Veracode Greenlight is designed to scan a file or small package. For this reason, initiating a scan at the project level is restricted. For project-level scans, use Veracode Static Analysis.
Greenlight for IntelliJ can only scan Java classes that compile correctly and ignores all other files. It can also scan top-level packages that contain other packages, as well as non-minified1 JavaScript files. It is only possible to scan JavaScript embedded in these file types: ASP, CSS, EHTML, ES, ES6, HANDLEBARS, HBS, HJS, HTM, HTML, JS, JSON, JSP (IntelliJ only), JSX, MAP, MUSTACHE, PHP, TS, TSX, and XHTML.
The Veracode Greenlight plugin uses these two certificates that are signed by a certificate authority: downloads.veracode.com and api.veracode.com.
In addition to using Greenlight for IntelliJ, Veracode recommends that you perform a full static analysis scan using the Veracode Platform or the Greenlight for IntelliJ to achieve comprehensive coverage, actionable results, and policy-level reporting to determine application production readiness.
Greenlight for IntelliJ has minimal impact to your local system. If you want to use Greenlight for IntelliJ, but your environment is outside of the above requirements, you can email [email protected] with details about your IDE tools, IDE version, and programming languages you use.