Reviewing Veracode Greenlight Results

Veracode Greenlight

After the scan is complete, review the security findings on the Veracode Greenlight tab.

The results of your Veracode Greenlight scan are summarized in the Findings subtab. The scan level indicates if the scan occurred at the package or file level. Results that identify coding best practices are summarized in the Best Practices subtab, listing the CWEs protected against in the code.

The colored lines in the right margin of the results indicate where findings and best practices are present. The colors coordinate with the finding severity type: Very High, High, Medium, and Low. The contents of any line of code containing a finding are highlighted in red. Best practices are indicated by a green underline in that line of code.

You have the ability to indicate the presence of findings in your files by underlining in red the filename tab for the respective file. To configure this setting, go to Settings > Veracode Greenlight and select the checkbox in the Settings section.

To review the details of each finding:
  • Hover over any of the colored text to see a quick outline of the severity, the CWE ID and name, and a link to the details of the finding.
  • Double-click a finding listed in the Findings tab to locate the issue in the specific line of code in the Java file.

For each finding listed in the Findings tab, in the Actions column, click Details to read more about the finding, the associated CWE, and recommended remediation steps.

Click the rescan icon to rescan the current file, or use the clear icon to clear all the results in the Findings tab.