Skip to main content

Run an SCA scan in VS Code

You use Veracode Scan for VS Code to analyze the security risk of all open-source libraries and licenses in your project.

The scan results are only available in the IDE and from the command line. You cannot view them in the Veracode Platform.

To complete this task:

  1. Open a supported project in VS Code.

  2. On the Activity Bar, select Veracode SCA Scan vs-code-side-bar.png.

  3. In the SCAN OVERVIEW view, select Start Scanning. If you have more than one project open, you can select the project you want to scan from the Command Palette.

    When the scan has completed, the results for the selected project appear in the SCAN OVERVIEW, VULNERABILITIES, and LICENSES views. The SCAN OVERVIEW view shows a high-level summary of the scan, including the completion date and time, the total number of dependencies that Veracode analyzed, and a list of all detected vulnerabilities categorized by risk level.

  4. Optionally, select Rescan vscode-sca-rescan-icon.png to rescan your project.

    For example, you typically rescan your project after fixing a vulnerability to confirm the fix or to scan new or changed project files.

  5. Review the results in the VULNERABILITIES and LICENSES views.