLISHED"
	PublishedToVendor                 ScanStatus = "PUBLISHED_TO_VENDOR"
	PublishedToEnterprise             ScanStatus = "PUBLISHED_TO_ENTERPRISE"
	PendingAccountApproval            ScanStatus = "PENDING_ACCOUNT_APPROVAL"
	PendingLegalAgreement             ScanStatus = "PENDING_LEGAL_AGREEMENT"
	ScanInProgress                    ScanStatus = "SCAN_IN_PROGRESS"
	ScanInProgressPartialResultsReady ScanStatus = "SCAN_IN_PROGRESS_PARTIAL_RESULTS_READY"
	PromoteInProgress                 ScanStatus = "PROMOTE_IN_PROGRESS"
	PreScanCanceled                   ScanStatus = "PRE_SCAN_CANCELED"
	NtoPreScanCanceled                ScanStatus = "NTO_PRE_SCAN_CANCELED"
	ScanHeldApproval                  ScanStatus = "SCAN_HELD_APPROVAL"
	ScanHeldLoginInstructions         ScanStatus = "SCAN_HELD_LOGIN_INSTRUCTIONS"
	ScanHeldLogin                     ScanStatus = "SCAN_HELD_LOGIN"
	ScanHeldInstructions              ScanStatus = "SCAN_HELD_INSTRUCTIONS"
	ScanHeldHoldsFinished             ScanStatus = "SCAN_HELD_HOLDS_FINISHED"
	ScanRequested                     ScanStatus = "SCAN_REQUESTED"
	TimeFramePendingId                ScanStatus = "TIMEFRAMEPENDING_ID"
	PausedId                          ScanStatus = "PAUSED_ID"
	StaticValidatingUpload            ScanStatus = "STATIC_VALIDATING_UPLOAD"
	PublishedToEnterpriseInt          ScanStatus = "PUBLISHED_TO_ENTERPRISEINT"
)
View Source 
const (
	CategoryApplication PolicyCategory = "APPLICATION"
	CategoryComponent   PolicyCategory = "COMPONENT"

	PolicyScanTypeStatic  PolicyScanType = "STATIC"
	PolicyScanTypeDynamic PolicyScanType = "DYNAMIC"
	PolicyScanTypeManual  PolicyScanType = "MANUAL"
	PolicyScanTypeSca     PolicyScanType = "SCA"
	PolicyScanTypeAny     PolicyScanType = "ANY"

	FindingRuleScanTypeStatic    FindingRuleScanType = "STATIC"
	FindingRuleScanTypeDynamic   FindingRuleScanType = "DYNAMIC"
	FindingRuleScanTypeManual    FindingRuleScanType = "MANUAL"
	FindingRuleScanTypesCA       FindingRuleScanType = "SCA"
	FindingRuleScanTypeMobile    FindingRuleScanType = "MOBILE"
	FindingRuleScanTypeAll       FindingRuleScanType = "ALL"
	FindingRuleScanTypeDynamicMP FindingRuleScanType = "DYNAMICMP"

	PolicyScanFrequencyNotRequired     PolicyScanFrequency = "NOT_REQUIRED"
	PolicyScanFrequencyOnce            PolicyScanFrequency = "ONCE"
	PolicyScanFrequencyWeekly          PolicyScanFrequency = "WEEKLY"
	PolicyScanFrequencyMonthly         PolicyScanFrequency = "MONTHLY"
	PolicyScanFrequencyQuarterly       PolicyScanFrequency = "QUARTERLY"
	PolicyScanFrequencySemiAnnually    PolicyScanFrequency = "SEMI_ANNUALLY"
	PolicyScanFrequencyAnnually        PolicyScanFrequency = "ANNUALLY"
	PolicyScanFrequencyEvery18Months   PolicyScanFrequency = "EVERY_18_MONTHS"
	PolicyScanFrequencyEvery2Years     PolicyScanFrequency = "EVERY_2_YEARS"
	PolicyScanFrequencyEvery3Years     PolicyScanFrequency = "EVERY_3_YEARS"
	PolicyScanFrequencySetByVLPolicy   PolicyScanFrequency = "SET_BY_VL_POLICY"
	PolicyScanFrequencySetByPolicyRule PolicyScanFrequency = "SET_BY_POLICY_RULE"

	PolicyTypeBuiltIn       PolicyType = "BUILTIN"
	PolicyTypeVeracodeLevel PolicyType = "VERACODELEVEL"
	PolicyTypeCustomer      PolicyType = "CUSTOMER"
	PolicyTypeStandard      PolicyType = "STANDARD"

	FindingRuleTypeFailAll          FindingRuleType = "FAIL_ALL"
	FindingRuleTypeCWE              FindingRuleType = "CWE"
	FindingRuleTypeCategory         FindingRuleType = "CATEGORY"
	FindingRuleTypeMaxSeverity      FindingRuleType = "MAX_SEVERITY"
	FindingRuleTypeCvss             FindingRuleType = "CVSS"
	FindingRuleTypeCve              FindingRuleType = "CVE"
	FindingRuleTypeBlacklist        FindingRuleType = "BLACKLIST"
	FindingRuleTypeMinScore         FindingRuleType = "MIN_SCORE"
	FindingRuleTypeSecurityStandard FindingRuleType = "SECURITY_STANDARD"
	FindingRuleTypeLicenseRisk      FindingRuleType = "LICENSE_RISK"
	FindingRuleTypeAllowlist        FindingRuleType = "ALLOWLIST"
)

Variables

View Source 
var Regions = map[string]map[string]string{
	"e": Region{"rest": "https://api.veracode.eu", "xml": "https://analysiscenter.veracode.eu"},
	"f": Region{"rest": "https://api.veracode.us", "xml": "https://analysiscenter.veracode.us"},
	"g": Region{"rest": "https://api.veracode.com", "xml": "https://analysiscenter.veracode.com"},
}

Functions

func GetCredentialsFilePath 

func GetCredentialsFilePath() (string, error)

GetCredentialsFilePath gets the Veracode API credentials file path.

func GetProfiles 

func GetProfiles(filePath string) (map[string]Profile, error)

GetProfiles returns all of the profiles stored in the Veracode credentials file.

func LoadVeracodeCredentials 

func LoadVeracodeCredentials() (string, string, error)

LoadVeracodeCredentails will get the Veracode API key and secret for set profile from the credentials file. The profile name will be read from the VERACODE_API_PROFILE environmental variable. If the variable is not set, the profile with name "default" will be used. If there is only one profile with no name it will be used. The credentials file should be in the .ini format and should be present in the /.veracode/ folder in the user's home directory. Please refer to the documentation for more information: https://docs.veracode.com/r/c_httpie_tool.

func NewVeracodeError 

func NewVeracodeError(resp *http.Response) error

NewVeracodeError unmarshals a response body into a new Veracode error.

func QueryEncode 

func QueryEncode(options any) string

QueryEncode takes any object and encodes it to a query string, while replacing "+" with "%20".

The reason I added this function, was because the Veracode APIs does not support "+" to indicate spaces in the URL's query parameters. Example: `?name=foo+bar` will cause a 401 error.

Known bug:

if "+" is part of the query parameter name/value before encoding, it will also be replaced by "%20". I am doing it this way for simplicity, performance (the alternative is to loop through the url.Values map and replace specifically every space before encoding) and because I don't currently have a use case to pass any values that contain "+".

Types

type APICredentials added in v0.5.0 

type APICredentials struct {
	ApiId          string   `json:"api_id"`
	ApiSecret      string   `json:"api_secret"`
	ExpirationTs   ctime    `json:"expiration_ts"`
	RevocationUser string   `json:"revocation_user"`
	RevocationTs   ctime    `json:"revocation_ts"`
	Links          NavLinks `json:"_links"`
}

type AnalysisType added in v0.7.0 

type AnalysisType struct {
	Modules            Module `json:"modules"`
	Rating             string `json:"rating,omitempty"`                // Letter grade for the security of this application.
	Score              int    `json:"score,omitempty"`                 // Numeric security score for this application.
	MitigatedRating    string `json:"mitigated_rating,omitempty"`      // Letter grade for the security of this application, based on mitigated findings.
	MitigatedScore     int    `json:"mitigated_score,omitempty"`       // Numeric security score for this application, based on mitigated findings.
	SubmittedDate      ctime  `json:"submitted_date"`                  // Date when you submitted this application to Veracode for analysis.
	PublishedDate      ctime  `json:"published_date"`                  // Date when Veracode published the analysis for this application.
	NextScanDue        ctime  `json:"next_scan_due"`                   // Date when the active security policy for this application is scheduled to request the next scan.
	AnalysisSizeBytes  int    `json:"analysis_size_bytes,omitempty"`   // Optional. For a static analysis, the size, in bytes, of the scanned modules.
	EngineVersion      string `json:"engine_version,omitempty"`        // For a static analysis, the version of the engine that Veracode used for this scan.
	DynamicScanType    string `json:"dynamic_scan_type,omitempty"`     // Optional. For a dynamic analysis, indicates whether the scan is DA (Dynamic Analysis), MP (DynamicMP), or DS (DynamicDS).
	ScanExitStatusId   int    `json:"scan_exit_status_id,omitempty"`   // Optional. For a dynamic analysis, the numeric code for scan exit status.
	ScanExitStatusDesc string `json:"scan_exit_status_desc,omitempty"` // Optional. For a dynamic analysis, a description for scan_exit_status_id.
	Version            string `json:"version,omitempty"`               // Optional. Version of the scan.
}

For a static analysis, a list of modules with one module node per module analyzed. For a dynamic analysis, a single module node.

type AnalysisUnit added in v0.7.0 

type AnalysisUnit struct {
	AnalysisType         string    `xml:"analysis_type,attr"`
	PublishedDate        time.Time `xml:"published_date,attr"`
	Status               string    `xml:"status,attr"`
	PublishedDateSeconds int       `xml:"published_date_sec,attr"`
	EngineVersion        int       `xml:"engine_version,attr"`
}

type Application 

type Application struct {
	AppProfileUrl     string             `json:"app_profile_url,omitempty"`
	Created           ctime              `json:"created"`
	Id                int                `json:"id,omitempty"`
	LastCompletedScan ctime              `json:"last_completed_scan"`
	Modified          ctime              `json:"modified"`
	Oid               int                `json:"oid,omitempty"`
	OrganizationId    int                `json:"organization_id,omitempty"`
	ResultsUrl        string             `json:"results_url,omitempty"`
	Guid              string             `json:"guid,omitempty"`
	Profile           ApplicationProfile `json:"profile"`
	Scans             []ApplicationScan  `json:"scans,omitempty"`
}

func NewApplication 

func NewApplication(name, policyGuid string, businessCriticality BusinessCriticality) Application

