Veracode API Python Library

0.9.65 · active · verified Fri Apr 17

This is an officially supported Python helper library for interacting with the Veracode APIs, primarily focusing on the modern REST APIs. It simplifies API calls by handling authentication, retries, pagination, and provides higher-level abstractions for common Veracode functions. The library is currently at version `0.9.65` and receives frequent updates for bug fixes and new feature support.

Common errors

```
requests_veracode.exceptions.AuthenticationError: Missing or invalid API credentials.
```
cause The Veracode API Key ID or Secret environment variables (`VERACODE_API_KEY_ID`, `VERACODE_API_KEY_SECRET`) are not set, are empty, or contain incorrect values.

fix Set the `VERACODE_API_KEY_ID` and `VERACODE_API_KEY_SECRET` environment variables with your valid Veracode API credentials before running your Python script.
```
KeyError: 'default'
```
cause This specific `KeyError` was a bug in older versions (prior to v0.9.64) when default values were expected but not properly handled in certain API responses or request preparations.

fix Upgrade the `veracode-api-py` library to version `0.9.64` or newer: `pip install --upgrade veracode-api-py`.
```
veracode.exceptions.VeracodeAPIError: HTTP 404 Not Found
```
cause The specific resource (e.g., application ID, scan ID) you are trying to access does not exist, or your API credentials lack the necessary permissions to view it. Other HTTP status codes (e.g., 400 Bad Request, 403 Forbidden) indicate similar issues with your request or permissions.

fix Verify that the resource ID or name is correct. Check your Veracode API user's permissions in the Veracode platform to ensure it has access to the requested API endpoints and data. Consult the Veracode API documentation for the specific endpoint you are calling.

Warnings

gotcha The library is currently in `0.9.x` release series. While efforts are made to maintain stability, minor versions *could* introduce breaking changes or significant API adjustments before reaching a stable `1.0.0` release. Always review changelogs when upgrading.
Fix: Review the GitHub changelog or release notes before upgrading minor versions. Pin your dependency to `veracode-api-py~=0.9.x` to avoid unexpected breaking changes.
gotcha Authentication relies on environment variables (`VERACODE_API_KEY_ID`, `VERACODE_API_KEY_SECRET`) or a configuration file (`~/.veracode/credentials`). Incorrectly set or missing credentials will result in `AuthenticationError`.
Fix: Ensure `VERACODE_API_KEY_ID` and `VERACODE_API_KEY_SECRET` environment variables are correctly set, or configure a valid `~/.veracode/credentials` file as per the `requests-veracode` documentation.
gotcha The library automatically handles API pagination and retries. However, for large datasets, be mindful of the performance implications and potential rate limiting from the Veracode API itself, even with retries.
Fix: For very large API responses, consider using filters or `size` parameters in your API calls to retrieve data in smaller chunks if direct fetching of 'all' items is too slow or hits limits. Implement local caching where appropriate.

Install

pip install veracode-api-py Install latest version

Imports

Applications
wrong:
```
from veracode.api import VeracodeAPI
```
correct:
```
from veracode.applications import Applications
```
While `VeracodeAPI` provides a low-level client, most high-level operations are best performed via specific modules like `Applications`, `Scans`, etc., for a more convenient and abstracted interface.

Quickstart

This example demonstrates how to initialize the `Applications` client and retrieve a list of your Veracode applications. It expects your Veracode API Key ID and Secret to be set as environment variables `VERACODE_API_KEY_ID` and `VERACODE_API_KEY_SECRET` respectively. It includes a basic check for these variables.

import os
from veracode.applications import Applications

# Ensure Veracode API credentials are set as environment variables
# VERACODE_API_KEY_ID and VERACODE_API_KEY_SECRET
api_key_id = os.environ.get('VERACODE_API_KEY_ID', '')
api_key_secret = os.environ.get('VERACODE_API_KEY_SECRET', '')

if not api_key_id or not api_key_secret:
    print("WARNING: Veracode API credentials not found in environment variables.")
    print("Please set VERACODE_API_KEY_ID and VERACODE_API_KEY_SECRET.")
else:
    try:
        # Initialize the Applications client
        apps = Applications()

        # Get the first 10 applications
        all_applications = apps.get_all(size=10)

        if all_applications:
            print(f"Found {len(all_applications)} applications:")
            for app in all_applications:
                print(f"  - {app.get('name')} (ID: {app.get('id')})")
        else:
            print("No applications found or accessible.")
    except Exception as e:
        print(f"An error occurred: {e}")

view raw JSON →