Scan and fix in your IDE

Audience: Developers

Learning objectives

Upon completion of this module, you'll be able to:

• Install and set up the Veracode Scan plugin or extension for your IDE.
• Clone the verademo sample application to scan in your IDE.
• Run Static Analysis scans and review flaws in your IDE.
• Run Software Composition Analysis (SCA) scans and review vulnerabilities in your IDE.
• Fix flaws in your IDE with remediation guidance or suggested fixes from Veracode Fix.
• Resolve vulnerable libraries in your IDE.

VS Code

Set up and use Veracode Scan for VS Code
~40 min

Install the VS Code extension, clone a demo application, scan your project, and fix findings in your IDE.

1. Optional. Learn about Veracode Fix
   ~4 min
2. Create an API credentials file on your local Windows or macOS or Linux machine.
   ~4 min
3. Install and set up the extension
   ~5 min
4. Optional. Clone a demo application for scanning
   ~2 min
5. Run a Static Analysis scan and review flaws
   ~7 min
6. Run an SCA scan and review vulnerabilities
   ~7 min
7. Fix flaws in your code
   ~9 min
8. Resolve vulnerable libraries
   ~5 min

JetBrains

Set up and use Veracode Scan for JetBrains
~40 min

Install the JetBrains plugin, clone a demo application, scan your project, and fix findings in your IDE.

1. Optional. Learn about Veracode Fix
   ~4 min
2. Create an API credentials file on your local Windows or macOS or Linux machine.
   If your organization uses Single Sign-On (SSO), this step is optional.
   ~4 min
3. Install and set up the plugin
   ~5 min
4. Optional. Clone a demo application for scanning
   ~2 min
5. Run a Static Analysis scan and review flaws
   ~6 min
6. Run an SCA scan and review vulnerabilities
   ~6 min
7. Fix flaws in your code
   ~9 min
8. Resolve vulnerable libraries
   ~4 min

Eclipse

Set up and use Veracode Scan for Eclipse
~40 min

Install the Eclipse plugin, clone a demo application, scan your project, and fix findings in your IDE.

1. Optional. Learn about Veracode Fix
   ~4 min
2. Create an API credentials file on your local Windows or macOS or Linux machine.
   If your organization uses Single Sign-On (SSO), this step is optional. This video only explains how to authenticate using API credentials.
   ~4 min
3. Install and set up the plugin
   ~5 min
4. Optional. Clone a demo application for scanning
   ~2 min
5. Run a Static Analysis scan and review flaws
   ~7 min
6. Run an SCA scan and review vulnerabilities
   ~7 min
7. Fix flaws in your code
   ~8 min
8. Resolve vulnerable libraries
   ~5 min