Veracode Greenlight is designed to scan a file or small package. For this reason, initiating a scan at the project level is restricted. For project-level scans, use Veracode Static Analysis.
In addition to using Greenlight for Android Studio, Veracode recommends that you perform a full static analysis using the Veracode Platform or Veracode Greenlight to achieve comprehensive coverage, actionable results, and policy-level reporting to determine application production readiness.
Veracode Greenlight uses these two certificates that are signed by a certificate authority: downloads.veracode.com and api.veracode.com.