Skip to main content

Prerequisites for Veracode Static for Visual Studio 2015 and 2017

Before you can use Veracode Static for Visual Studio, you must have:

  • Installed a supported version of Visual Studio and ensured your code meets the packaging requirements.
  • Stored your API credentials in an API credentials file on Windows.
  • One of these account types:
    • A user account with these roles:

      • Creator or Security Lead role to create builds of your applications with the necessary Veracode settings
      • Submitter role to upload scans to Veracode
      • Sandbox User role to create sandboxes to use with the extension
      • Reviewer role to check scan completion, propose mitigations, and import results to Visual Studio
      • Mitigation Approver role to approve mitigations
    • An API service account with these API roles:

      • Upload and Scan API to create application profiles, create sandboxes, and upload and scan applications
      • Upload API - Submit Only to submit scans
      • Mitigation API to mitigate flaws found in applications
      • Results API to download, import, and view Veracode results

      If you do not have an account with these roles, you receive access denial errors.

  • Ensured that all required Veracode IP addresses for the Veracode APIs and integrations are on the allowlist for your organization. The extension uses these addresses to authenticate with Veracode. To update your allowlist, you might need to contact your IT team.
  • If you use a proxy to access Veracode, ensure you have configured a proxy in your IDE. You cannot configure a proxy in the Veracode extension. For more information, see the Microsoft documentation.
  • If you are using Visual Studio 2019 with .NET Framework version 4.8, you must disable an option in Visual Studio to ensure scan results display correctly in the IDE.