Skip to main content

Greenlight for IntelliJ


Veracode has deprecated Greenlight for IntelliJ and will only update it for maintenance releases. To continue running static analysis scans at the file level, migrate to Veracode Scan for JetBrains.

Veracode Greenlight for IntelliJ is a plugin for running Greenlight scans in IntelliJ IDEA or Android Studio. Greenlight is designed to scan a file or small package. For this reason, initiating a scan at the project level is restricted. For project-level scans, run a Static Analysis in the Veracode Platform.

In addition to using Greenlight for IntelliJ, Veracode recommends that you perform a full static analysis scan using the Veracode Platform or the Greenlight for IntelliJ to achieve comprehensive coverage, actionable results, and policy-level reporting to determine application production readiness.

The Veracode Greenlight plugin has minimal impact to your local system. If your environment is outside the above requirements, and you are interested in using the Veracode Greenlight plugin, email [email protected] regarding your interest, your IDE tools, IDE version, and programming languages you use in your job.

The Greenlight plugin uses these two certificates that are signed by a certificate authority: and

Supported versions

Veracode has tested the following versions, but the integration might work with other versions.

IntelliJ IDEA Ultimate or Community 2019.3–2023.1

Supported languages and frameworks

Veracode has tested the following versions (if listed), but the integration might work with other versions.

  • Java 8, 11, 17
  • JavaScript
  • Apache Tomcat JSP (IntelliJ only)

For more details, see the supported JavaScript libraries and technologies or the supported Java frameworks.

Kotlin is not supported.

Supported files

  • Java classes that compile successfully. If the classes do not compile successfully, the plugin does not include them in the scan.
  • Top-level packages that contain other packages, as well as non-minified JavaScript files.
  • Non-minified code has not had unnecessary characters such as white space, new lines, comments, and block delimiters removed.
  • JavaScript embedded in these file types: ASP, CSS, EHTML, ES, ES6, HANDLEBARS, HBS, HJS, HTM, HTML, JS, JSON, JSP (IntelliJ only), JSX, MAP, MUSTACHE, PHP, TS, TSX, and XHTML.