Working with the Veracode Results in Eclipse

IDEs

After downloading the Veracode scan results, they appear in the Results view in Eclipse.

To be able to see Veracode results, you must have the Mitigation API role to be able to mitigate flaws using the Veracode Eclipse Plugin. If the Results view is not visible, you can access it from:
  • Window > Show View > Other > Veracode Views > Results
  • Window > Open Perspective > Other > Veracode
The Results view lists information about each flaw, including the CWE ID, category, module name, folder path (if available), filename, function name, attack vector, line number, count, severity, exploitability, remediation effort, remediation status and mitigation status. To view additional columns or hide columns, click the down arrow in the upper-right corner of the Results view and hover over Show Columns.


When the Veracode results are loaded into the Results view, double-clicking one of the entries opens the source file. Scroll the viewer window to highlight the flaw location if the source file is in an open Eclipse project in the current workspace.

Viewing Flaw Details

Select an entry in the Results view to view detailed flaw information in the Flaw Details view. If the Flaw Details view is not visible, you can access it from:
  • Window > Show View > Other > Veracode Views > Flaw Details
  • Window > Open Perspective > Other > Veracode


Alternatively, if the Results view is open and contains flaw data, you can right-click an entry and select Show Details.

Viewing Call Stacks

Select an entry in the Results view, right-click to drop down the menu, and select Show Call Stacks to download the call stacks for the corresponding flaw.
After you download the call stacks for a specific flaw, double-click the entry in the Call Stacks view to open the source file. Scroll the window to highlight the location of the flaw within the source file.


If the source file does not open because it is not referenced by an Eclipse project that is part of the current workspace, read about how to add references to that file.

Viewing Mitigations

Select an entry in the Results view, right-click to drop down the menu, and select Show Mitigations to view the mitigation information for the selected flaw.
To propose, accept, or reject mitigations:
  1. Open the scan results report and go to the Results view.
  2. Select the entry for the flaw you want to update and select a mitigation action.
  3. Click Mitigate and add comments.
  4. Click Continue.
If you encounter an access denied error message when attempting to mitigate a flaw, check for the following issues, resolve them, and try to mitigate again:
  • There is a policy or sandbox scan in progress for the application.
  • You are not working with the most recent scan results.
  • You do not have the Mitigation API role.
  • The flaw is locked in the Platform by another user.