Skip to main content

Greenlight for VS Code

note

Veracode has deprecated Greenlight for VS Code and will only update it for maintenance releases. To continue running static analysis scans at the file level, migrate to Veracode Scan for VS Code.

Veracode Greenlight for VS Code is an extension for Microsoft Visual Studio Code. You can use the extension to run Veracode Greenlight scans of your code at the file level.

Veracode Greenlight for VS Code has specific software and hardware requirements:

Supported versions

Veracode has tested the following versions, but the integration might work with other versions.

VS Code 1.73–1.83

Supported languages and frameworks

Veracode has tested the following versions (if listed), but the integration might work with other versions.

  • JavaScript
  • TypeScript
  • .NET 5.x and 7.x
  • For C# only: .NET Core 1.0, 1.1, 2.0-2.2, 3.0-3.1

For more details, see the supported JavaScript libraries and technologies or the supported Java frameworks.

Install the VS Code extension

You can install Veracode Greenlight for VS Code from the Microsoft Marketplace.

If you experience any issues during the installation, you can try to resolve them by clearing the cache folder for the extension.

Before you begin:

Before you begin, you must have:

To complete this task:

  1. In Visual Studio Code, select View > Extensions.
  2. In the Search Extension in Marketplace field, search for Veracode Greenlight for VS Code.
  3. Select Veracode Greenlight for VS Code.
  4. Select Install.
  5. Select Reload.

Prevent caching issues during the installation

You can clear the VS Code extension cache folder if you experience issues when installing or updating a new VSIX file.

To complete this task:

  1. Navigate to C:\Users\{username}\.vscode\extensions
  2. Delete all files in the folder.

Scan your project

You can use Veracode Greenlight for VS Code to scan either a single file or all files in a folder.

The C# for Visual Studio Code extension enables C# compilation for Visual Studio Code. Veracode Greenlight for VS Code uses the extension to generate binaries for Greenlight scans.

Before you begin:

  • Confirm that you meet the Greenlight prerequisites.
  • To avoid caching issues, ensure any files you want to scan are not currently open in the editor. Close the open files and re-open a folder from the activity bar.
  • Before you can scan C# projects, you must install the C# for Visual Studio Code extension.

To complete this task:

  1. Select Open Folder from the Visual Studio Code Explorer menu.

  2. Select a folder or a file.

  3. Choose one of the following options to start the scan:

    • Select the V icon.
    • Use the shortkey, Ctrl+Shift+\.
    • Right-click the file and select Scan with Greenlight.
    • Open the Command Palette and enter Veracode: Scan with Greenlight.

Enable auto-scan

You can enable auto-scan to have Veracode Greenlight automatically scan any file that is in focus in your IDE as soon as you save it, as long as the file compiles successfully.

Before you begin:

Confirm that you meet the Greenlight prerequisites.

You can use the auto-scan feature only if a network connection is available. Otherwise, Veracode Greenlight for VS Code logs an information message that the feature is disabled.

Scans that you start yourself manually take precedence over scans that start automatically. Greenlight never initiates a new automatic scan while another scan is already running, whether it is an automatic scan or one you started yourself.

When a scan is ongoing, Greenlight adds newly saved files to a queue in the order that they are saved.

The Veracode scan queue shows the priority in which Greenlight scans the files. Because manually initiated scans always take precedence, the queue only shows automatically initiated scans. The scans in the queue occur 30 seconds apart as long as the files compile successfully. If a file does not compile, a message appears in the log file and Greenlight does not scan the file.

To complete this task:

  1. In VS Code, select Manage and select Settings.
  2. Select User > Extensions > Veracode.
  3. Select Automatically scan files with Veracode Greenlight when they are saved.

About the scan queue

When you change and save two or more files at the same time, the first saved file enters the queue for scanning and the next saved file enters the queue for auto-scanning until scanning of the first file completes.

If you change multiple files, they are set to scan in the order that you save them. New files are placed at the bottom of the list when they are queued to scan respectively while the next file to be scanned is at the top of the list.

The scan queue shows the files in the order that they are queued.

Review findings

After Veracode Greenlight for VS Code has scanned a file, a line of code with an issue is underlined red with a red icon at the right of the line of code. The green text indicates code that complies with best practices and is protected against specific CWEs.

You can use the View in Source Code function to link from the Veracode-identified findings to the lines in the source code where the issue is located.

Before you begin:

You have scanned your project.

To complete this task:

  1. In VS Code, open the Veracode Findings pane.
  2. Select View in source code located in front of the CWE or under the collapsed CWE findings.

Filter findings

You can filter results in VS Code so that you can focus on the findings that are the most relevant and important to you.

The filter action is local to you to be able to filter out findings in the Greenlight results based on severity or CWE type. You can clear a filter at any time and all filters are cleared when you restart the IDE.

Before you begin:

You have scanned your project.

To complete this task:

  1. Select filter . The Veracode Filters and Settings page opens.
  2. Select the checkboxes for the types of severities to exclude from the list. The number of findings updates in the Findings column.

Ignore findings

You can ignore findings from Greenlight scans in VS Code to temporarily remove them from the scan results. For example, you might want to ignore findings that continually appear in your results.

Before you begin:

You have scanned your project.

To complete this task:

  1. In VS Code, in the Veracode Findings window, expand the severity category of the finding you want to ignore.
  2. Expand the finding you want to ignore.
  3. Select Ignore this finding. The ignored finding moves from the Findings list to the Ignored Findings list.

Stop ignoring findings

You can stop ignoring specific findings in VS Code so that Greenlight can discover them during scanning.

Before you begin:

You have scanned your project.

To complete this task:

  1. In VS Code, go to the Veracode Greenlight Findings window.
  2. In the Ignore column, next to an ignored finding, select Show.

Greenlight commands

You can run Veracode commands from the Command Palette in VS Code.

Before you begin:

Confirm that you meet the Greenlight prerequisites.

Commands

Veracode: Scan with Greenlight: scans the active file.

Veracode: Clear Findings: clears Greenlight findings, best practices, and ignored findings.

Veracode: Filter Findings: opens the Veracode Filters and Settings editor.

View the debug logs

You can view debug logs to troubleshoot issues on your own or provide them to Veracode Technical Support.

Before you begin:

You have scanned your project.

To complete this task:

  1. From the top menu, select View > Output. The OUTPUT console appears at the bottom of your IDE.
  2. From the top-right of the OUTPUT console, select the dropdown menu and select Veracode Greenlight. Your debug log output information appears.

Uninstall the VS Code extension

You can uninstall Veracode Greenlight for VS Code like any other VS Code extension.

To complete this task:

  1. In VS Code, select View > Extensions > @installed.
  2. Select Veracode Greenlight for VS Code.
  3. Select Uninstall.
  4. Select Reload Required.
Last updated on