Skip to main content

Veracode Greenlight for IntelliJ

Veracode Greenlight for IntelliJ is a plugin for running Greenlight scans in IntelliJ IDEA or Android Studio. The plugin supports all Java platforms and frameworks listed in Packaging Java Applications.

Veracode Greenlight is designed to scan a file or small package. For this reason, initiating a scan at the project level is restricted. For project-level scans, use Veracode Static Analysis.


Kotlin is not supported.

Greenlight for IntelliJ can only scan Java classes that compile correctly and ignores all other files. It can also scan top-level packages that contain other packages, as well as non-minified JavaScript files. Non-minified code has not had unnecessary characters such as white space, new lines, comments, and block delimiters removed.

It is only possible to scan JavaScript embedded in these file types: ASP, CSS, EHTML, ES, ES6, HANDLEBARS, HBS, HJS, HTM, HTML, JS, JSON, JSP (IntelliJ only), JSX, MAP, MUSTACHE, PHP, TS, TSX, and XHTML.

The Greenlight plugin uses these two certificates that are signed by a certificate authority: and

In addition to using Greenlight for IntelliJ, Veracode recommends that you perform a full static analysis scan using the Veracode Platform or the Greenlight for IntelliJ to achieve comprehensive coverage, actionable results, and policy-level reporting to determine application production readiness.


The Veracode Greenlight plugin has minimal impact to your local system. If your environment is outside the above requirements, and you are interested in using the Veracode Greenlight plugin, email [email protected] regarding your interest, your IDE tools, IDE version, and programming languages you use in your job.