The plugin sends the selected ABAP source to your chosen backend - a BTP scanner tenant or the RedRays Management Console - which runs the security scan and streams findings straight back into Eclipse.
Scan ABAP for security vulnerabilities without leaving Eclipse
The RedRays ABAP Security Scanner plugs into Eclipse with SAP ABAP Development Tools (ADT). Right-click any ABAP object, run Scan with RedRays, and security findings appear in a dedicated view - so you fix issues while you write the code, not after it ships.
Shift-left
Catch vulnerabilities in the IDE, during development - the cheapest place to fix them.
Two backends
Send source to a BTP scanner tenant or the RedRays Management Console - your choice.
Zero code retention
Source is scanned and discarded; findings come back to Eclipse, sorted by severity.
How it works
You pick a Working mode in the preferences once. From then on, every scan sends the selected ABAP source to that backend, which runs the checks and returns the findings.
BTP tenant
Source goes to your SAP BTP scanner tenant (for example
https://<tenant>.cloud.abap-security.com/), authenticated with an
rrk_ API token.
- Best if you already run the scanner on SAP BTP.
- Multi-tenant isolated; nothing stored after the scan.
Management Console
Source goes to the RedRays Scanner Management Console (self-hosted or RedRays-hosted), authenticated with a RedRays API key. Results are also visible in the console.
- Best if your team works from the central Management Console.
- Findings tracked centrally as well as in Eclipse.
What you get
Right-click scan
Scan with RedRays from the editor, the Project Explorer, or the toolbar shield icon.
Findings view
A dedicated RedRays Findings view, sorted CRITICAL → INFO, then by line.
Jump to code
Double-click a finding to jump straight to the vulnerable line in the ABAP editor.
Scan profiles
Choose Quick, Standard or Deep to trade speed for depth.
Secure token
Your API token is kept in Eclipse secure storage, never in plain config.
Includes control
Optionally scan function-group includes (TOP/UXX/F…) together with the modules.
Install
Requires Eclipse with ABAP Development Tools (ADT). Supported on Eclipse 2023-03 (4.27) through 2026-06 (4.40), on Windows, macOS and Linux.
Eclipse Marketplace
- Open Help → Eclipse Marketplace…
- Search for RedRays ABAP Security Scanner.
- Click Install, accept the terms, and restart Eclipse.
Install New Software
- Open Help → Install New Software…
- Add this update site:
https://plugin.abap-security.com/ - Tick RedRays ABAP Scanner, Next → Finish, restart.
Verify: a red shield icon appears in the toolbar, and Window → Show View → Other → RedRays lists RedRays Findings.
Configure
Open Window → Preferences → RedRays Scanner, pick your Working mode, paste your token, and click Test connection.
| Setting | What it is |
|---|---|
| Working mode | BTP (send source to your scanner tenant) or RedRays (send source to the Management Console). |
| Backend URL | Your BTP scanner-tenant route, e.g. https://<tenant>.cloud.abap-security.com/. |
API token (rrk_) | Mint it in the Scanner UI / Management Console → Team → API Tokens, or use Get API key. |
| Scan profile | Quick / Standard / Deep. |
| Result wait timeout | Minutes to wait for results (default 30). |
| Auto-open Findings view | Open the Findings view automatically after each scan. |
| Scan function-group includes | Include TOP/UXX/F… parts together with the modules. |
Run a scan
- In the Project Explorer or editor, right-click an ABAP object (class, program, function group…).
- Choose Scan with RedRays.
- The plugin sends the source to your backend and waits for the scan to finish.
- Findings open in the RedRays Findings view, sorted by severity.
- Double-click a finding to jump to the exact line in the editor and fix it.
Start scanning ABAP in Eclipse
Install from the Marketplace and run your first scan in minutes.
Get it on Eclipse Marketplace See the platformSupport: [email protected] · Updates: plugin.abap-security.com
