Understanding Greenlight for IntelliJ Technical Requirements

Veracode Greenlight

Veracode Greenlight is designed to scan a file or small package. For this reason, initiating a scan at the project level is restricted. For project-level scans, use Veracode Static Analysis.

You can install Greenlight for IntelliJ as a plugin in both IntelliJ IDEA and Android Studio. The plugin supports all Java platforms and frameworks listed in Packaging Java Applications.
Note: Kotlin is not supported.

Greenlight for IntelliJ can only scan Java classes that compile correctly and ignores all other files. It can also scan top-level packages that contain other packages, as well as non-minified1 JavaScript files. It is only possible to scan JavaScript embedded in these file types: ASP, CSS, EHTML, ES, ES6, HANDLEBARS, HBS, HJS, HTM, HTML, JS, JSON, JSP (IntelliJ only), JSX, MAP, MUSTACHE, PHP, TS, TSX, and XHTML.

The Veracode Greenlight plugin uses these two certificates that are signed by a certificate authority: downloads.veracode.com and api.veracode.com.

In addition to using Greenlight for IntelliJ, Veracode recommends that you perform a full static analysis scan using the Veracode Platform or the Greenlight for IntelliJ to achieve comprehensive coverage, actionable results, and policy-level reporting to determine application production readiness.

Greenlight for IntelliJ has minimal impact to your local system. If you want to use Greenlight for IntelliJ, but your environment is outside of the above requirements, you can email [email protected] with details about your IDE tools, IDE version, and programming languages you use.

1 Non-minified code has not had unnecessary characters such as white space, new lines, comments, and block delimiters removed.