Using the Veracode Visual Studio Extension

IDEs

Microsoft Visual Studio is an integrated development environment (IDE) platform from Microsoft.

The Veracode Visual Studio Extension integrates with Visual Studio to provide quick and easy information about potential security flaws in your applications, and assists with compiling and uploading applications for scanning.

Note: Due to a dependency installation of Microsoft Visual C++ Redistributable for Visual Studio 2017, you must be a Windows administrator to both install and use the Veracode Visual Studio Extension with Visual Studio 2012 and 2013. Visual Studio 2015 and 2017 do not require administrator permissions.
You must have the following Veracode user roles to use the extension:
  • A human Veracode account must have either the Reviewer or Security Lead role to be able to download results.
  • A non-human API account must have the Results API role to be able to download results.
Ensure you have these permissions before attempting to integrate Veracode into your Visual Studio development lifecycle, otherwise you receive access denial errors.
Note: You can only use the Veracode Visual Studio Extension to perform static scans, not DynamicDS or DynamicMP scans. Also, you can only use the extension to upload compiled .NET binaries. You must upload any JavaScript code separately, as described in the compilation instructions.
If you are using Visual Studio 2012, 2013, 2015, or 2017 you can download the Veracode Visual Studio Extension.
Note: If you are using Visual Studio 2012 or 2013 and have not installed a later version on your machine, you also need to install Microsoft Visual C++ Redistributable for Visual Studio 2017.

Permissions

To use the Veracode Visual Studio Extension you must have one of the following types of accounts:
  • A human Veracode account using the API ID and key authentication, with the following roles:
    • Creator or Security Lead role to create builds of your applications with the necessary Veracode settings
    • Submitter role to upload scans to Veracode
    • Sandbox User role to create sandboxes to use with the extension
    • Reviewer role to check scan completion, propose mitigations, and import results to Visual Studio
    • Mitigation Approver role to approve mitigations
  • A non-human account with the following API roles:
    • Upload API to create application profiles, create sandboxes, and upload and scan applications
    • Upload API - Submit only to submit scans
    • Mitigation API to mitigate flaws found in applications
    • Results API to download, import, and view Veracode results