Skip to main content


Veracode performs application analysis including dynamic analysis, penetration testing, and static code testing to locate vulnerabilities that can lead to security breaches. You can bring application, code, and site data from Veracode into Brinqa to construct a unified view of your attack surface and strengthen your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Veracode and how to obtain that information from Veracode. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Veracode from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Veracode with Brinqa:

  • Server URL: The Veracode Platform URL. The default URL is

  • API ID and Secret key: The API credentials associated with the Veracode account, which must have permissions to log in to the API server and return data.

Generate Veracode API credentials

For the Veracode connector to use the Veracode API, you must provide API credentials. Veracode does not allow retrieving the API credentials for an existing user. To generate new API credentials, follow these steps:

  1. Log in to your organization's Veracode Platform.

  2. Click the username and select API Credentials from the drop-down.

  3. Click Generate API Credentials.

    The new API ID and secret key display. You cannot view the credentials after this, so copy and save them to a secure location.


If you do not have the permissions to generate access keys, contact your Veracode administrator. For additional information, see Veracode documentation.

Types of data to retrieve

The Veracode connector can retrieve the following types of data from the Veracode API:

Connector ObjectRequiredMaps to Data Model
Dynamic Code FindingYesDynamic Code Finding
Dynamic Code Finding DefinitionYesDynamic Code Finding Definition
Open Source FindingYesOpen Source Finding
Open Source Finding DefinitionYesOpen Source Finding Definition
Pentest FindingYesPentest Finding
Pentest Finding DefinitionYesPentest Finding Definition
Static Code FindingYesStatic Code Finding
Static Code Finding DefinitionYesStatic Code Finding Definition

The Veracode connector does not currently support operation options for the types of data it retrieves.

For detailed steps on how to view the data retrieved from Veracode in the Brinqa Platform, see How to view your data.


The Veracode connector uses the Veracode XML API. Specifically, it uses the following endpoints:

  • /api/4.0/

  • /api/5.0/

  • /api/5.0/

  • /api/5.0/

  • /api/5.0/

  • /api/


The Veracode connector has undergone the following changes:


  • Added the ARCHER_APP_NAME attribute to the Application object.


  • Changed the data type of the ISSUE_ID attribute to Integer for sorting purposes.


  • Stopped retrying the error elements in the Veracode API responses.


  • Added all the statuses as multi-valued fields.

  • Assigned the last approved remediation action to the REMEDIATION_STATUS attribute.


Revised the logic for creating finding definitions to be based on the Common Weakness Enumeration (CWE) descriptions.


  • Added Component, Open Source Finding, and Open Source Finding Definition as connector objects.


  • Added Pentest Finding and Pentest Finding Definition as connector objects.


  • Added new attributes, MITIGATION_STATUS and MITIGATION_STATUS_DESCRIPTION, in the Dynamic Code Finding and Static Code Finding object.