You can scan your Java or JavaScript code, including a package file containing code, directly within your IDE.
Before You Begin
You meet the Greenlight prerequisites.
Steps
-
Open the project and select the Java or JavaScript file you want to scan.
-
Select Veracode Greenlight > Scan with Greenlight, or use the shortkey, Ctrl+6.
You can also right-click a package file and select Veracode Greenlight > Scan with Greenlight to scan all files contained in the package.
-
After the scan is complete, review the security findings on the Veracode Greenlight tab.
The Veracode Greenlight results are summarized in the Findings subtab. In the Best Practices subtab, Veracode indicates the CWEs protected against in the code. The scan level indicates whether Veracode scanned at the package level or file level.
-
Double-click a finding to locate the issue in the specific line of code in the scanned file.
-
Alternatively, right-click a finding to see the actions you can choose: open the finding in the scanned file, show the finding details in a separate Details pane, or filter by severity or CWE.
Results
The details for each finding provide information about the CWE and specific remediation advice on what you can do to fix the code.
Log file location for the scan:
- On Windows:
C:\users\username\AppData\Local\Temp\ - On Linux:
/tmp - On macOS, run this command in your terminal:
open $TMPDIR
To clear all the results of the Veracode Greenlight scan, click the eraser icon in the top-right corner or use the shortkey, Ctrl+0.