Veracode · Capability
Veracode Findings REST API — Findings
Veracode Findings REST API — Findings. 3 operations. Lead operation: List Findings. Self-contained Naftiko capability covering one Veracode business surface.
What You Can Do
GET
Listfindings
— List Findings
/v1/appsec/v2/applications/{applicationguid}/findings
GET
Getstaticflawinfo
— Get Static Flaw Info
/v1/appsec/v2/applications/{applicationguid}/findings/{findingid}/static-flaw-info
GET
Getdynamicflawinfo
— Get Dynamic Flaw Info
/v1/appsec/v2/applications/{applicationguid}/findings/{issueid}/dynamic-flaw-info
MCP Tools
list-findings
List Findings
read-only
idempotent
get-static-flaw-info
Get Static Flaw Info
read-only
idempotent
get-dynamic-flaw-info
Get Dynamic Flaw Info
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Veracode Findings REST API — Findings
description: 'Veracode Findings REST API — Findings. 3 operations. Lead operation: List Findings. Self-contained Naftiko
capability covering one Veracode business surface.'
tags:
- Veracode
- Findings
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
VERACODE_API_KEY: VERACODE_API_KEY
capability:
consumes:
- type: http
namespace: findings-findings
baseUri: https://api.veracode.com
description: Veracode Findings REST API — Findings business capability. Self-contained, no shared references.
resources:
- name: appsec-v2-applications-applicationGuid-findings
path: /appsec/v2/applications/{applicationGuid}/findings
operations:
- name: listfindings
method: GET
description: List Findings
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: applicationGuid
in: path
type: string
description: Application unique identifier
required: true
- name: scan_type
in: query
type: array
description: Filter by scan type
- name: severity
in: query
type: integer
description: Filter by severity level (0=Informational, 1=Very Low, 2=Low, 3=Medium, 4=High, 5=Very High)
- name: severity_gte
in: query
type: integer
description: Filter findings with severity greater than or equal to this value
- name: cwe
in: query
type: string
description: Filter by CWE ID
- name: cvss_gte
in: query
type: number
description: Filter findings with CVSS score greater than or equal to this value
- name: violates_policy
in: query
type: boolean
description: Filter to only policy-violating findings
- name: include_annot
in: query
type: boolean
description: Include annotation data in response
- name: new
in: query
type: boolean
description: Filter to only new findings
- name: context
in: query
type: string
description: Sandbox GUID for sandbox-specific findings
- name: page
in: query
type: integer
- name: size
in: query
type: integer
- name: appsec-v2-applications-applicationGuid-findings-findingId-static_flaw_info
path: /appsec/v2/applications/{applicationGuid}/findings/{findingId}/static_flaw_info
operations:
- name: getstaticflawinfo
method: GET
description: Get Static Flaw Info
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: applicationGuid
in: path
type: string
required: true
- name: findingId
in: path
type: integer
description: Finding unique identifier
required: true
- name: appsec-v2-applications-applicationGuid-findings-issueId-dynamic_flaw_info
path: /appsec/v2/applications/{applicationGuid}/findings/{issueId}/dynamic_flaw_info
operations:
- name: getdynamicflawinfo
method: GET
description: Get Dynamic Flaw Info
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: applicationGuid
in: path
type: string
required: true
- name: issueId
in: path
type: integer
description: Finding issue ID
required: true
exposes:
- type: rest
namespace: findings-findings-rest
port: 8080
description: REST adapter for Veracode Findings REST API — Findings. One Spectral-compliant resource per consumed operation,
prefixed with /v1.
resources:
- path: /v1/appsec/v2/applications/{applicationguid}/findings
name: appsec-v2-applications-applicationguid-findings
description: REST surface for appsec-v2-applications-applicationGuid-findings.
operations:
- method: GET
name: listfindings
description: List Findings
call: findings-findings.listfindings
with:
applicationGuid: rest.applicationGuid
scan_type: rest.scan_type
severity: rest.severity
severity_gte: rest.severity_gte
cwe: rest.cwe
cvss_gte: rest.cvss_gte
violates_policy: rest.violates_policy
include_annot: rest.include_annot
new: rest.new
context: rest.context
page: rest.page
size: rest.size
outputParameters:
- type: object
mapping: $.
- path: /v1/appsec/v2/applications/{applicationguid}/findings/{findingid}/static-flaw-info
name: appsec-v2-applications-applicationguid-findings-findingid-static-flaw-info
description: REST surface for appsec-v2-applications-applicationGuid-findings-findingId-static_flaw_info.
operations:
- method: GET
name: getstaticflawinfo
description: Get Static Flaw Info
call: findings-findings.getstaticflawinfo
with:
applicationGuid: rest.applicationGuid
findingId: rest.findingId
outputParameters:
- type: object
mapping: $.
- path: /v1/appsec/v2/applications/{applicationguid}/findings/{issueid}/dynamic-flaw-info
name: appsec-v2-applications-applicationguid-findings-issueid-dynamic-flaw-info
description: REST surface for appsec-v2-applications-applicationGuid-findings-issueId-dynamic_flaw_info.
operations:
- method: GET
name: getdynamicflawinfo
description: Get Dynamic Flaw Info
call: findings-findings.getdynamicflawinfo
with:
applicationGuid: rest.applicationGuid
issueId: rest.issueId
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: findings-findings-mcp
port: 9090
transport: http
description: MCP adapter for Veracode Findings REST API — Findings. One tool per consumed operation, routed inline through
this capability's consumes block.
tools:
- name: list-findings
description: List Findings
hints:
readOnly: true
destructive: false
idempotent: true
call: findings-findings.listfindings
with:
applicationGuid: tools.applicationGuid
scan_type: tools.scan_type
severity: tools.severity
severity_gte: tools.severity_gte
cwe: tools.cwe
cvss_gte: tools.cvss_gte
violates_policy: tools.violates_policy
include_annot: tools.include_annot
new: tools.new
context: tools.context
page: tools.page
size: tools.size
outputParameters:
- type: object
mapping: $.
- name: get-static-flaw-info
description: Get Static Flaw Info
hints:
readOnly: true
destructive: false
idempotent: true
call: findings-findings.getstaticflawinfo
with:
applicationGuid: tools.applicationGuid
findingId: tools.findingId
outputParameters:
- type: object
mapping: $.
- name: get-dynamic-flaw-info
description: Get Dynamic Flaw Info
hints:
readOnly: true
destructive: false
idempotent: true
call: findings-findings.getdynamicflawinfo
with:
applicationGuid: tools.applicationGuid
issueId: tools.issueId
outputParameters:
- type: object
mapping: $.