NewApplication creates an Application with all of the required fields.

type ApplicationBusinessOwner 

type ApplicationBusinessOwner struct {
	Email string `json:"email,omitempty"`
	Name  string `json:"name,omitempty"`
}

type ApplicationBusinessUnit 

type ApplicationBusinessUnit struct {
	Id   int    `json:"id,omitempty"`
	Name string `json:"name,omitempty"`
	Guid string `json:"guid,omitempty"`
}

type ApplicationCustomField 

type ApplicationCustomField struct {
	Name      string `json:"name,omitempty"`
	SortOrder int    `json:"sort_order,omitempty"`
}

type ApplicationPolicy 

type ApplicationPolicy struct {
	Name                   string           `json:"name,omitempty"`
	Guid                   string           `json:"guid,omitempty"`
	IsDefault              bool             `json:"is_default,omitempty"`
	PolicyComplianceStatus PolicyCompliance `json:"policy_compliance_status,omitempty"`
}

type ApplicationProfile 

type ApplicationProfile struct {
	ArcherAppName       string              `json:"archer_app_name,omitempty"`
	BusinessCriticality BusinessCriticality `json:"business_criticality,omitempty"` // Enum: [ VERY_HIGH, HIGH, MEDIUM, LOW, VERY_LOW ]
	BusinessOwners      []struct {
		Email string `json:"email,omitempty"`
		Name  string `json:"name,omitempty"`
	} `json:"business_owners,omitempty"`
	BusinessUnit *ApplicationBusinessUnit `json:"business_unit,omitempty"`
	Name         string                   `json:"name,omitempty"`
	Tags         string                   `json:"tags,omitempty"`
	Policies     []ApplicationPolicy      `json:"policies,omitempty"`
	Teams        []ApplicationTeam        `json:"teams,omitempty"`
	CustomFields []CustomField            `json:"custom_fields,omitempty"`
	Description  string                   `json:"description,omitempty"`
	GitRepoUrl   string                   `json:"git_repo_url,omitempty"`
	Settings     map[string]bool          `json:"settings,omitempty"`
}

type ApplicationScan added in v0.6.0 

type ApplicationScan struct {
	InternalStatus string     `json:"internal_status,omitempty"`
	ModifiedDate   time.Time  `json:"modified_date,omitempty"`
	ScanType       string     `json:"scan_type,omitempty"`
	ScanURL        string     `json:"scan_url,omitempty"`
	Status         ScanStatus `json:"status,omitempty"`
}

type ApplicationService 

type ApplicationService service

You can use the Applications API to quickly access information about your Veracode applications. For more information, review the documentation: https://docs.veracode.com/r/c_apps_intro

Currently supports V1 of the Applications API

func (*ApplicationService) CreateApplication 

func (a *ApplicationService) CreateApplication(ctx context.Context, application Application) (*Application, *Response, error)

CreateApplication creates a new application using the provided Application.

Veracode API documentation:

func (*ApplicationService) CreateCollection 

func (c *ApplicationService) CreateCollection(ctx context.Context, collection Collection) (*Collection, *Response, error)

CreateCollection creates a new collection using the provided Collection.

func (*ApplicationService) DeleteApplication 

func (a *ApplicationService) DeleteApplication(ctx context.Context, appId string) (*Response, error)

DeleteApplication deletes an application from the Veracode API using the provided appId.

Veracode API documentation:

func (*ApplicationService) DeleteCollection 

func (a *ApplicationService) DeleteCollection(ctx context.Context, collectionGuid string) (*Response, error)

GetCollection deletes a collection with the provided collectionGuid.

func (*ApplicationService) GetApplication 

func (a *ApplicationService) GetApplication(ctx context.Context, appId string) (*Application, *Response, error)

GetApplication retrieves an Application Profile with the provided appId.

Veracode API documentation: https://app.swaggerhub.com/apis/Veracode/veracode-applications_api_specification/1.0#/Application%20information%20API/getApplicationUsingGET

func (*ApplicationService) GetCollection 

func (a *ApplicationService) GetCollection(ctx context.Context, collectionGuid string) (*Collection, *Response, error)

GetCollection retrieves a collection with the provided collectionGuid.

func (*ApplicationService) GetSummaryReport added in v0.7.0 

func (a *ApplicationService) GetSummaryReport(ctx context.Context, appId string, options SummaryReportOptions) (SummaryReport, *Response, error)

GetSummaryReport returns a summary report of results for an application profile.

Veracode API documentation: https://docs.veracode.com/r/c_rest_summary_report_intro

func (*ApplicationService) ListApplications 

func (a *ApplicationService) ListApplications(ctx context.Context, options ListApplicationOptions) ([]Application, *Response, error)

ListApplications takes a ListApplicationOptions and returns a list of Applications.

Veracode API documentation: https://docs.veracode.com/r/r_applications_list

func (*ApplicationService) ListCollections 

func (c *ApplicationService) ListCollections(ctx context.Context, options ListCollectionOptions) ([]Collection, *Response, error)

ListCollections returns []Collection using provided CollectionListOptions.

func (*ApplicationService) ListCustomFields 

func (a *ApplicationService) ListCustomFields(ctx context.Context, options ListCustomFieldOptions) ([]ApplicationCustomField, *Response, error)

ListCustomFields returns a list of the custom fields for the Application Profiles.

func (*ApplicationService) UpdateApplication 

func (a *ApplicationService) UpdateApplication(ctx context.Context, application Application) (*Application, *Response, error)

UpdateApplication updates the Application Profile provided. NOTE: When you update an application profile with this API, all properties are required.

Veracode API documentation:

func (*ApplicationService) UpdateCollection 

func (c *ApplicationService) UpdateCollection(ctx context.Context, collection Collection) (*Collection, *Response, error)

UpdateCollection updates a collection with collectionId using provided collection.

type ApplicationTeam 

type ApplicationTeam struct {
	Guid     string `json:"guid,omitempty"`
	TeamId   int    `json:"team_id,omitempty"`
	TeamName string `json:"team_name,omitempty"`
}

type BuildDetailed added in v0.7.0 

type BuildDetailed struct {
	XMLName                xml.Name     `xml:"build"`
	Version                string       `xml:"version,attr"`
	BuildId                string       `xml:"build_id,attr"`
	Submitter              string       `xml:"submitter,attr"`
	Platform               string       `xml:"platform,attr"`
	LifeCycleStage         string       `xml:"lifecycle_stage,attr"`
	SCAResultsReady        bool         `xml:"sca_results_ready,attr"`
	ResultsReady           bool         `xml:"results_ready,attr"`
	PolicyName             string       `xml:"policy_name,attr"`
	PolicyVersion          string       `xml:"policy_version,attr"`
	PolicyComplianceStatus string       `xml:"policy_compliance_status,attr"`
	PolicyUpdatedDate      time.Time    `xml:"policy_updated_date,attr"`
	RulesStatus            string       `xml:"rules_status,attr"`
	GracePeriodExpired     bool         `xml:"grace_period_expired,attr"`
	ScanOverdue            bool         `xml:"scan_overdue,attr"`
	LegacyScanEngine       bool         `xml:"legacy_scan_engine,attr"`
	AnalysisUnit           AnalysisUnit `xml:"analysis_unit"`
}

type BuildInfo added in v0.7.0 

type BuildInfo struct {
	XMLName          xml.Name      `xml:"buildinfo"`
	BuildInfoVersion string        `xml:"buildinfo_version,attr"`
	AccountId        string        `xml:"account_id,attr"`
	AppId            string        `xml:"app_id,attr"`
	BuildId          string        `xml:"build_id,attr"`
	Build            BuildDetailed `xml:"build"`
}

type BuildInfoOptions added in v0.7.0 

type BuildInfoOptions struct {
	AppId     int `url:"app_id,omitempty"`     // AppId is required
	BuildId   int `url:"build_id,omitempty"`   // Application or sandbox build ID. Default is the most recent static scan
	SandboxId int `url:"sandbox_id,omitempty"` // Target Sandbox Id
}

type BuildList added in v0.7.0 

type BuildList struct {
	XMLName          xml.Name       `xml:"buildlist"`
	BuildListVersion string         `xml:"buildlist_version,attr"`
	AccountId        string         `xml:"account_id,attr"`
	AppId            string         `xml:"app_id,attr"`
	AppName          string         `xml:"app_name,attr"`
	Builds           []BuildSummary `xml:"build"`
}

type BuildListOptions added in v0.7.0 

type BuildListOptions struct {
	AppId     int `url:"app_id,omitempty"`     // AppId is required
	SandboxId int `url:"sandbox_id,omitempty"` // Target Sandbox Id
}

type BuildSummary added in v0.7.0 

type BuildSummary struct {
	BuildId           string    `xml:"build_id,attr"`
	Version           string    `xml:"version,attr"`
	PolicyUpdatedDate time.Time `xml:"policy_updated_date,attr"`
	DynamicScanType   string    `xml:"dynamic_scan_type,attr"`
}

type BusinessCriticality 

type BusinessCriticality string

type BusinessUnit 

type BusinessUnit struct {
	BuId       string  `json:"bu_id,omitempty"`
	BuLegacyId int     `json:"bu_legacy_id,omitempty"`
	BuName     string  `json:"bu_name,omitempty"`
	IsDefault  *bool   `json:"is_default,omitempty"`
	Teams      *[]Team `json:"teams,omitempty"`
}

type CategoryType added in v0.7.0 

type CategoryType struct {
	CategoryName string `json:"category_name,omitempty"` // Name of the severity category.
	Severity     string `json:"severity,omitempty"`      // Enum: Informational, Very Low, Low, Medium, High, Very High
	Count        int    `json:"count,omitempty"`         // Number of findings in this category.
}

type Client 

type Client struct {
	HttpClient *http.Client

	Identity    *IdentityService    // See type for documentation.
	Application *ApplicationService // See type for documentation.
	Sandbox     *SandboxService     // See type for documentation.
	Healthcheck *HealthCheckService // See type for documentation.
	UploadXML   *UploadXMLService   // See type for documentation.
	Policy      *PolicyService      // See type for documentation.
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(httpClient *http.Client, apiKey, apiSecret string) (*Client, error)

func (*Client) Do 

func (c *Client) Do(req *http.Request, body any) (*Response, error)

Do is a helper method that executes the provided http.Request and marshals the JSON response body into either the provided any object or into an error if an error occurred.

func (*Client) NewRequest 

func (c *Client) NewRequest(ctx context.Context, endpoint string, method string, body io.Reader, shouldUseXML ...bool) (*http.Request, error)

NewRequest is a helper method that creates a new request using the Client's settings.

