Working with Veracode Results from Within IntelliJ

IDEs

After downloading the Veracode scan results, they appear in the Results view in IntelliJ.

To be able to see Veracode results, you must have the Results API role. To mitigate findings, you must have the Mitigation API role.
The Results view lists information about each finding, including the CWE ID, category, module name, folder path (if available), filename, function name, attack vector, line number, count, severity, exploitability, remediation effort, remediation status and mitigation status. To view additional columns or hide columns, click the icon to the right of the columns.


When the Veracode results open in the Results view, you can double-click one of the entries to open the source file. If the source file is in the current workspace and open in an IntelliJ project, scroll the viewer window to highlight the location of the finding.

Viewing Finding Details

Select an entry in the Results view to see detailed finding information in the Flaw Detail view. If the Flaw Detail view is not visible, you can click Flaw Detail at the bottom of the window:



Alternatively, if the Results view is open and contains finding data, right-click a finding and select Show Details.

Viewing Call Stacks

To view call stacks for a finding:

  1. Select a finding in the Results view.
  2. Right-click the selected row and, then, select Show Call Stacks to download the call stacks for that finding.
  3. In the Call Stacks view, double-click the finding to open the source file.


  4. Scroll the window to highlight the location of the finding within the source file.

    If the source file does not open, because it is not referenced in an IntelliJ project that is part of the current workspace, you can add references to that file.

Viewing Mitigations

To review mitigations:

  1. Select a finding in the Results view.
  2. Right-click the selected row and, then, select Show Mitigations to view the mitigation information for the selected finding.

Mitigating Findings

To propose, accept, or reject mitigations:
  1. Open the scan results report and go to the Results view.
  2. Select the entry for the finding you want to update and select a mitigation action.
  3. Click Mitigate and add comments. If you have a Mitigation Proposal Review (MPR) subscription, you enter your mitigation proposal using the TSRV format.
  4. Click Continue.