You can scan your Java or JavaScript code, including a package
file containing code, directly within your IDE.
- On Windows, the log file is in the Temp folder here:
C:\users\username\AppData\Local\Temp\
- On Linux, the log file is in the tmp folder here:
/tmp
- On macOS, run this command in your terminal: open
$TMPDIR
To start a Veracode Greenlight scan in your IDE:
-
Open the project and select the Java or JavaScript file you want to scan.
-
Select , or use the shortkey, Ctrl+6.
You can also right-click a package file and select to scan all files contained in the package.
-
After the scan is complete, review the security findings on the
Veracode Greenlight tab.
The Veracode Greenlight results are summarized in the
Findings subtab. In the Best
Practices subtab, Veracode indicates the CWEs protected against
in the code. The scan level indicates whether Veracode scanned at the package
level or file level.
-
Double-click a finding to locate the issue in the specific line of code in the
scanned file.
-
Alternatively, right-click a finding to see the actions you can choose: open
the finding in the scanned file, show the finding details in a separate Details
pane, or filter by severity or
CWE.
The details for each finding provide information about the CWE and
specific remediation advice on what you can do to fix the code.
To clear all the
results of the Veracode Greenlight scan, click the eraser icon in the
top-right corner or use the shortkey, Ctrl+0.