Crate veracode_platform

Veracode API Client Library

A comprehensive Rust client library for interacting with Veracode APIs including Applications, Identity, Pipeline Scan, and Sandbox APIs.

This library provides a safe and ergonomic interface to the Veracode platform, handling HMAC authentication, request/response serialization, and error handling.

Features

• 🔐 HMAC Authentication - Built-in support for Veracode API credentials
• 🌍 Multi-Regional Support - Automatic endpoint routing for Commercial, European, and Federal regions
• 🔄 Smart API Routing - Automatically uses REST or XML APIs based on the operation
• 📱 Applications API - Manage applications, builds, and scans (REST)
• 👤 Identity API - User and team management (REST)
• 🔍 Pipeline Scan API - Automated security scanning in CI/CD pipelines (REST)
• 🧪 Sandbox API - Development sandbox management (REST)
• 📤 Sandbox Scan API - File upload and scan operations (XML)
• 🚀 Async/Await - Built on tokio for high-performance async operations
• ⚡ Type-Safe - Full Rust type safety with serde serialization
• 📊 Rich Data Types - Comprehensive data structures for all API responses

Quick Start

use veracode_platform::{VeracodeConfig, VeracodeClient, VeracodeRegion};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Create configuration - automatically supports both API types
    let config = VeracodeConfig::new(
        "your_api_id",
        "your_api_key",
    ).with_region(VeracodeRegion::Commercial); // Optional: defaults to Commercial

    let client = VeracodeClient::new(config)?;
     
    // REST API modules (use api.veracode.*)
    let apps = client.get_all_applications().await?;
    let pipeline = client.pipeline_api();
    let identity = client.identity_api();
    let sandbox = client.sandbox_api();  // REST API for sandbox management
    let policy = client.policy_api();
     
    // XML API modules (automatically use analysiscenter.veracode.*)
    let scan = client.scan_api(); // XML API for scanning
     
    Ok(())
}

Regional Support

The library automatically handles regional endpoints for both API types:

use veracode_platform::{VeracodeConfig, VeracodeRegion};

// European region
let config = VeracodeConfig::new("api_id", "api_key")
    .with_region(VeracodeRegion::European);
// REST APIs will use: api.veracode.eu
// XML APIs will use: analysiscenter.veracode.eu

// US Federal region  
let config = VeracodeConfig::new("api_id", "api_key")
    .with_region(VeracodeRegion::Federal);
// REST APIs will use: api.veracode.us
// XML APIs will use: analysiscenter.veracode.us

API Types

Different Veracode modules use different API endpoints:

• REST API (api.veracode.*): Applications, Identity, Pipeline, Policy, Sandbox management
• XML API (analysiscenter.veracode.*): Sandbox scanning operations

The client automatically routes each module to the correct API type based on the operation.

Sandbox Operations

Note that sandbox functionality is split across two modules:

• sandbox_api() - Sandbox management (create, delete, list sandboxes) via REST API
• scan_api() - File upload and scan operations via XML API

This separation reflects the underlying Veracode API architecture where sandbox management uses the newer REST endpoints while scan operations use the legacy XML endpoints.

Re-exports

pub use app::Application;

pub use app::ApplicationQuery;

pub use app::ApplicationsResponse;

pub use app::CreateApplicationRequest;

pub use app::UpdateApplicationRequest;

pub use build::Build;

pub use build::BuildApi;

pub use build::BuildError;

pub use build::BuildList;

pub use build::CreateBuildRequest;

pub use build::DeleteBuildRequest;

pub use build::DeleteBuildResult;

pub use build::GetBuildInfoRequest;

pub use build::GetBuildListRequest;

pub use build::UpdateBuildRequest;

pub use client::VeracodeClient;

pub use identity::ApiCredential;

pub use identity::BusinessUnit;

pub use identity::CreateApiCredentialRequest;

pub use identity::CreateTeamRequest;

pub use identity::CreateUserRequest;

pub use identity::IdentityApi;

pub use identity::IdentityError;

pub use identity::Role;

pub use identity::Team;

pub use identity::UpdateTeamRequest;

pub use identity::UpdateUserRequest;

pub use identity::User;

pub use identity::UserQuery;

pub use identity::UserType;

pub use pipeline::CreateScanRequest;

pub use pipeline::DevStage;

pub use pipeline::Finding;

pub use pipeline::FindingsSummary;

pub use pipeline::PipelineApi;

pub use pipeline::PipelineError;

pub use pipeline::Scan;

pub use pipeline::ScanConfig;

pub use pipeline::ScanResults;

pub use pipeline::ScanStage;

pub use pipeline::ScanStatus;

pub use pipeline::SecurityStandards;

pub use pipeline::Severity;

pub use policy::PolicyApi;

pub use policy::PolicyComplianceResult;

pub use policy::PolicyComplianceStatus;

pub use policy::PolicyError;

pub use policy::PolicyRule;

pub use policy::PolicyScanRequest;

pub use policy::PolicyScanResult;

pub use policy::PolicyThresholds;

pub use policy::ScanType;

pub use policy::SecurityPolicy;

pub use sandbox::ApiError;

pub use sandbox::ApiErrorResponse;

pub use sandbox::CreateSandboxRequest;

pub use sandbox::Sandbox;

pub use sandbox::SandboxApi;

pub use sandbox::SandboxError;

pub use sandbox::SandboxListParams;

pub use sandbox::SandboxScan;

pub use sandbox::UpdateSandboxRequest;

pub use scan::BeginPreScanRequest;

pub use scan::BeginScanRequest;

pub use scan::PreScanMessage;

pub use scan::PreScanResults;

pub use scan::ScanApi;

pub use scan::ScanError;

pub use scan::ScanInfo;

pub use scan::ScanModule;

pub use scan::UploadFileRequest;

pub use scan::UploadLargeFileRequest;

pub use scan::UploadProgress;

pub use scan::UploadProgressCallback;

pub use scan::UploadedFile;

pub use workflow::VeracodeWorkflow;

pub use workflow::WorkflowConfig;

pub use workflow::WorkflowError;

pub use workflow::WorkflowResultData;

Modules

app

Application-specific functionality built on top of the core client.

build

Build API functionality for Veracode platform.

client

Core Veracode API client implementation.

identity

Identity API functionality for managing users, teams, roles, and API credentials.

pipeline

Pipeline Scan API functionality for scanning applications with static analysis.

policy

Policy API module for Veracode Platform

sandbox

scan

Scan API functionality for Veracode platform.

workflow

High-level workflow helpers for common Veracode operations.

Structs

RetryConfig

Retry configuration for HTTP requests

SecureVeracodeApiId

Secure wrapper for Veracode API ID that prevents exposure in debug output

SecureVeracodeApiKey

Secure wrapper for Veracode API key that prevents exposure in debug output

VeracodeConfig

Configuration for the Veracode API client.

Enums

VeracodeError

Custom error type for Veracode API operations.

VeracodeRegion

Veracode regions for API access.