Skip to main content

Configure Veracode SCA Scan for VS Code

You access the configuration settings from the Settings tab in VS Code.

To complete this task:

  1. In VS Code, from the Manage menu settings_button.png, select Settings.

  2. In the Search settings field, enter veracode.

  3. Under Extensions, select Veracode. You see the following settings.

    • Built-In Policy: the built-in policy that flags vulnerabilities that have a risk level of Critical or High. These vulnerabilities have a CVSS score of 7.0 or higher. This policy is not related to application security policies. Veracode recommends that you leave this checkbox selected, which is the default.
    • Recursive Scan: run a recursive scan of all folders and files in your selected project. After you select this option, you must rescan your project to update the results.
    • Filters: provides the following options for filtering the VULNERABILITIES view:
      • Severity: filter by severity.
      • Usage: filter based on how the project uses a vulnerable library: directly or indirectly (transitive).