By default, NewRequest will set the base URL to the REST variant, the caller can optionally provide shouldUseXML to switch to the XML base URL.

func (*Client) UpdateCredentials added in v0.5.0 

func (c *Client) UpdateCredentials(apiKey, apiSecret string) error

UpdateCredentials is a method that allows the caller to update the credentials for the client after it has been initialized.

type Collection 

type Collection struct {
	Assets       []CollectionAsset        `json:"asset_infos,omitempty"`
	BusinessUnit *ApplicationBusinessUnit `json:"business_unit,omitempty"`
	CustomFields []CustomField            `json:"custom_fields,omitempty"`
	Description  string                   `json:"description,omitempty"`
	Name         string                   `json:"name,omitempty"`
	Guid         string                   `json:"guid,omitempty"`
	Restricted   *bool                    `json:"restricted,omitempty"`
}

type CollectionAsset 

type CollectionAsset struct {
	Type string `json:"type,omitempty"`
	Guid string `json:"guid,omitempty"`
}

type CollectionResult 

type CollectionResult interface {
	GetLinks() NavLinks
	GetPageMeta() PageMeta
}

Any struct that is used to unmarshal a collection of entities, needs to implement the CollectionResult interface in order for the page meta and navigational links to be set in the Response object.

type Component added in v0.7.0 

type Component struct {
	ComponentId                      string            `json:"component_id,omitempty"`                        // ID of the component.
	FileName                         string            `json:"file_name,omitempty"`                           // Filename of the component.
	Sha1                             string            `json:"sha1,omitempty"`                                // sha1
	Vulnerability                    int               `json:"vulnerability,omitempty"`                       // Number of vulnerabilities that Veracode discovered in the component.
	MaxCvssScore                     string            `json:"max_cvss_score,omitempty"`                      // Max Common Vulnerability Scoring System (CVSS) of the component. See cvss_score.
	Library                          string            `json:"library,omitempty"`                             // Library name of the component.
	Version                          string            `json:"version,omitempty"`                             // Version of the component.
	Vendor                           string            `json:"vendor,omitempty"`                              // Vendor name of the component.
	Description                      string            `json:"description,omitempty"`                         // Description of the component.
	Blacklisted                      string            `json:"blacklisted,omitempty"`                         // Blacklisted status for the component.
	New                              string            `json:"new,omitempty"`                                 // Whether this is a newly-added component.
	AddedDate                        ctime             `json:"added_date"`                                    // Date when you added the component.
	ComponentAffectsPolicyCompliance string            `json:"component_affects_policy_compliance,omitempty"` // Whether the component violates the SCA policy.
	FilePaths                        FilePathList      `json:"file_paths"`
	LicenseList                      LicenseList       `json:"licenses"`
	Vulnerabilities                  VulnerabilityList `json:"vulnerabilities"`
	ViolatedPolicyRules              ViolatedRuleList  `json:"violated_policy_rules"`
}

type ComponentPolicySetting added in v0.8.0 

type ComponentPolicySetting struct {
	Modified   *ctime `json:"modified,omitempty"`    // The date and time when the pre-build component default policy setting was modified. The date and time format is per RFC3339 and ISO-8601. Timezone is UTC.
	ModifiedBy string `json:"modified_by,omitempty"` // Name of the user who most recently modified the pre-build component default policy setting.
	Plugin     string `json:"plugin,omitempty"`
	PolicyGuid string `json:"policy_guid,omitempty"` // Unique identifier for the pre-build component policy.
}

type Coordinate added in v0.8.0 

type Coordinate struct {
	Coordinate1 string `json:"coordinate_1,omitempty"` // The name of the first coordinate.
	Coordinate2 string `json:"coordinate_2,omitempty"` // The name of the second coordinate.
	CreatedBy   string `json:"created_by,omitempty"`   // The name of the user who created this coordinate.
	CreatedDate ctime  `json:"created_date,omitempty"` // The date when the user created the coordinate.
	FindingRule string `json:"finding_rule,omitempty"` //
	RepoType    string `json:"repo_type,omitempty"`    // The repository type of the coordinate; for example, nexus, or maven.
	Version     string `json:"version,omitempty"`      // The version of the coordinate.
}

type CreateSandbox added in v0.6.0 

type CreateSandbox struct {
	Name         string        `json:"name,omitempty"`
	AutoCreate   bool          `json:"auto_create,omitempty"` // If you are in the time-to-live mode, Automatically re-create the sandbox once the period expires. Documentation: https://docs.veracode.com/r/About_Sandbox_Data_Retention
	CustomFields []CustomField `json:"custom_fields,omitempty"`
}

CreateSandbox contains all of the fields required for creating and updating development sandboxes.

Only the Name field is required.

type CustomField 

type CustomField struct {
	Name  string `json:"name,omitempty"`
	Value string `json:"value,omitempty"`
}

type CustomFields added in v0.7.0 

type CustomFields struct {
	CustomField []CustomField `json:"custom_field,omitempty"`
}

type CustomSeverity added in v0.8.0 

type CustomSeverity struct {
	Cwe      int `json:"cwe,omitempty"`      // The CWE associated with the custom severity.
	Severity int `json:"severity,omitempty"` // The severity to be applied to findings of the specified CWE.
}

type CvssScoreGracePeriod added in v0.8.0 

type CvssScoreGracePeriod struct {
	Upper float64 `json:"upper,omitempty"` // The upper CVSS score limit for this grace period. Value must be between 0.0 and 10.0.
	Lower float64 `json:"lower,omitempty"` // The lower CVSS score limit for this grace period. Value must be between 0.0 and 10.0.
	Days  int     `json:"days,omitempty"`  // The grace period in number of days permitted for findings with a CVSS score within the range between the upper and lower CVSS score values.
}

type Error 

type Error struct {
	Code     int
	Endpoint string
	Messages []string
}

func (Error) Error 

func (v Error) Error() string

func (*Error) UnmarshalJSON 

func (e *Error) UnmarshalJSON(data []byte) (err error)

func (*Error) UnmarshalXML added in v0.7.0 

func (e *Error) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error

type FilePath added in v0.7.0 

type FilePath struct {
	Value string `json:"value,omitempty"` // Filepath for the component.
}

type FilePathList added in v0.7.0 

type FilePathList struct {
	FilePath []FilePath `json:"file_path,omitempty"`
}

Filepaths for the component.

type FindingRule added in v0.8.0 

type FindingRule struct {
	PolicyVersion   PolicyVersion              `json:"policy_version,omitempty"`
	Coordinate      Coordinate                 `json:"coordinate,omitempty"`
	ScanType        []FindingRuleScanType      `json:"scan_type,omitempty"` // The type of scan on which to enforce the rule.
	Type            FindingRuleType            `json:"type,omitempty"`      // Specify the supported rule types.
	Value           string                     `json:"value,omitempty"`     // The value of this specific rule, such as the minimal score value. This value does not apply to the FAIL_ALL rule type.
	AdvancedOptions FindingRuleAdvancedOptions `json:"advanced_options,omitempty"`
}

type FindingRuleAdvancedOptions added in v0.8.0 

type FindingRuleAdvancedOptions struct {
	AllLicensesMustMeetRequirement bool                `json:"all_licenses_must_meet_requirement,omitempty"` // Set to true to specify that component licenses must meet all policy rule requirements.
	AllowedNonossLicenses          bool                `json:"allowed_nonoss_licenses,omitempty"`            // Set to true to allow licenses that are not open-source (OSS).
	IsBlocklist                    bool                `json:"is_blocklist,omitempty"`                       // Set to true to add the selected list of licenses to the blocklist.
	SelectedLicenses               []ScaLicenseSummary `json:"selected_licenses,omitempty"`                  // List all selected licenses. (Must be unique)
	FindingRule                    string              `json:"finding_rule,omitempty"`
}

type FindingRuleScanType added in v0.8.0 

type FindingRuleScanType string

type FindingRuleType added in v0.8.0 

type FindingRuleType string

type FlawStatusType added in v0.7.0 

type FlawStatusType struct {
	New                      int `json:"new,omitempty"`                        // Number of findings discovered during the first build of this application.
	Reopen                   int `json:"reopen,omitempty"`                     // Number of findings discovered in a prior build of this application that were not new, but Veracode discovered them in the build immediately prior to this build.
	Open                     int `json:"open,omitempty"`                       // Number of findings discovered in this build that Veracode also discovered in the build immediately prior to this build.
	Fixed                    int `json:"fixed,omitempty"`                      // Number of findings discovered in the prior build that Veracode did not discover in the current build. For a dyanamic analysis, Veracode verifies the findings as fixed.
	Total                    int `json:"total,omitempty"`                      // Total number of findings discovered in this build.
	NotMitigated             int `json:"not_mitigated,omitempty"`              // Total number of findings discovered in this build that are not mitigated.
	Sev1Change               int `json:"sev-1-change,omitempty"`               // Number of severity-1 findings discovered in this build, minus the number of severity-1 findings discovered in the build immediately prior to this build.
	Sev2Change               int `json:"sev-2-change,omitempty"`               // Number of severity-2 findings discvoered in this build, minus the number of severity-2 findings discovered in the build immediately prior to this build.
	Sev3Change               int `json:"sev-3-change,omitempty"`               // Number of severity-3 findings discvoered in this build, minus the number of severity-3 findings discovered in the build immediately prior to this build.
	Sev4Change               int `json:"sev-4-change,omitempty"`               // Number of severity-4 findings discvoered in this build, minus the number of severity-4 findings discovered in the build immediately prior to this build.
	Sev5Change               int `json:"sev-5-change,omitempty"`               // Number of severity-5 findings discvoered in this build, minus the number of severity-5 findings discovered in the build immediately prior to this build.
	ConformsToGuidelines     int `json:"conforms-to-guidelines,omitempty"`     // Number of mitigations that adhere to your risk tolerance guidelines based on Veracode review.
	DeviatesFromGuidelines   int `json:"deviates-from-guidelines,omitempty"`   // Number of mitigations that either do not provide enough information or do not adhere to your the risk tolerance guidelines, based on Veracode review.
	TotalReviewedMitigations int `json:"total-reviewed-mitigations,omitempty"` // Total number of mitigations that Veracode reviewed. The value may not add up to the total number of all proposed or accepted mitigations.
}

type HealthCheckService added in v0.6.0 

type HealthCheckService service

You can use the Healthcheck API to perform a simple test for verifying authenticated connectivity to Veracode.

