Script provides a single CSV for all flaws in a Veracode account. Default settings only export policy-violating, non-mitigated, and non-fixed flaws for most recent static and dynamic scans. Parameters can override defaults.
csv, sys, requests, argparse, os, multiprocessing, functools, lxml, shutil, logging
- -u, --username: Veracode user name with reviewer permissions. Required.
- -p, --password: Veracode password. Required.
- -n, --non_policy_violating: Will include non-policy violating flaws. Optional.
- -f, --fix: Will include fixed flaws. Optional
- -m, --mitigated: Will include mitigated flaws. Optional.
- -s, --static_only: Will only export static flaws. Optional.
- -d, --dynamic_only: Will include dynamic only flaws. Optional.
- -v, --verbose: Verbose debug logging. Optional.
Creates a CSV file with all output: flaws.csv. Creates a log file: veracode_all_apps_csv.log. (No output to terminal - all to log)
The script will create two temporary directories: build_xml_files and detailed_results. These will be deleted at the end of the script. If the script exits in error, the temporary directories will be deleted at the start of the next run.