Configure Veracode SCA Scan for VS Code
You access the configuration settings from the Settings tab in VS Code.
To complete this task:
In VS Code, from the Manage menu
, select Settings.
In the Search settings field, enter
veracode
.Under Extensions, select Veracode. You see the following settings.
- Built-In Policy: the built-in policy that flags vulnerabilities that have a risk level of Critical or High. These vulnerabilities have a CVSS score of 7.0 or higher. This policy is not related to application security policies. Veracode recommends that you leave this checkbox selected, which is the default.
- Recursive Scan: run a recursive scan of all folders and files in your selected project. After you select this option, you must rescan your project to update the results.
- Filters: provides the following options for filtering the VULNERABILITIES view:
- Severity: filter by severity.
- Usage: filter based on how the project uses a vulnerable library: directly or indirectly (transitive).