The RedRays ABAP Security Plugin allows developers to analyze ABAP code for potential security vulnerabilities directly within Eclipse. Follow these step-by-step instructions to install and set up the plugin:
Step 1: Open Eclipse and Access the Plugin Installation Menu
Launch Eclipse.
Navigate to the top menu bar and click on Help.
From the dropdown menu, select Install New Software… as shown in the screenshot.
Install New Software
Step 2: Add the RedRays Plugin Repository
In the “Install” dialog, click on the Add… button.
In the popup dialog:
Enter the name:
RedRays ABAP Security Plugin.For the location, enter the repository URL:
https://api.redrays.io/eclipse/update/.
Click Add to confirm.
Step 3: Select and Install the Plugin
Once the repository is added, the available software list will show the RedRays ABAP Security Scanner Feature.
Check the box next to the plugin name.
Click Next and follow the on-screen instructions to complete the installation.
Step 4: Configure the Plugin Settings
After installation, restart Eclipse when prompted.
Go to Window > Preferences.
In the Preferences dialog, navigate to RedRays ABAP Security.
Set the following fields:
API URL:
https://api.redrays.io/api/scanAPI Key: Enter your unique API key (you should have received this from RedRays by email after purchasing the license https://redrays.io/abap-scanner/).
Click Apply and Close to save the settings.
Step 5: Scan ABAP Code for Vulnerabilities
Open an ABAP code file in Eclipse.
Select the code block you want to analyze.
Click on the RedRays scan icon in the toolbar (refer to the screenshot).
Step 6: Review the Scan Results
The scan results will be displayed in a dedicated panel within Eclipse.
Each finding will include:
Severity: Indicates the importance of the issue.
Title: A brief description of the issue.
Description: Detailed information about the identified vulnerability.
Data Flow: Shows the context of the vulnerability in the code.
Use this detailed report to address and fix potential vulnerabilities in your ABAP code.
