Using Veracode Static for Visual Studio


Veracode Static for Visual Studio is an extension for Microsoft Visual Studio. You use the extension to assist with compiling your applications and uploading them to Veracode for static analysis.

For a list of the supported versions of Visual Studio, see the Veracode-Authored Integrations page.

Note: You use the extension to upload compiled binaries. You must upload any JavaScript code separately, as described in the compilation instructions.


You must have Veracode API credentials.

You must have one of these account types:
  • A user account with these roles:
    • Creator or Security Lead role to create builds of your applications with the necessary Veracode settings
    • Submitter role to upload scans to Veracode
    • Sandbox User role to create sandboxes to use with the extension
    • Reviewer role to check scan completion, propose mitigations, and import results to Visual Studio
    • Mitigation Approver role to approve mitigations
  • An API service account with these API roles:
    • Upload and Scan API to create application profiles, create sandboxes, and upload and scan applications
    • Upload API - Submit Only to submit scans
    • Mitigation API to mitigate flaws found in applications
    • Results API to download, import, and view Veracode results
If you do not have an account with these roles, you receive access denial errors.