The Healthcheck API provides this lightweight endpoint: /healthcheck/status

You use the endpoint to verify that Veracode services are available and responding to authentication events, instead of using other API calls that can potentially return large volumes of data.

For more information: https://docs.veracode.com/r/c_healthcheck_intro

func (*HealthCheckService) GetStatus added in v0.6.0 

func (h *HealthCheckService) GetStatus(ctx context.Context) (*Response, error)

GetStatus is a lightweight check that indicates whether the authentication services are operational.

If GetStatus does not return an error, then everything is operational.

Documentation: https://app.swaggerhub.com/apis/Veracode/veracode-healthcheck_api_specification/1.0#/Healthcheck%20APIs/get_healthcheck_status

type IdentityService 

type IdentityService service

You can use the Identity Service to manage the administrative configuration for your organization that is in the Veracode Platform. For more information: https://docs.veracode.com/r/c_identity_intro.

Currently supports V2 of the Identity API

func (*IdentityService) CreateBusinessUnit 

func (i *IdentityService) CreateBusinessUnit(ctx context.Context, bu *BusinessUnit) (*BusinessUnit, *Response, error)

CreateBusinessUnit creates a new bu using the provided BusinessUnit object.

Veracode API documentation:

func (*IdentityService) CreateTeam 

func (i *IdentityService) CreateTeam(ctx context.Context, team *Team) (*Team, *Response, error)

CreateTeam creates a new team using the provided Team object.

Veracode API documentation:

func (*IdentityService) CreateUser 

func (i *IdentityService) CreateUser(ctx context.Context, user *User, generateApiCredentials bool) (*User, *Response, error)

CreateUser creates a new user using the provided User object. Setting generateApiCredentials to true, will generate API credentials for the user on creation.

Veracode API documentation:

func (*IdentityService) DeleteBusinessUnit 

func (i *IdentityService) DeleteBusinessUnit(ctx context.Context, buId string) (*Response, error)

DeleteBusinessUnit deletes a bu from the Veracode API using the provided buId.

Veracode API documentation:

func (*IdentityService) DeleteTeam 

func (i *IdentityService) DeleteTeam(ctx context.Context, teamId string) (*Response, error)

DeleteTeam deletes a team from the Veracode API using the provided teamId.

Veracode API documentation:

func (*IdentityService) DeleteUser 

func (i *IdentityService) DeleteUser(ctx context.Context, userId string) (*Response, error)

DeleteUser deletes a user using the provided userId. This applies to both a user account and an API service account.

Veracode API documentation:

func (*IdentityService) GenerateCredentialsByUserId added in v0.5.0 

func (i *IdentityService) GenerateCredentialsByUserId(ctx context.Context, userId string) (APICredentials, *Response, error)

GenerateCredentialsByUserId generates new API credentials for the provided userId.

Veracode API documentation:

func (*IdentityService) GetBusinessUnit 

func (i *IdentityService) GetBusinessUnit(ctx context.Context, buId string) (*BusinessUnit, *Response, error)

GetBusinessUnit returns the BusinessUnit with the provided buId.

Veracode API documentation:

func (*IdentityService) GetCredentialsByKey added in v0.5.0 

func (i *IdentityService) GetCredentialsByKey(ctx context.Context, Apikey string) (APICredentials, *Response, error)

GetCredentialsByKey returns the API credentials for the provided API key.

Veracode API documentation:

func (*IdentityService) GetCredentialsByUserId added in v0.5.0 

func (i *IdentityService) GetCredentialsByUserId(ctx context.Context, userId string) (APICredentials, *Response, error)

GetCredentialsByUserId returns the API credentials for the provided userId.

Veracode API documentation:

func (*IdentityService) GetTeam 

func (i *IdentityService) GetTeam(ctx context.Context, teamId string) (*Team, *Response, error)

GetTeam returns a Team with the provided teamId. Setting detailed to true will include certain hidden fields.

Veracode API documentation:

func (*IdentityService) GetUser 

func (i *IdentityService) GetUser(ctx context.Context, userId string, detailed bool) (*User, *Response, error)

GetUser returns user with provided userId. Setting detailed to true will include certain hidden fields.

func (*IdentityService) ListBusinessUnits 

func (i *IdentityService) ListBusinessUnits(ctx context.Context, options ListBuOptions) ([]BusinessUnit, *Response, error)

ListBusinessUnits returns a list of business units. A name can optionally be provided to search for BUs by name.

Veracode API documentation:

func (*IdentityService) ListRoles 

func (i *IdentityService) ListRoles(ctx context.Context, options PageOptions) ([]Role, *Response, error)

ListRoles takes a PageOptions and returns a list of roles.

Veracode API documentation: https://docs.veracode.com/r/Listing_All_Roles_in_an_Organization_with_the_Identity_API.

func (*IdentityService) ListTeams 

func (i *IdentityService) ListTeams(ctx context.Context, options ListTeamOptions) ([]Team, *Response, error)

ListTeams takes a ListTeamsOptions and returns a list of teams.

Veracode API documentation:

func (*IdentityService) ListUsers 

func (i *IdentityService) ListUsers(ctx context.Context, options ListUserOptions) ([]User, *Response, error)

ListUsers takes a ListUserOptions and returns a list of users.

Veracode API documentation: https://docs.veracode.com/r/c_identity_list_users.

func (*IdentityService) ListUsersNotInTeam added in v0.5.0 

func (i *IdentityService) ListUsersNotInTeam(ctx context.Context, options NotInTeamOptions) ([]User, *Response, error)

SearchUsers takes a SearchUserOptions and returns a list of users.

Veracode API documentation: https://docs.veracode.com/r/c_identity_search_users.

func (*IdentityService) RevokeCredentialsByKey added in v0.5.0 

func (i *IdentityService) RevokeCredentialsByKey(ctx context.Context, Apikey string) (*Response, error)

RevokeCredentialsByKey revokes the API credentials for the provided API key.

Veracode API documentation:

func (*IdentityService) RevokeCredentialsByUserId added in v0.5.0 

func (i *IdentityService) RevokeCredentialsByUserId(ctx context.Context, userId string) (*Response, error)

RevokeCredentialsByUserId revokes the API credentials for the provided userId.

Veracode API documentation:

func (*IdentityService) SearchUsers 

func (i *IdentityService) SearchUsers(ctx context.Context, options SearchUserOptions) ([]User, *Response, error)

SearchUsers takes a SearchUserOptions and returns a list of users.

Veracode API documentation: https://docs.veracode.com/r/c_identity_search_users.

func (*IdentityService) SelfGenerateCredentials added in v0.5.0 

func (i *IdentityService) SelfGenerateCredentials(ctx context.Context) (APICredentials, *Response, error)

SelfGenerateCredentials generates a new API credentials for the current user.

Veracode API documentation:

func (*IdentityService) SelfGetCredentials added in v0.5.0 

func (i *IdentityService) SelfGetCredentials(ctx context.Context) (APICredentials, *Response, error)

SelfGetCredentials returns the current user's API credentials.

Veracode API documentation:

func (*IdentityService) SelfGetUser added in v0.5.0 

func (i *IdentityService) SelfGetUser(ctx context.Context, detailed bool) (*User, *Response, error)

Self returns the requesting user's details. Setting detailed to true will add certain hidden fields.

func (*IdentityService) SelfListTeams added in v0.5.0 

func (i *IdentityService) SelfListTeams(ctx context.Context, options ListTeamOptions) ([]Team, *Response, error)

SelfListTeams returns a list of teams that the current user is a part of.

Veracode API documentation:

func (*IdentityService) SelfRevokeCredentials added in v0.5.0 

func (i *IdentityService) SelfRevokeCredentials(ctx context.Context) (*Response, error)

SelfRevokeCredentials revokes the current user's API credentials.

Veracode API documentation:

func (*IdentityService) SelfUpdateUser added in v0.5.0 

func (i *IdentityService) SelfUpdateUser(ctx context.Context, user *User, options UpdateOptions) (*User, *Response, error)

UpdateSelf updates the requesting user and sets nulls to fields not in the request (if the database allows it) unless partial is set to true. If incremental is set to true, any values in the roles or teams list will be added to the user's roles/teams instead of replacing them.

Veracode API documentation: https://docs.veracode.com/r/c_identity_update_user.

func (*IdentityService) UpdateBusinessUnit 

func (i *IdentityService) UpdateBusinessUnit(ctx context.Context, bu *BusinessUnit, options UpdateOptions) (*BusinessUnit, *Response, error)

UpdateBusinessUnit updates a specific bu and sets nulls to fields not in the request (if the database allows it) unless partial is set to true. If incremental is set to true, any values in the teams list will be added to the bu's teams instead of replacing them.

Veracode API documentation:

func (*IdentityService) UpdateTeam 

func (i *IdentityService) UpdateTeam(ctx context.Context, team *Team, options UpdateOptions) (*Team, *Response, error)

UpdateTeam updates a specific team and sets nulls to fields not in the request (if the database allows it) unless partial is set to true. If incremental is set to true, any values in the users list will be added to the teams's users instead of replacing them.

Veracode API documentation: https://docs.veracode.com/r/c_identity_update_team

func (*IdentityService) UpdateUser 

func (i *IdentityService) UpdateUser(ctx context.Context, user *User, options UpdateOptions) (*User, *Response, error)

UpdateUser updates a specific user and sets nulls to fields not in the request (if the database allows it) unless partial is set to true. If incremental is set to true, any values in the roles or teams list will be added to the user's roles/teams instead of replacing them.

