Understanding Greenlight Technical Requirements

Veracode Greenlight

Veracode Greenlight for Eclipse is designed to scan a file or small package. For this reason, initiating a scan at the project level is restricted. For project-level scans, use Veracode Static Analysis.

Greenlight for Eclipse supports Java and the Java platforms and frameworks listed in the Compilation Instructions for Java.

Greenlight for Eclipse can scan:
  • Java files and packages that compile correctly in Java projects.
  • JavaScript embedded in the following file types: ASP, CSS, EHTML, ES, ES6, HANDLEBARS, HBS, HJS, HTM, HTML, JS, JSX, JSON, JSP, MAP, MUSTACHE, PHP, TS, TSX, XHTML.
  • Java Server Page (JSP) files and folders that contain JSP files.
  • Non-minified1 JavaScript files and folders containing JavaScript files in JavaScript projects.

Veracode Greenlight uses the following two certificates that are signed by a certificate authority: downloads.veracode.com and api.veracode.com.

Note: The Greenlight for Eclipse plugin has minimal impact to your local system. If your environment is outside of the above requirements and you are interested in the Veracode Greenlight plugin, email support@veracode.com regarding your interest, and your IDE tools, IDE version, and programming languages you use in your job.

Supported Operating Systems

Greenlight for Eclipse supports the following versions of these operating systems:
  • Windows 7 and later
  • MacOS 10.12 Sierra and 10.13 High Sierra
  • Red Hat Enterprise Linux 7 and later


Before you begin to configure and use Veracode Greenlight for Eclipse, ensure you meet the following technical requirements:
  • You must have one of the following IDEs installed:
    • Eclipse IDE 4.4.2 or later
    • IBM Rational Application Developer (RAD) or later
    • Spring Tool Suite (STS) 3.9.0 or later

      If you are using Eclipse IDE 4.7 or later and have the STS plugin installed, you can also use Greenlight for Eclipse.

    • Java Developer Tools, JavaScript Developer Tools, Java EE Developer Tools, and Tomcat 7 if you want to scan JSP files.
    Note: Both Eclipse IDE and RAD require Java 7 or later to be installed.
  • Your code must compile successfully.
  • Your IDE is connected to the public internet.
  • Your scan submission is not larger than 1 MB.
  • If you use a proxy, you have configured your Eclipse proxy settings.

In addition to using Greenlight for Eclipse, Veracode recommends that you perform a full static analysis scan using the Veracode Platform or the Veracode Eclipse Plugin to achieve comprehensive coverage, actionable results, and policy-level reporting to determine application production readiness.

Scanning JSP Files from a Tomcat Server

If you are using Greenlight for Eclipse in Eclipse via Apache Tomcat to scan JSP files, you must configure the local Tomcat server and deploy the project to that server. You must also make an HTTP request to that Tomcat server for each JSP resource you want to scan. These steps are necessary to enable the Tomcat application server to parse and compile the Java embedded in the JSP and create a class file for Veracode Greenlight to submit for scanning.

Scanning JSP Files from a WebSphere Server

If you are using Greenlight for Eclipse in IBM RAD via WebSphere to scan JSP files, you must first:
  • Clean the server of data and restart the server in debug mode. Review your WebSphere documentation for information on how to do these tasks.
  • Configure the local WebSphere server with the following JSP engine configuration parameters for the project:
    • jsp-attribute name="keepgenerated" value="false" /
    • jsp-attribute name="keepGeneratedclassfiles" value="false" /
    • jsp-attribute name="deleteClassFilesBeforeRecompile" value="true" /

Before you start a scan in IBM RAD via WebSphere, you must

1 Non-minified code has not had unnecessary characters such as white space, new lines, comments, and block delimiters removed.