Veracode Greenlight for Eclipse is designed to scan a file or small package. For this reason, initiating a scan at the project level is restricted. For project-level scans, use Veracode Static Analysis.
Greenlight for Eclipse supports Java and the Java platforms and frameworks listed in the Compilation Instructions for Java.
- Java files and packages that compile correctly in Java projects.
- Java Server Page (JSP) files and folders that contain JSP files.
Veracode Greenlight uses the following two certificates that are signed by a certificate authority: downloads.veracode.com and api.veracode.com.
Supported Operating Systems
- Windows 7 and later
- MacOS 10.12 Sierra and 10.13 High Sierra
- Red Hat Enterprise Linux 7 and later
- You must have one of the following IDEs installed:
Note: Both Eclipse IDE and RAD require Java 7 or later to be installed.
- Eclipse IDE 4.4.2 or later
- IBM Rational Application Developer (RAD) 220.127.116.11 or later
- Spring Tool Suite (STS) 3.9.0 or later
If you are using Eclipse IDE 4.7 or later and have the STS plugin installed, you can also use Greenlight for Eclipse.
- Your code must compile successfully.
- Your IDE is connected to the public internet.
- Your scan submission is not larger than 1 MB.
- If you use a proxy, you have configured your Eclipse proxy settings.
In addition to using Greenlight for Eclipse, Veracode recommends that you perform a full static analysis scan using the Veracode Platform or the Veracode Eclipse Plugin to achieve comprehensive coverage, actionable results, and policy-level reporting to determine application production readiness.
Scanning JSP Files from a Tomcat Server
If you are using Greenlight for Eclipse in Eclipse via Apache Tomcat to scan JSP files, you must configure the local Tomcat server and deploy the project to that server. You must also make an HTTP request to that Tomcat server for each JSP resource you want to scan. These steps are necessary to enable the Tomcat application server to parse and compile the Java embedded in the JSP and create a class file for Veracode Greenlight to submit for scanning.
Scanning JSP Files from a WebSphere Server
- Clean the server of data and restart the server in debug mode. Review your WebSphere documentation for information on how to do these tasks.
- Configure the local WebSphere server with the following JSP engine
configuration parameters for the project:
- jsp-attribute name="keepgenerated" value="false" /
- jsp-attribute name="keepGeneratedclassfiles" value="false" /
- jsp-attribute name="deleteClassFilesBeforeRecompile" value="true" /
Before you start a scan in IBM RAD via WebSphere, you must