Veracode API documentation: https://docs.veracode.com/r/c_identity_update_user.

type License added in v0.7.0 

type License struct {
	Name       string `json:"name,omitempty"`        // Name of this license.
	SpdxId     string `json:"spdx_id,omitempty"`     // Classification for the license from the Software Package Data Exchange (SPDX) license list.
	LicenseUrl string `json:"license_url,omitempty"` // URL for this license.
	RiskRating string `json:"risk_rating,omitempty"` // Risk associated with the use of this license.
}

type LicenseList added in v0.7.0 

type LicenseList struct {
	Licenses []License `json:"license_dto,omitempty"`
}

License details for the component.

type ListApplicationOptions 

type ListApplicationOptions struct {
	Page                  int              `url:"page,omitempty"`
	Size                  int              `url:"size,omitempty"`
	Name                  string           `url:"name,omitempty"`                      // Filter Applications by Name (Not an exact match). Documentation Reference: https://docs.veracode.com/r/List_Applications_By_Name
	Tag                   string           `url:"tag,omitempty"`                       // Documentation Reference: https://docs.veracode.com/r/r_applications_any_tag and https://docs.veracode.com/r/r_applications_tag
	Team                  string           `url:"team,omitempty"`                      // Filter the Applications by team name.
	LegacyId              int              `url:"legacy_id,omitempty"`                 // Documentation Reference: https://docs.veracode.com/r/r_applications_info
	ScanType              ScanType         `url:"scan_type,omitempty"`                 // The valid scan_type values are STATIC, DYNAMIC and, for Manual Penetration Testing (MPT), MANUAL. Documentation Reference: https://docs.veracode.com/r/r_applications_scan_type
	ScanStatus            []ScanStatus     `url:"scan_status,omitempty"`               // Filter Applications by a list of scan statuses.
	BusinessUnit          string           `url:"business_unit,omitempty"`             // Return a list of Application Profiles that belong to the BU with this name. Documentation Reference: https://docs.veracode.com/r/r_applications_bu
	PolicyGuid            string           `url:"policy_guid,omitempty"`               // Filter Applications by the Policy that is assigned to them.
	PolicyCompliance      PolicyCompliance `url:"policy_compliance,omitempty"`         // Documentation Reference: https://docs.veracode.com/r/r_applications_compliance
	SortByCustomFieldName string           `url:"sort_by_custom_field_name,omitempty"` // Custom field name on which to sort.

	// You can use the Applications REST API to list the application profiles that have had an event that triggered a policy evaluation after a specific date.
	// The events that trigger policy evaluations are scans, approved mitigations, new component vulnerability releases, and policy changes.
	//
	// The value needs to be in format: 2006-01-02.
	//
	// Documentation Reference: https://docs.veracode.com/r/Listing_Applications_by_Last_Policy_Evaluation_Date_with_the_Applications_API
	PolicyComplianceCheckedAfter string `url:"policy_compliance_checked_after,omitempty"`

	// Send the following request to return the list of application profiles modified after a specific date.
	//
	// The value needs to be in format: 2006-01-02.
	//
	// Documentation Reference: https://docs.veracode.com/r/r_applications_modified_date
	ModifiedAfter string `url:"modified_after,omitempty"`

	// CustomFieldNames and CustomFieldValues need to both be set together.
	// You can use the AddCustomFieldOption method to set/update these fields.
	CustomFieldNames  []string `url:"custom_field_names,omitempty"`
	CustomFieldValues []string `url:"custom_field_values,omitempty"`
}

ListApplicationOptions contains all of the fields that can be passed as query values when calling the ListApplications method. NOTE: the policy field is not currently included.

func (*ListApplicationOptions) AddCustomFieldOption 

func (l *ListApplicationOptions) AddCustomFieldOption(customFieldName, customFieldValue string)

AddCustomFieldOption sets the customFieldName and customFieldValue attributes on the ListApplicationOptions. To identify application profiles with any value for a specific custom field, enter the URL-encoded wildcard value %25 for customFieldValue.

Documentation Reference: https://docs.veracode.com/r/r_applications_custom_field

type ListBuOptions added in v0.5.0 

type ListBuOptions struct {
	SearchTerm  string `url:"search_term,omitempty"` // You can search for partial strings of the name.
	PageOptions        // can only sort by buName
}

type ListCollectionOptions 

type ListCollectionOptions struct {
	Page         int    `url:"page,omitempty"`
	Size         int    `url:"size,omitempty"`
	Name         string `url:"name,omitempty"`          // Filter collections by name (partial match)
	BusinessUnit string `url:"business_unit,omitempty"` // Filter collections by business unit name (partial match)
	Tag          string `url:"tag,omitempty"`           // Filter by tags
	// CustomFieldNames and CustomFieldValues need to both be set together.
	// You can use the AddCustomFieldOption method to set/update these fields.
	CustomFieldNames  []string `url:"custom_field_names,omitempty"`
	CustomFieldValues []string `url:"custom_field_values,omitempty"`
}

func (*ListCollectionOptions) AddCustomFieldOption 

func (l *ListCollectionOptions) AddCustomFieldOption(customFieldName, customFieldValue string)

AddCustomFieldOption sets the customFieldName and customFieldValue attributes on the ListApplicationOptions. To identify application profiles with any value for a specific custom field, enter the URL-encoded wildcard value %25 for customFieldValue.

Documentation Reference: https://docs.veracode.com/r/r_applications_custom_field

type ListCustomFieldOptions 

type ListCustomFieldOptions struct {
	Page int `url:"page"`
	Size int `url:"size,omitempty"`
}

type ListPolicyOptions added in v0.8.0 

type ListPolicyOptions struct {
	Category       PolicyCategory `url:"category,omitempty"`         // The category of the policy. [APPLICATION, COMPONENT]
	LegacyPolicyId int            `url:"legacy_policy_id,omitempty"` // Filters results based on the ID of the custom policy created in the Veracode Platform.
	Name           string         `url:"name,omitempty"`             // Filter on the policy name.
	NameExact      string         `url:"name_exact,omitempty"`       // Use this flag to enforce exact name-matching when filtering on the policy name.
	Page           int            `url:"page,omitempty"`             // Page number. Defaults to 0.
	PublicPolicy   *bool          `url:"public_policy,omitempty"`    // Filters results to include or exclude a public Veracode policy. Default: true
	Size           int            `url:"size,omitempty"`             // Page size (1-500, defaults to 50).
	VendorPolicy   bool           `url:"vendor_policy,omitempty"`    // Filters results to those with or without a vendor policy flag.
}

type ListPolicyVersionsOptions added in v0.8.0 

type ListPolicyVersionsOptions struct {
	Page int `url:"page,omitempty"` // Page number. Defaults to 0.
	Size int `url:"size,omitempty"` // Page size (1-500, defaults to 50).
}

type ListTeamOptions 

type ListTeamOptions struct {
	AllForOrg       *bool  `url:"all_for_org,omitempty"`
	TeamName        string `url:"team_name,omitempty"`
	IgnoreSelfTeams *bool  `url:"ignore_self_teams,omitempty"` // If true, return all teams in the organization. If false, return the teams the current user is a part of.
	OnlyManageable  bool   `url:"only_manageable,omitempty"`   // Only return teams manageable by the requesting user.
	Deleted         bool   `url:"deleted,omitempty"`           // Returns deleted teams.
	PageOptions            // can sort team_name field
}

ListTeamOptions contains all of the fields that can be passed as query values.

type ListUserOptions 

type ListUserOptions struct {
	Detailed     string   `url:"detailed,omitempty"`              // Passing detailed will return additional hidden fields. Value should be one of: Yes or No
	UserName     string   `url:"user_name,omitempty"`             // Filter by username. You must specify the full username. The request does not support matching partial usernames.
	EmailAddress []string `url:"email_address,omitempty" del:","` // Filter by email address(es).
	PageOptions
}

type ManualAnalysisType added in v0.7.0 

type ManualAnalysisType struct {
	CiaAdjustment      int      `json:"cia_adjustment,omitempty"`      // For Manual Penetration Testing, the CIA triad that Veracode applied to the security score.
	Rating             string   `json:"rating,omitempty"`              // Letter grade for the security of this application.
	Score              int      `json:"score,omitempty"`               // Numeric score for the security of this application.
	NextScanDue        ctime    `json:"next_scan_due"`                 // Date when the active security policy for this application is scheduled to request the next scan.
	DeliveryConsultant []string `json:"delivery_consultant,omitempty"` // For Manual Penetration Testing, the names of the delivery consultants, if any.
	Modules            Module   `json:"modules"`
}

For Manual Penetration Testing, Veracode applies the confidentiality, integrity, and availability (CIA) triad to generate the final numeric score for the application. The report lists the delivery consultants, if any, followed by scan results.

type Module added in v0.7.0 

type Module struct {
	Module []ModuleType `json:"module,omitempty"`
}

type ModuleType added in v0.7.0 

type ModuleType struct {
	Name         string `json:"name,omitempty"`            // Name of the scanned module. For a dynamic analysis, the name is blank.
	Compiler     string `json:"compiler,omitempty"`        // Compiler that compiled the scanned module. For a dynamic analysis, the value is blank.
	Os           string `json:"os,omitempty"`              // Operating system for which the scanned module is targetted. For a dynamic analysis, the value is blank.
	Architecture string `json:"architecture,omitempty"`    // Target architecture for which the scanned module is targeted. For a dynamic analysis, the value is blank.
	Loc          int    `json:"loc,omitempty"`             // Lines of codes. For a dynamic analysis or non-debug modules, the value is blank.
	Score        int    `json:"score,omitempty"`           // Module-specific security score, which contributes toward the analysis scores for the application.
	NumFlawsSev0 int    `json:"num_flaws_sev_0,omitempty"` // Number of severity-0 findings. These findings are the lowest severity and are usually informational only.
	NumFlawsSev1 int    `json:"num_flaws_sev_1,omitempty"` // Number of severity-1 findings.
	NumFlawsSev2 int    `json:"num_flaws_sev_2,omitempty"` // Number of severity-2 findings.
	NumFlawsSev3 int    `json:"num_flaws_sev_3,omitempty"` // Number of severity-3 findings.
	NumFlawsSev4 int    `json:"num_flaws_sev_4,omitempty"` // Number of severity-4 findings.
	NumFlawsSev5 int    `json:"num_flaws_sev_5,omitempty"` // Number of severity-5 findings. These findings are the highest severity and Veracode recommends that you fix them immediately.
	TargetUrl    string `json:"target_url,omitempty"`      // For a dynamic analysis, the URL for the application you scanned.
	Domain       string `json:"domain,omitempty"`          // For a dynamic analysis, the domain for the application you scanned.
}

Information about the type of module that Veracode scanned. 

type NavLinks struct {
	First link `json:"first"`
	Last  link `json:"last"`
	Next  link `json:"next"`
	Prev  link `json:"prev"`
	Self  link `json:"self"`
}

Container of navigation links.

