Reviewing Findings in Greenlight for Visual Studio

Veracode Greenlight

After Veracode Greenlight for Visual Studio has scanned the file, the red underlining of code identifies where there is an issue, as does the red icon at the right end of the line of code. Green text shows the best practices, which identify which CWEs were protected against in the code.

Note: Veracode recommends that you dock the Veracode Greenlight Findings pane below the Visual Studio code editor pane.
At the top of the Veracode Greenlight Findings tab, the flaws are grouped and counted by severity and best practice. The scan level indicates if the scan was done at the package or file level. From this tab you can:
  • Toggle the severity counts to filter the findings by severity grouping: Very High, High, Medium, Low, Very Low, or Info.
  • Use the filter icon in the CWE ID to filter by CWE.
  • Click the link in the line column to locate the issue in the specific line of code in the file.
  • Click Details to show the flaw details in a separate findings pane.
  • Click Ignore if you do not want Veracode Greenlight to show the flaw in future scan findings.
  • Clear all the findings of the Veracode Greenlight scan by clicking the eraser icon in the top-right corner or using the shortkey, Ctrl+Shift+\.
  • Hover over the orange circle icon at the beginning of a line of code to show the details of the flaw in that line.