Veracode Greenlight for Eclipse is designed to scan a file or small package. For this reason, initiating a scan at the project level is restricted. For project-level scans, use Veracode Static Analysis.
Greenlight for Eclipse supports Java and the Java platforms and frameworks listed in the Compilation Instructions for Java.
- Java files and packages that compile correctly in Java projects.
- Java Server Page (JSP) files and folders that contain JSP files.
Veracode Greenlight uses the following two certificates that are signed by a certificate authority: downloads.veracode.com and api.veracode.com.
Supported Operating Systems
- Windows 7 and later
- MacOS 10.12 Sierra and 10.13 High Sierra
- Red Hat Enterprise Linux 7 and later
- You must have one of the following IDEs installed:
Note: Both Eclipse IDE and RAD require Java 7 or later to be installed.
- Eclipse IDE 4.4.2 or later
- IBM Rational Application Developer (RAD) 184.108.40.206 or later
- Spring Tool Suite (STS) 3.9.0 or later
If you are using Eclipse IDE 4.7 or later and have the STS plugin installed, you can also use Greenlight for Eclipse.
- Your code must compile successfully.
- Your IDE is connected to the public internet.
- Your scan submission is not larger than 1 MB.
- If you use a proxy, you have configured your Eclipse proxy settings.
Before scanning a JSP file, you must configure a local Tomcat server and deploy the project to that server. You must also make an HTTP request to that Tomcat server for each JSP resource you want to scan. These steps are necessary to enable the Tomcat application server to parse and compile the Java embedded in the JSP and create a CLASS file for Veracode Greenlight to submit for scanning.
In addition to using Greenlight for Eclipse, Veracode recommends that you perform a full static analysis scan using the Veracode Platform or the Veracode Eclipse Plugin to achieve comprehensive coverage, actionable results, and policy-level reporting to determine application production readiness.