type NotInTeamOptions added in v0.5.0 

type NotInTeamOptions struct {
	SearchTerm string `url:"search_term,omitempty"` // You can search for partial strings of the username, first name, last name, or email address.
	TeamId     string `url:"team_id,omitempty"`
	PageOptions
}

type PageMeta added in v0.6.0 

type PageMeta struct {
	Number        int `json:"number"`
	Size          int `json:"size"`
	TotalElements int `json:"total_elements"`
	TotalPages    int `json:"total_pages"`
}

PageMeta contains the meta data for the current API page.

type PageOptions 

type PageOptions struct {
	Size int              `url:"size,omitempty"` // Increase the page size.
	Page int              `url:"page"`           // Page through the list.
	Sort []SortQueryField `url:"sort,omitempty"` // Sort by multiple field names. Field names have to be in camelCase. Sort is ascending by default.
}

PageOptions contains fields used to page through an endpoint as well as set page size.

type Permission 

type Permission struct {
	Name string `json:"permission_name,omitempty"`
}

type PolicyCategory added in v0.8.0 

type PolicyCategory string

type PolicyCompliance 

type PolicyCompliance string

type PolicyRule added in v0.7.0 

type PolicyRule struct {
	Type  string `json:"type,omitempty"`  // Enum: DISALLOW_VULNERABILITIES_BY_SEVERITY, DISALLOW_CVSS_SCORE, DISALLOW_COMPONENT_BLACKLIST, DISALLOW_COMPONENT_BY_LICENSE_RISK
	Value string `json:"value,omitempty"` // SCA policy type.
	Desc  string `json:"desc,omitempty"`  // SCA policy description.
}

type PolicyScanFrequency added in v0.8.0 

type PolicyScanFrequency string

type PolicyScanType added in v0.8.0 

type PolicyScanType string

type PolicyService added in v0.8.0 

type PolicyService service

For more information:

func (*PolicyService) CreatePolicy added in v0.8.0 

func (a *PolicyService) CreatePolicy(ctx context.Context, policyVersion PolicyVersion) (*PolicyVersion, *Response, error)

CreatePolicy creates a new Policy with version 1.

API Documentation: https://app.swaggerhub.com/apis/Veracode/veracode-policy_api_specification/1.0#/

func (*PolicyService) DeletePolicy added in v0.8.0 

func (a *PolicyService) DeletePolicy(ctx context.Context, policyGuid string) (*Response, error)

DeletePolicy deletes a Policy with the provided policyGuid.

API Documentation: https://app.swaggerhub.com/apis/Veracode/veracode-policy_api_specification/1.0#/

func (*PolicyService) GetPolicy added in v0.8.0 

func (a *PolicyService) GetPolicy(ctx context.Context, policyGuid string) (*PolicyVersion, *Response, error)

GetPolicy retrieves a PolicyVersion with the provided policyGuid.

API Documentation: https://app.swaggerhub.com/apis/Veracode/veracode-policy_api_specification/1.0#/

func (*PolicyService) GetPolicyVersion added in v0.8.0 

func (a *PolicyService) GetPolicyVersion(ctx context.Context, policyGuid string, version int) (*PolicyVersion, *Response, error)

GetPolicyVersion retrieves a specific PolicyVersion by version.

API Documentation: https://app.swaggerhub.com/apis/Veracode/veracode-policy_api_specification/1.0#/

func (*PolicyService) ListComponentPolicySettings added in v0.8.0 

func (a *PolicyService) ListComponentPolicySettings(ctx context.Context) ([]ComponentPolicySetting, *Response, error)

ListComponentPolicySettings returns the default pre-build component policies.

func (*PolicyService) ListPolicies added in v0.8.0 

func (a *PolicyService) ListPolicies(ctx context.Context, options ListPolicyOptions) ([]PolicyVersion, *Response, error)

ListPolicies takes a ListPolicyOptions and returns a list of PolicyVersion.

API Documentation: https://app.swaggerhub.com/apis/Veracode/veracode-policy_api_specification/1.0#/PolicyVersion

func (*PolicyService) ListPolicySettings added in v0.8.0 

func (a *PolicyService) ListPolicySettings(ctx context.Context) ([]PolicySetting, *Response, error)

ListPolicySettings returns a slice of PolicySetting for the application policies.

func (*PolicyService) ListPolicyVersions added in v0.8.0 

func (a *PolicyService) ListPolicyVersions(ctx context.Context, policyGuid string, options ListPolicyVersionsOptions) ([]PolicyVersion, *Response, error)

ListPolicies takes a ListPolicyVersionsOptions and a policyGuid, and returns a list of PolicyVersion for the give Policy.

API Documentation: https://app.swaggerhub.com/apis/Veracode/veracode-policy_api_specification/1.0#/

func (*PolicyService) ListSCAComponentLicenseInformation added in v0.8.0 

func (a *PolicyService) ListSCAComponentLicenseInformation(ctx context.Context, options PageOptions) ([]ScaLicenseSummary, *Response, error)

ListSCAComponentLicenseInformation returns a list component licenses associated with SCA security policies.

API Documentation: https://app.swaggerhub.com/apis/Veracode/veracode-policy_api_specification/1.0#/

func (*PolicyService) ListThirdPartyComponentPolicySettings added in v0.8.0 

func (a *PolicyService) ListThirdPartyComponentPolicySettings(ctx context.Context) ([]ComponentPolicySetting, *Response, error)

ListThirdPartyComponentPolicySettings returns the default pre-build component policies.

func (*PolicyService) UpdateComponentPolicySetting added in v0.8.0 

func (a *PolicyService) UpdateComponentPolicySetting(ctx context.Context, componentPolicySettings []ComponentPolicySetting) ([]ComponentPolicySetting, *Response, error)

UpdateComponentPolicySetting updates the pre-build component default policies of an organization.

func (*PolicyService) UpdatePolicy added in v0.8.0 

func (a *PolicyService) UpdatePolicy(ctx context.Context, policyGuid string, policyVersion PolicyVersion) (*PolicyVersion, *Response, error)

UpdatePolicy creates a new Policy Version that will become the default when making a get request.

API Documentation: https://app.swaggerhub.com/apis/Veracode/veracode-policy_api_specification/1.0#/

func (*PolicyService) UpdatePolicySettings added in v0.8.0 

func (a *PolicyService) UpdatePolicySettings(ctx context.Context, policySettings []PolicySetting) ([]PolicySetting, *Response, error)

UpdatePolicySettings takes a slice of PolicySetting and updates all of the settings present in the slice.

func (*PolicyService) UpdateThirdPartyComponentPolicySettings added in v0.8.0 

func (a *PolicyService) UpdateThirdPartyComponentPolicySettings(ctx context.Context, componentPolicySettings []ComponentPolicySetting) ([]ComponentPolicySetting, *Response, error)

UpdateThirdPartyComponentPolicySettings updates the pre-build component default policies of an organization.

type PolicySetting added in v0.8.0 

type PolicySetting struct {
	BusinessCriticality BusinessCriticality `json:"business_criticality,omitempty"` // The business criticality for which this policy is the default policy.
	Modified            *ctime              `json:"modified,omitempty"`             // The date and time when the application default policy setting was modified. The date and time format is per RFC3339 and ISO-8601. Timezone is UTC.
	PolicyGuid          string              `json:"policy_guid,omitempty"`          // Unique identifier for the application policy.
	AgentSetting        string              `json:"agent_setting,omitempty"`
}

type PolicyType added in v0.8.0 

type PolicyType string

type PolicyVersion added in v0.8.0 

type PolicyVersion struct {
	Category                PolicyCategory   `json:"category,omitempty"`             // The category of the policy.
	Created                 *ctime           `json:"created"`                        // The date and time the application was created. The date/time is formatted as per RFC3339 and ISO-8601. The timezone is UTC.
	CustomSeverities        []CustomSeverity `json:"custom_severities,omitempty"`    // A set of severity overrides for use with this policy.
	Description             string           `json:"description,omitempty"`          // A description of the policy.
	EvaluationDate          *ctime           `json:"evaluation_date"`                // The date from which to define the evaluation timeframe, which determines when findings that violate rules should cause an application to not pass policy.
	EvaluationDateType      string           `json:"evaluation_date_type,omitempty"` // Specify the supported evaluation date type as before or after the specified date. [BEFORE, AFTER]
	FindingRules            []FindingRule    `json:"finding_rules,omitempty"`        // A set of rules to be evaluated against the scan findings.
	ScaGracePeriods         ScaGracePeriods  `json:"sca_grace_periods,omitempty"`
	Guid                    string           `json:"guid,omitempty"`                       // Unique identifier for the policy.
	ModifiedBy              string           `json:"modified_by,omitempty"`                // The username of the user who most recently modified the policy.
	Name                    string           `json:"name,omitempty"`                       // Policy name.
	OrganizationId          int              `json:"organization_id,omitempty"`            // The organization with which the policy is associated. If no value is provided, the results are publicly visible.
	ScaBlacklistGracePeriod int              `json:"sca_blacklist_grace_period,omitempty"` // (DEPRECATED) The grace period in number of days permitted for the component blocklist enforcement rule type.
	ScanFrequencyRules      []ScanFrequency  `json:"scan_frequency_rules,omitempty"`       // The set of scan frequencies to be evaluated.
	ScoreGracePeriod        int              `json:"score_grace_period,omitempty"`         // The number of days grace period allowed for the policy score.
	Sev0_grace_period       int              `json:"sev0_grace_period,omitempty"`          // The number of days grace period allowed for findings of severity 0.
	Sev1_grace_period       int              `json:"sev1_grace_period,omitempty"`          // The number of days grace period allowed for findings of severity 1.
	Sev2_grace_period       int              `json:"sev2_grace_period,omitempty"`          // The number of days grace period allowed for findings of severity 2.
	Sev3_grace_period       int              `json:"sev3_grace_period,omitempty"`          // The number of days grace period allowed for findings of severity 3.
	Sev4_grace_period       int              `json:"sev4_grace_period,omitempty"`          // The number of days grace period allowed for findings of severity 4.
	Sev5_grace_period       int              `json:"sev5_grace_period,omitempty"`          // The number of days grace period allowed for findings of severity 5.
	Type                    PolicyType       `json:"type,omitempty"`                       // The evaluation policy type.
	VendorPolicy            *bool            `json:"vendor_policy,omitempty"`              // Use this flag to indicate if this policy is to be visible and available for policy evaluation by a vendor organization.
	Version                 int              `json:"version,omitempty"`                    // The version of this policy.
}

When creating a new Policy or creating a new version of an existing Policy, below fields are required:

