Scan and fix in your IDE

Audience: Developers

Learning objectives

Upon completion of this module, you'll be able to:

• Install and set up the Veracode Scan plugin or extension for your IDE.
• Clone the verademo sample application to scan in your IDE.
• Run Static Analysis scans and review flaws in your IDE.
• Run Software Composition Analysis (SCA) scans and review vulnerabilities in your IDE.
• Fix flaws in your IDE with remediation guidance or suggested fixes from Veracode Fix.
• Resolve vulnerable libraries in your IDE.

VS Code

Set up and use Veracode Scan for VS Code
~40 min

Install the VS Code extension, clone a demo application, scan your project, and fix findings in your IDE.

1. Install and set up the extension
   ~5 min
2. Optional. Clone a demo application for scanning
   ~2 min
3. Run a Static Analysis scan and review flaws
   ~7 min
4. Run an SCA scan and review vulnerabilities
   ~7 min
5. Optional. Learn about Veracode Fix
   ~4 min
6. Fix flaws in your code
   ~9 min
7. Resolve vulnerable libraries
   ~5 min

Eclipse

Set up and use Veracode Scan for Eclipse
~40 min

Install the Eclipse plugin, clone a demo application, scan your project, and fix findings in your IDE.

1. Install and set up the plugin
   ~5 min
2. Optional. Clone a demo application for scanning
   ~2 min
3. Run a Static Analysis scan and review flaws
   ~7 min
4. Run an SCA scan and review vulnerabilities
   ~7 min
5. Optional. Learn about Veracode Fix
   ~4 min
6. Fix flaws in your code
   ~8 min
7. Resolve vulnerable libraries
   ~5 min