Working with the Veracode Results in IntelliJ


After downloading the Veracode scan results, they appear in the Results view in IntelliJ.

To be able to see Veracode results, you must have the Mitigation API role to be able to mitigate flaws using the Veracode IntelliJ Plugin.

The Results view lists information about each flaw, including the CWE ID, category, module name, folder path (if available), filename, function name, attack vector, line number, count, severity, exploitability, remediation effort, remediation status and mitigation status. To view additional columns or hide columns, click the icon to the right of the columns.

When the Veracode results are loaded into the Results view, double-clicking one of the entries opens the source file. Scroll the viewer window to highlight the flaw location if the source file is in an open IntelliJ project in the current workspace.

Viewing Flaw Details

Select an entry in the Results view to view detailed flaw information in the Flaw Details view. If the Flaw Details view is not visible, you can access it from:

Alternatively, if the Results view is open and contains flaw data, you can right-click an entry and select Show Details.

Viewing Call Stacks

Select an entry in the Results view, right-click to drop down the menu, and select Show Call Stacks to download the call stacks for the corresponding flaw.