  • Name
  • Description
  • VendorPolicy

type Profile 

type Profile struct {
	Name                 string
	VeracodeApiKeyId     string
	VeracodeApiKeySecret string
}

type Region 

type Region map[string]string

func GetRegionFromCredentials added in v0.5.1 

func GetRegionFromCredentials(apiKey string) (Region, error)

type Response 

type Response struct {
	*http.Response
	Page  PageMeta
	Links NavLinks
}

type Role 

type Role struct {
	IsApi               bool   `json:"is_api,omitempty"`
	IsScanType          bool   `json:"is_scan_type,omitempty"`
	TeamAdminManageable bool   `json:"team_admin_manageable,omitempty"`
	RoleDescription     string `json:"role_description,omitempty"`
	RoleId              string `json:"role_id,omitempty"`
	RoleName            string `json:"role_name,omitempty"`
	RoleLegacyId        int    `json:"role_legacy_id,omitempty"`
}

type RoleUser 

type RoleUser struct {
	RoleDescription string `json:"role_description,omitempty"`
	RoleId          string `json:"role_id,omitempty"`
	RoleName        string `json:"role_name,omitempty"`
}

RoleUser struct contains the fields that are return as part of the user aggregate.

type Sandbox added in v0.6.0 

type Sandbox struct {
	ApplicationGuid string        `json:"application_guid,omitempty"`
	Created         time.Time     `json:"created,omitempty"`
	CustomFields    []CustomField `json:"custom_fields,omitempty"`
	Guid            string        `json:"guid,omitempty"`
	Id              int           `json:"id,omitempty"`
	Modified        time.Time     `json:"modified,omitempty"`
	Name            string        `json:"name,omitempty"`
	OrganizationId  int           `json:"organization_id,omitempty"`
	OwnerUsername   string        `json:"owner_username,omitempty"`
}

type SandboxService added in v0.6.0 

type SandboxService service

You can use the Development Sandbox API to create, update, and delete development sandboxes. For more information:

Currently supports V1 of the Development Sandbox API

func (*SandboxService) CreateSandbox added in v0.6.0 

func (s *SandboxService) CreateSandbox(ctx context.Context, applicationGuid string, sandbox CreateSandbox) (*Sandbox, *Response, error)

CreateSandbox takes an application GUID and a CreateSandbox, and then creates a new sandbox for the provided application.

func (*SandboxService) DeleteSandbox added in v0.6.0 

func (s *SandboxService) DeleteSandbox(ctx context.Context, applicationGuid string, sandboxGuid string) (*Response, error)

DeleteSandbox takes an application GUID and a Sandbox GUID and deletes the sandbox with provide GUID.

func (*SandboxService) GetSandbox added in v0.6.0 

func (s *SandboxService) GetSandbox(ctx context.Context, applicationGuid string, sandboxGuid string) (*Sandbox, *Response, error)

GetSandbox takes an application GUID string and a sandbox GUID, and then returns the sandbox with the provided GUID.

func (*SandboxService) ListSandboxes added in v0.6.0 

func (s *SandboxService) ListSandboxes(ctx context.Context, applicationGuid string, options PageOptions) ([]Sandbox, *Response, error)

ListSandboxes takes an application GUID string and page options, and then returns a list of sandboxes for that application.

func (*SandboxService) PromoteSandbox added in v0.6.0 

func (s *SandboxService) PromoteSandbox(ctx context.Context, applicationGuid string, sandboxGuid string, deleteOnPromotion bool) (*Sandbox, *Response, error)

PromoteSandbox promotes the latest scan in a sandbox, to a policy scan. setting deleteOnPromotion to true, will delete said scan once it has been promoted to the policy.

func (*SandboxService) UpdateSandbox added in v0.6.0 

func (s *SandboxService) UpdateSandbox(ctx context.Context, applicationGuid string, sandboxGuid string, sandbox CreateSandbox) (*Sandbox, *Response, error)

UpdateSandbox takes an application GUID, a sandbox GUID and a CreateSandbox, and updates the existing sandbox with the new body.

type ScaGracePeriods added in v0.8.0 

type ScaGracePeriods struct {
	ScaBlacklistGracePeriod int                    `json:"sca_blacklist_grace_period,omitempty"` // The grace period in number of days permitted for the component blocklist enforcement rule type.
	LicenseRiskGracePeriod  int                    `json:"license_risk_grace_period,omitempty"`  // The grace period in number of days permitted for the component license risk rule type.
	SeverityGracePeriod     SeverityGracePeriod    `json:"severity_grace_period,omitempty"`
	CvssScoreGracePeriod    []CvssScoreGracePeriod `json:"cvss_score_grace_period,omitempty"` // The grace period in number of days permitted for the vulnerability CVSS score rule type.
}

type ScaLicenseSummary added in v0.8.0 

type ScaLicenseSummary struct {
	FullName string `json:"full_name,omitempty"` // Full name of the license.
	Name     string `json:"name,omitempty"`      // Short name of the license.
	Risk     string `json:"risk,omitempty"`      // Risk rating of the license. Values are Low, Medium, High, or Unknown.
	SpdxId   string `json:"spdx_id,omitempty"`   // SPDX identifier for the license.
	Url      string `json:"url,omitempty"`       // URL to the license on the spdx.org website.
}

type ScanFrequency added in v0.8.0 

type ScanFrequency struct {
	Frequency     PolicyScanFrequency `json:"frequency,omitempty"`
	PolicyVersion PolicyVersion       `json:"policy_version,omitempty"`
	ScanType      PolicyScanType      `json:"scan_type,omitempty"`
}

type ScanStatus 

type ScanStatus string

type ScanType 

type ScanType string

type SearchUserOptions 

type SearchUserOptions struct {
	Detailed     string `url:"detailed,omitempty"`      // Passing detailed will return additional hidden fields. Value should be one of: Yes or No
	SearchTerm   string `url:"search_term,omitempty"`   // You can search for partial strings of the username, first name, last name, or email address.
	RoleId       string `url:"role_id,omitempty"`       // Filter users by their role. Value should be a valid Role Id.
	UserType     string `url:"user_type,omitempty"`     // Filter by user type. Value should be one of: user or api
	LoginEnabled string `url:"login_enabled,omitempty"` // Filter by whether the login is enabled. Value should be one of: Yes or No
	LoginStatus  string `url:"login_status,omitempty"`  // Filter by the login status. Value should be one of: Active, Locked or Never
	SamlUser     string `url:"saml_user,omitempty"`     // Filter by whether the user is a SAML user or not. Value should be one of: Yes or No
	TeamId       string `url:"team_id,omitempty"`       // Filter users by team membership. Value should be a valid Team Id.
	ApiId        string `url:"api_id,omitempty"`        // Filter user by their API Id.
	PageOptions
}

type SeverityGracePeriod added in v0.8.0 

type SeverityGracePeriod struct {
	Sev0GracePeriod int `json:"sev_0_grace_period,omitempty"`
	Sev1GracePeriod int `json:"sev_1_grace_period,omitempty"`
	Sev2GracePeriod int `json:"sev_2_grace_period,omitempty"`
	Sev3GracePeriod int `json:"sev_3_grace_period,omitempty"`
	Sev4GracePeriod int `json:"sev_4_grace_period,omitempty"`
}

type SeverityType added in v0.7.0 

type SeverityType struct {
	Level    int            `json:"level,omitempty"` // Veracode Level for the severity of the finding. The value range is 0 to 5, with 5 being the highest severity.
	Category []CategoryType `json:"category,omitempty"`
}

Information about the Veracode Levels for the severity of a finding. The range is 0 through 5, where 0 is informational and 5 is the most severe.

type SoftwareCompositionAnalysis added in v0.7.0 

type SoftwareCompositionAnalysis struct {
	VulnerableComponents     VulnerableComponentList `json:"vulnerable_components,omitempty"`
	ThirdPartyComponents     int                     `json:"third_party_components,omitempty"`     // Number of vulnerable third party components.
	ViolatePolicy            bool                    `json:"violate_policy,omitempty"`             // Whether the component violates the security policy.
	ComponentsViolatedPolicy int                     `json:"components_violated_policy,omitempty"` // Number of components that violate the SCA policy.
	BlacklistedComponents    int                     `json:"blacklisted_components,omitempty"`     // Number of blacklisted components.
	ScaServiceAvailable      bool                    `json:"sca_service_available,omitempty"`      // True if the SCA service is available, else set to false.
}

Information about findings discovered during Software Composition Analysis (SCA).

