Working with the Veracode Results in Eclipse

IDEs

After downloading the Veracode scan results, they appear in the Results view in Eclipse.

To be able to see Veracode results, you must have the Results API role. To mitigate flaws, you must have the Mitigation API role. If you do not see the Results view, you can access it from:
  • Window > Show View > Other > Veracode Views > Results
  • Window > Open Perspective > Other > Veracode
The Results view lists information about each flaw, including the CWE ID, category, module name, folder path (if available), filename, function name, attack vector, line number, count, severity, exploitability, remediation effort, remediation status and mitigation status. To view additional columns or hide columns, click the down arrow in the upper-right corner of the Results view and hover over Show Columns.


When the Veracode results open in the Results view, you can double-click one of the entries to open the source file. Scroll the viewer window to highlight the flaw location if the source file is in an open Eclipse project in the current workspace.

Viewing Flaw Details

Select an entry in the Results view to view detailed flaw information in the Flaw Details view. If you do not see the Flaw Details view, you can access it from:
  • Window > Show View > Other > Veracode Views > Flaw Details
  • Window > Open Perspective > Other > Veracode


Alternatively, if the Results view is open and contains flaw data, you can right-click an entry and select Show Details.

Viewing Call Stacks

  1. Select a flaw entry in the Results view.
  2. Right-click the selected row and select Show Call Stacks to download the call stacks for that flaw.
  3. After downloading the call stacks, double-click the entry in the Call Stacks view to open the source file.
  4. Scroll the window to highlight the location of the flaw within the source file.


    If the source file does not open because it is not part of a current workspace in an Eclipse project, you can add references to that file.

Viewing Mitigations

  1. Select a flaw entry in the Results view.
  2. Right-click the selected row and select Show Mitigations to view the mitigation information for that flaw.

Mitigating Flaws

To propose, accept, or reject mitigations:
  1. Open the scan results report and go to the Results view.
  2. Select the entry for the flaw you want to update and select a mitigation action.
  3. Click Mitigate and add comments. If you have a Mitigation Proposal Review (MPR) subscription, you enter your mitigation proposal using the TSRV format.
  4. Click Continue.
If you encounter an access denied error message when attempting to mitigate a flaw, check for these issues, resolve them, and try to mitigate again:
  • There is a policy or sandbox scan in progress for the application.
  • You are not working with the most recent scan results.
  • You do not have the Mitigation API role.
  • Another user has locked a flaw in the Veracode Platform.