This topic is for the new Veracode Static for Visual Studio released April 2022. For the legacy versions of Veracode Static for Visual Studio, see Veracode Static for Visual Studio (Legacy).
If this is your first scan for an application using this extension, see the One-Time Setup section to ensure your scan is properly built and packaged for uploading to Veracode.
The Run Scan button is disabled if a scan is in a failed state. You must resolve the failed scan to re-enable this button.
To start a scan, select Run Scan.
You can now select View Results to view full details on the findings.
The View Results grid opens with details about the findings.
Right-click on any finding in the grid and select from these options:
- Remediation Guidance
- Go to Line to go directly to the line of code containing the finding. You can also double-click the grid row to go directly to the source code.
The details window shows all details for the findings. Some of these details show in the grid, by default, and the details window enables you to see all details, including the Issue Description, which gives specific guidance about the finding.
The History window shows the history of any actions that have been applied to a finding, such as any mitigations, or as below, comments applied to a finding.
The Datapaths window shows the flow of the finding through the code. In this example, there can be a number of different entry points a finding can take through the code.
The Remediation Guidance window shows detailed information about a finding and examples of how it might be fixed. There are also links to other common websites with additional information on the finding, such as OWASP, WASC, and
Go to Line
You can go directly to the finding in your source code by either selecting Go to Line, or by double-clicking the grid row corresponding to the finding in your source code.
Actions allow you to apply a number of different options for each row you select in the grid. In the example below, only one row is selected, but you can select multiple rows to which to apply the action. The actions include adding comments to the findings, adding mitigation requests, such as Mitigate by Design, Mitigate by Network Environment, etc., and with the correct account permissions, the ability to approve or reject mitigations.
Below is an example of adding a comment to a single finding using the selected row as shown in the example above.
Select Extensions > Veracode Static Analysis > View Results > Windows. You can open a window for each of these menu items: View Results, Finding History, Finding Details, Finding Datapaths, and Remediation Guidance.
These windows are populated with data you viewed during the current Visual Studio session. If you exit and restart Visual Studio, you clear the data from all windows. If you have not viewed data in a window during the current session, the window is empty.