type SortQueryField added in v0.5.0 

type SortQueryField struct {
	Name   string
	IsDesc bool
}

type SummaryReport added in v0.7.0 

type SummaryReport struct {
	StaticAnalysis              AnalysisType                `json:"static-analysis"`
	DynamicAnalysis             AnalysisType                `json:"dynamic-analysis"`
	ManualAnalysis              ManualAnalysisType          `json:"manual-analysis"`
	Severity                    []SeverityType              `json:"severity"`
	FlawStatus                  FlawStatusType              `json:"flaw_status"`
	CustomFields                CustomFields                `json:"custom_fields"`
	SoftwareCompositionAnalysis SoftwareCompositionAnalysis `json:"software_composition_analysis"`
	ReportFormatVersion         string                      `json:"report_format_version,omitempty"`    // Version of the format of this report.
	AccountId                   int                         `json:"account_id,omitempty"`               // ID of the Veracode account.
	AppName                     string                      `json:"app_name,omitempty"`                 // Name of the scanned application.
	AppId                       int                         `json:"app_id,omitempty"`                   // ID of the scanned application.
	AnalysisId                  int                         `json:"analysis_id,omitempty"`              // ID for the scan.
	StaticAnalysisUnitId        int                         `json:"static_analysis_unit_id,omitempty"`  // Unit ID for a static analysis.
	SandboxName                 string                      `json:"sandbox_name,omitempty"`             // Name of the development sandbox. Not applicable for a policy scan.
	SandboxId                   int                         `json:"sandbox_id,omitempty"`               // ID of the development sandbox. Not applicable for a policy scan.
	FirstBuildSubmittedDate     ctime                       `json:"first_build_submitted_date"`         // Timestamp of the first time you submitted a build of this application to Veracode for scanning.
	Version                     string                      `json:"version,omitempty"`                  // Version label for the application.
	BuildId                     int                         `json:"build_id,omitempty"`                 // ID of the build for the application.
	Vendor                      string                      `json:"vendor,omitempty"`                   // Name of the vendor that provided the application, if applicable.
	Submitter                   string                      `json:"submitter,omitempty"`                // Name of the account or user that created the build.
	Platform                    string                      `json:"platform,omitempty"`                 // Platform of the build for the application.
	BusinessCriticality         int                         `json:"business_criticality,omitempty"`     // Business criticality for the application.
	GenerationDate              ctime                       `json:"generation_date"`                    // Timestamp when Veracode generated the report.
	VeracodeLevel               string                      `json:"veracode_level,omitempty"`           // Security score for the application based on Veracode Levels. Values are VL1, VL2, VL3, VL4, or VL5
	TotalFlaws                  int                         `json:"total_flaws,omitempty"`              // Total number of discovered findings for the application.
	FlawsNotMitigated           int                         `json:"flaws_not_mitigated,omitempty"`      // Total number of discovered findings not marked as mitigated.
	Teams                       string                      `json:"teams,omitempty"`                    // Teams assigned to this application.
	LifeCycleStage              string                      `json:"life_cycle_stage,omitempty"`         // Current life cycle stage for this application. For example, deployed or in development.
	PlannedDeploymentDate       ctime                       `json:"planned_deployment_date"`            // Deployment date for the application, if specified.
	LastUpdateTime              ctime                       `json:"last_update_time"`                   // Last time this application was modified.
	IsLatestBuild               bool                        `json:"is_latest_build,omitempty"`          // True if this report is for the most recent build of this application.
	PolicyName                  string                      `json:"policy_name,omitempty"`              // Name of the security policy assigned to this application.
	PolicyVersion               int                         `json:"policy_version,omitempty"`           // Version number of the security policy assigned to the version of this application.
	PolicyComplianceStatus      string                      `json:"policy_compliance_status,omitempty"` // Current policy compliance status for this application. Values are Calculating, Did Not Pass, Conditional Pass, or Pass.
	PolicyRulesStatus           string                      `json:"policy_rules_status,omitempty"`      // Current policy rules compliance status for this application. Does not include scan frequency requirements and grace period time allowed to address rule violations. Values are Calculating, Did Not Pass, or Pass.
	GracePeriodExpired          bool                        `json:"grace_period_expired,omitempty"`     // True if findings in the latest analyzed build of this application have existed for longer than the allowed grace period.
	ScanOverdue                 string                      `json:"scan_overdue,omitempty"`             // True if the amount of time between the last analysis and the current time is greater than the scan frequency that your security policy requires.
	AnyTypeScanDue              ctime                       `json:"any_type_scan_due"`                  // Date to analyze a new build of this application for it to remain in compliance with the required scan frequency of the security policy.
	BusinessOwner               string                      `json:"business_owner,omitempty"`           // First and last name of the party responsible for this application.
	BusinessUnit                string                      `json:"business_unit,omitempty"`            // Department or group associated with this application.
	Tags                        string                      `json:"tags,omitempty"`                     // Comma-delimited list of tags associated with this application.
	LegacyScanEngine            bool                        `json:"legacy_scan_engine,omitempty"`       // For a static analysis, indicates whether the scan ran with a legacy engine or the same engine version as the previous scan of its type.
}

type SummaryReportOptions added in v0.7.0 

type SummaryReportOptions struct {
	BuildId int    `url:"build_id,omitempty"` // ID of the build in which the scan ran. Default is the latest build_id.
	Context string `url:"context,omitempty"`  // GUID of the associated development sandbox, if specified. The Summary Report is relative to this context parameter.
}

type Team 

type Team struct {
	TeamId       string           `json:"team_id,omitempty"`
	TeamLegacyId int              `json:"team_legacy_id,omitempty"`
	TeamName     string           `json:"team_name,omitempty"`
	Relationship TeamRelationship `json:"relationship,omitempty"`
	Users        *[]User          `json:"users,omitempty"`
	BusinessUnit *BusinessUnit    `json:"business_unit,omitempty"`
}

func (*Team) MarshalJSON 

func (t *Team) MarshalJSON() ([]byte, error)

If Relationship.Name is "", create custom struct where TeamRelationship is a pointer and set it to nil. This will omit relationship from the marshalled json.

If Relationship.Name is not "", flatten TeamRelationship to Relationship in Team model.

type TeamRelationship 

type TeamRelationship struct {
	Name string `json:"name,omitempty"`
}

type UpdateOptions 

type UpdateOptions struct {
	Incremental *bool `url:"incremental,omitempty"` // incremental=true indicates that you are adding items to a list for an object property, such as adding users to a team.
	Partial     *bool `url:"partial,omitempty"`     // partial=true indicates that you are updating only a subset of properties for an object.
}

type UploadXMLService added in v0.7.0 

type UploadXMLService service

UploadXMLService will contain all of the endpoints for the legacy XML upload service that do not have a REST equivalent.

For more information: https://docs.veracode.com/r/c_about_upload_API

func (*UploadXMLService) GetBuildInfo added in v0.7.0 

func (u *UploadXMLService) GetBuildInfo(ctx context.Context, options BuildInfoOptions) (BuildInfo, *Response, error)

GetBuildInfo provides information about the most recent scan or a specific scan of the application.

Documentation Reference: https://docs.veracode.com/r/r_getbuildinfo

func (*UploadXMLService) GetBuildList added in v0.7.0 

func (u *UploadXMLService) GetBuildList(ctx context.Context, options BuildListOptions) (BuildList, *Response, error)

type User 

type User struct {
	// Below fields will be included in /users and /users/search calls
	LoginEnabled *bool  `json:"login_enabled,omitempty"`
	SamlUser     *bool  `json:"saml_user,omitempty"` // Required when creating a new SAML user.
	EmailAddress string `json:"email_address,omitempty"`
	FirstName    string `json:"first_name,omitempty"`
	LastName     string `json:"last_name,omitempty"`
	UserId       string `json:"user_id,omitempty"`
	LegacyUserId string `json:"legacy_user_id,omitempty"`
	UserName     string `json:"user_name,omitempty"`

	// AccountType is added by passing detailed=true in the URL values.
	// AccountType will be shown in the user model for /users/{id}, /users and /users/search
	AccountType string `json:"account_type,omitempty"`

	Relationship TeamRelationship `json:"relationship,omitempty"` // Only present when the user is included in the Team model.

	// Below fields will only be included in /users/{id} calls
	// BACKLOG: Add remaining fields for model as required.
	Active *bool `json:"active,omitempty"`

	Roles       *[]RoleUser   `json:"roles,omitempty"`       // Be careful when setting a user's roles to an empty list. This will remove even the Administrator role.
	Teams       *[]Team       `json:"teams,omitempty"`       // Giving a user the team admin role will require setting the Team.Relationship.Name to "ADMIN"
	Permissions *[]Permission `json:"permissions,omitempty"` // A permission with name: "apiUser" needs to be set to create a new API user.

	Title       string `json:"title,omitempty"`        // Can be set when creating a new user, but is not available when fetching a user.
	UserType    string `json:"user_type,omitempty"`    // Required when creating a new user.
	SamlSubject string `json:"saml_subject,omitempty"` // Required when creating a new SAML user.
}

func NewAPIUser 

func NewAPIUser(userName, emailAddress, firstName, lastName string, teams []Team) *User

NewAPIUser is a helper function that creates a new service account user with all of the required fields to Post successfully to the Veracode API.

Note the following:

  • NewAPIUser adds the "resultsapi" role as the default role for the created user. The caller should update the roles on the returned User.
  • Providing a nil value or an empty slice for parameter "teams", will add the "noteamrestrictionapi" role for the user. This role allows a Service Account to see all applications across the Veracode instance.

func NewSAMLUser 

func NewSAMLUser(emailAddress, firstName, lastName, samlSubject string) *User

NewSAMLUser is a helper function that creates a new SAML user with all of the required fields to Post successfully to the Veracode API.

Note that NewSAMLUser adds the "securityinsightsonly" role as the default role for the created user. The caller should update the roles on the returned User.

func NewUser 

func NewUser(emailAddress, firstName, lastName string) *User

NewUser is a helper function that creates a new user with all of the required fields to Post to the Veracode API.

Note that NewUser adds the "securityinsightsonly" role as the default role for the created user. The caller should update the roles on the User.

func (*User) MarshalJSON 

func (u *User) MarshalJSON() ([]byte, error)

If Relationship.Name is "", create custom struct where TeamRelationship is a pointer and set it to nil. This will omit relationship from the marshalled json.

If Relationship.Name is not "", flatten TeamRelationship to Relationship in User model.

type ViolatedRuleList added in v0.7.0 

type ViolatedRuleList struct {
	PolicyRule []PolicyRule `json:"policy_rule"`
}

type Vulnerability added in v0.7.0 

type Vulnerability struct {
	CveId                                string  `json:"cve_id,omitempty"`                                  // Common Vulnerabilities and Exposures (CVE) ID of the vulnerability.
	CvssScore                            float32 `json:"cvss_score,omitempty"`                              // Common Vulnerability Scoring System (CVSS) score. Measures the level of complexity for the vulnerability. The value is a range of 0 to 10 with 10 representing the highest complexity.
	Severity                             int     `json:"severity,omitempty"`                                // Veracode Level for the severity of the vulnerability. The value range is 0 to 5, with 5 being the highest severity.
	CweId                                string  `json:"cwe_id,omitempty"`                                  // Common Weakness Enumration (CWE) ID for the vulnerability.
	FirstFoundDate                       ctime   `json:"first_found_date"`                                  // Date when Veracode first discovered the vulnerability.
	CweSummary                           string  `json:"cwe_summary,omitempty"`                             // CVE summary for the vulnerability.
	SeverityDesc                         string  `json:"severity_desc,omitempty"`                           // Severity description for the vulnerbseverity.
	Mitigation                           string  `json:"mitigation,omitempty"`                              // Vulnerability mitigation status.
	MitigationType                       string  `json:"mitigation_type,omitempty"`                         // Type of mitigation applied to the vulnerability, if any.
	MitigatedDate                        ctime   `json:"mitigated_date"`                                    // Mitigation date for teh vulnerability.
	VulnerabilityAffectsPolicyCompliance string  `json:"vulnerability_affects_policy_compliance,omitempty"` // Whether the vulnerability affects SCA policy compliance.
}

type VulnerabilityList added in v0.7.0 

type VulnerabilityList struct {
	Vulnerability []Vulnerability `json:"vulnerability_dto"`
}

type VulnerableComponentList added in v0.7.0 

type VulnerableComponentList struct {
	Component []Component `json:"component_dto,omitempty"`
}

Details about the vulnerable components.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.