Scan with Veracode Greenlight for Android Studio

Veracode Greenlight

The Veracode Greenlight for Android Studio plugin requires compilable Java files that successfully built into Java class files. If you are unable to scan with Greenlight for Android Studio, ensure you have a Java class file built for the Java file you want to scan.

To perform this task, you must have the Greenlight IDE User role.

Before you scan, Veracode recommends that you select Build Automatically for your project in the Project menu, and you have resolved any blocking build errors. A scan times out after one minute if there are any issues.

Note: You can submit a package that contains both Java and JavaScript files, but only the Java files are scanned and the JavaScript files are ignored. You can either scan the JavaScript files one by one, or move them to a folder that only contains JavaScript files, which you can then submit for scanning.
To start a Veracode Greenlight scan in IntelliJ:
  1. Open the project and select the Java or JavaScript file you want to scan.
  2. Select Tools > Veracode Greenlight > Scan with Greenlight. Alternatively, you can click the green V icon in the menu bar or use the shortkey Ctrl+Shift+G.
    You can also right-click a package file and select Veracode Greenlight > Scan with Greenlight to scan all files contained in the package.
  3. After the scan is complete, review the security findings on the Veracode Greenlight tab.
    The Veracode Greenlight results are summarized in the Findings subtab. In the Best Practices subtab, Veracode indicates the CWEs protected against in the code. The scan level indicates whether Veracode scanned at the package level or file level.
  4. Double-click a finding to locate the issue in the specific line of code in the scanned file.
  5. Alternatively, right-click a finding to see the actions you can choose: open the finding in the scanned file, show the finding details in a separate Details pane, or filter by severity or CWE.