Skip to main content

Greenlight for IntelliJ

Veracode Greenlight for IntelliJ is a plugin for running Greenlight scans in IntelliJ IDEA or Android Studio. Greenlight is designed to scan a file or small package. For this reason, initiating a scan at the project level is restricted. For project-level scans, run a Static Analysis in the Veracode Platform.

In addition to using Greenlight for IntelliJ, Veracode recommends that you perform a full static analysis scan using the Veracode Platform or the Greenlight for IntelliJ to achieve comprehensive coverage, actionable results, and policy-level reporting to determine application production readiness.

The Veracode Greenlight plugin has minimal impact to your local system. If your environment is outside the above requirements, and you are interested in using the Veracode Greenlight plugin, email [email protected] regarding your interest, your IDE tools, IDE version, and programming languages you use in your job.

The Greenlight plugin uses these two certificates that are signed by a certificate authority: and

Supported versions

IntelliJ IDEA Ultimate or Community 2019.3–2022.2

Supported languages and frameworks

  • Java 8, 11, 17
  • JavaScript
  • Apache Tomcat JSP (IntelliJ only)

For more details, see the supported JavaScript libraries and technologies or the supported Java frameworks.

Kotlin is not supported.

Supported files

  • Java classes that compile successfully. If the classes do not compile successfully, the plugin does not include them in the scan.
  • Top-level packages that contain other packages, as well as non-minified JavaScript files.
  • Non-minified code has not had unnecessary characters such as white space, new lines, comments, and block delimiters removed.
  • JavaScript embedded in these file types: ASP, CSS, EHTML, ES, ES6, HANDLEBARS, HBS, HJS, HTM, HTML, JS, JSON, JSP (IntelliJ only), JSX, MAP, MUSTACHE, PHP, TS, TSX, and XHTML.