You must have Veracode API credentials and specific account types to be able to use Veracode Static for Visual Studio.
You must have one of these account types:
- A user account with these roles:
- Creator or Security Lead role to create builds of your applications with the necessary Veracode settings
- Submitter role to upload scans to Veracode
- Sandbox User role to create sandboxes to use with the extension
- Reviewer role to check scan completion, propose mitigations, and import results to Visual Studio
- Mitigation Approver role to approve mitigations
- An API service account with these API roles:
- Upload and Scan API to create application profiles, create sandboxes, and upload and scan applications
- Upload API - Submit Only to submit scans
- Mitigation API to mitigate flaws found in applications
- Results API to download, import, and view Veracode results