You can scan your Java or JavaScript code, including a package file containing code, directly within your IDE.
- Veracode Greenlight requires compilable Java files that successfully build into Java class files. To ensure your Veracode Greenlight scan succeeds, verify that you have a Java class file built for the Java file you want to scan. Veracode Greenlight can scan non-minified1 JavaScript files.
- You can only use Veracode Greenlight for IntelliJ to scan binaries. Third-party
build tools, such as Gradle or Maven, add non-binary files that can cause issues
during scanning. If you use a third-party build tool, ensure that:
- The project builds successfully outside of IntelliJ or Android Studio. If you have problems such as classpath or buildpath errors, for example, the IDE cannot build the files needed to submit a scan to Veracode Greenlight.
- You have imported your files into IntelliJ or Android Studio using the specific plugin for your third-party build tool.
- Your project includes a build.gradle file, for Gradle, or a .pom file, for Maven. When opening but not importing projects, the IDE generates the project configurations.
- For Gradle, consider synchronizing your project with your IDE before scanning. If you notice errors during scanning, synchronizing your projects might resolve these errors.
- Veracode recommends that you select the option in your IDE to build automatically and, then, resolve any blocking build errors.
- You must have the Greenlight IDE User role.
-
Select . Alternatively, you can click the green V icon
in the menu
bar or use the shortkey Ctrl+Shift+G.
You can also right-click a package file and select to scan all files contained in the package.
1 Non-minified code has not
had unnecessary characters such as white space, new lines, comments, and block delimiters
removed.