Scan with Veracode Greenlight for Eclipse

Veracode Greenlight

You can scan your code directly within the Eclipse IDE.

Before you begin

  • The Veracode Greenlight for Eclipse plugin requires compilable Java files that successfully build into Java class files. To ensure your Greenlight for Eclipse scan succeeds, verify that you have a Java class file built for the Java file you want to scan. Greenlight for Eclipse supports the scanning of non-minified1 JavaScript files.
  • Veracode recommends that you select Build Automatically for your project in the Project menu, and resolve any blocking build errors before you scan.
  • To run this task, you must have the Greenlight IDE User role.

About this task

To manually start a Veracode Greenlight scan:

Procedure

  1. Open the project and select the Java or JavaScript file you want to scan.
  2. To start a Greenlight scan, go to Veracode Greenlight > Scan with Greenlight, or use the shortkey, Ctrl+6.
  3. After the scan is complete, review the security findings on the Veracode Greenlight tab.
    The Veracode Greenlight results are summarized in a subtab called Findings. In the Best Practices subtab, Veracode indicates the CWEs protected against in the code. The scan level indicates if the scan was done at the package or file level.
  4. Double-click a finding to locate the issue in the specific line of code in the scanned file.
  5. Alternatively, right-click a finding to see the actions you can choose: open the finding in the scanned file, show the finding details in a separate Details pane, or filter by severity or CWE.


Results

The details for each finding provide information about the CWE and specific remediation advice on what you can do to fix the code.

To clear all the results of the Veracode Greenlight scan, click the eraser icon in the top-right corner or use the shortkey, Ctrl+0.

1 Non-minified code has not had unnecessary characters such as white space, new lines, comments, and block delimiters removed.