Understanding Greenlight Technical Requirements

Veracode Greenlight

Veracode Greenlight for Android Studio is designed to scan a file or small package. For this reason, initiating a scan at the project level is restricted. For project-level scans, use Veracode Static Analysis.

Greenlight for Android Studio supports Java, JavaScript, and the Java platforms and frameworks listed in the Compilation Instructions for Java.

Greenlight for Android Studio can only scan Java classes that compile correctly and ignores all other files. It can also scan top-level packages that contain other packages, as well as non-minified1 JavaScript files. It is only possible to scan JavaScript embedded in the following file types: ASP, CSS, EHTML, ES, ES6, HANDLEBARS, HBS, HJS, HTM, HTML, JS, JSON, JSP, JSX, MAP, MUSTACHE, PHP, TS, TSX, and XHTML.

You can submit a package that contains both Java and JavaScript files, but only the Java files are scanned and the JavaScript files are ignored. Then, you can either scan the JavaScript files one by one, or move them to a folder that only contains JavaScript files, which you can then submit for scanning.

The Veracode Greenlight plugin uses the following two certificates that are signed by a certificate authority: downloads.veracode.com and api.veracode.com.

In addition to using Greenlight for Android Studio, Veracode recommends that you perform a full static analysis scan using the Veracode Platform to achieve comprehensive coverage, actionable results, and policy-level reporting to determine application production readiness.

Note: The Greenlight for Android Studio plugin has minimal impact to your local system. If your environment does not meet the above requirements and you are interested in the Veracode Greenlight plugin, email support@veracode.com regarding your interest, and the IDE tools, IDE version, and programming languages you use in your job.

Supported Operating Systems

Greenlight for Android Studio supports the following versions of these operating systems:
  • Windows 7 or later
  • MacOS 10.12 Sierra or 10.13 High Sierra
  • Red Hat Enterprise Linux 7 or later

Prerequisites

Review the following technical requirements before you begin to configure and use the plugin.
  • You must have the following installed on your desktop:
    • Android Studio 3.0 or later
    • Java version: Java 8
  • The following code must compile successfully:
    • The source code to be scanned (Java file)
    • The source code containing the module to be scanned
    • Any dependency modules
  • To scan package files, you must be in the Project or Android explorer view.
  • Your IDE is connected to the public internet.
  • Your scan submission is not larger than 1 MB.
  • If you use a proxy, you have configured your Android Studio proxy settings.
1 Non-minified code has not had unnecessary characters such as white space, new lines, comments, and block delimiters removed.