Skip to content

(.NET Framework) Takes a Veracode Detailed XML report and generates a CSV file for flaws or SCA Components

License

Notifications You must be signed in to change notification settings

dipsylala/VeracodeReportConverter-Windows

Folders and files

NameName
Last commit message
Last commit date

Latest commit

author
Marcus Watson
Nov 3, 2018
7c7b81c · Nov 3, 2018

History

18 Commits
Mar 29, 2018
Nov 3, 2018
Mar 24, 2018
Mar 24, 2018
Mar 29, 2018
Mar 24, 2018
Nov 3, 2018
Mar 29, 2018

Repository files navigation

Veracode Report Converter

Takes a detailed xml report from the Veracode platform and generates a CSV file containing typical fields that are useful in day-to-day reporting:

            Flaw ID
            CWE ID
            Category Name
            Description
            Affects Policy Compliance
            Exploit (Manual)
            Severity (Manual)
            Remediation (Manual)
            Date First Occurrence
            Module
            Source File
            Source File Path
            Attack Vector
            Function Prototype
            Line
            Function Relative Location (%)
            Scope
            Severity
            Exploitability Adjustments
            Grace Period Expires
            Remediation Status
            Mitigation Status
            Mitigation Status Description
            Mitigation Text

It can also optionally output SCA details into another file:

            Library
            Version
            Vendor
            Description
            File Paths
            Licenses
            Max CVSS Score
            Affects Policy Compliance
            Violated Policy Rules
            Vulnerabilities (Very Low)
            Vulnerabilities (Low)
            Vulnerabilities (Medium)
            Vulnerabilities (High)
            Vulnerabilities (Very High)

The Veracode Help Center provides guidance on how to retrieve the detailed xml report here: https://help.veracode.com/reader/DGHxSJy3Gn3gtuSIN2jkRQ/wtJ0ZMLZcYuRd22PmK5vxg

This is a build for .NET Framework, for Windows users who don't want to have to install the .NET Core Runtime

Usage

Dipsy.VeracodeReport.Converter -i <input filename> [-o <output filename>] [-f]

  • -i, --input Required. Detailed XML file to be processed
  • -o, --output Output filename
  • -f, --fixed Include fixed flaws in the output
  • -s, --sca Generate Software Composition Analysis report
  • --help Display this help screen.
  • --version Display version information.

Examples

Dipsy.VeracodeReport.Converter -i LoadValidFileTest.xml

Dipsy.VeracodeReport.Converter -i LoadValidFileTest.xml -o myoutput.csv

About

(.NET Framework) Takes a Veracode Detailed XML report and generates a CSV file for flaws or SCA Components

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages