Skip to main content

Run an SCA Scan in VS Code

You use Veracode Scan for VS Code to analyze the security risk of all open-source libraries and licenses in your project.

The scan results are only available in the IDE and from the command line. You cannot view them in the Veracode Platform.

To complete this task:

  1. Open a supported project in VS Code.

  2. On the Activity Bar, click Veracode SCA Scan vs-code-side-bar.png.

  3. In the SCAN OVERVIEW view, click Start Scanning.

    When the scan has completed, you can see the results in the SCAN OVERVIEW, VULNERABILITIES, and LICENSES views. The SCAN OVERVIEW view provides a high-level summary of the scan, including the completion date and time, the total number of dependencies that Veracode analyzed, and a list of all detected vulnerabilities categorized by risk level.

  4. Optionally, click Rescan vscode-sca-rescan-icon.png to rescan your project.

    For example, you typically rescan your project after fixing a vulnerability to confirm the fix or to scan new or changed project files.

  5. Review the results in the VULNERABILITIES and LICENSES views.