Skip links
ABAP source scan findings Eclipse + ADT SAP developer Scan with RedRays right-click any ABAP object Working mode BTP tenant *.cloud.abap-security.com Management Console self-hosted / RedRays Scan engine 85+ security checks RedRays Findings back in Eclipse, by severity CRITICAL HIGH MEDIUM LOW double-click → jump to line

The plugin sends the selected ABAP source to your chosen backend - a BTP scanner tenant or the RedRays Management Console - which runs the security scan and streams findings straight back into Eclipse.

Eclipse plugin - ABAP SAST

Scan ABAP for security vulnerabilities without leaving Eclipse

The RedRays ABAP Security Scanner plugs into Eclipse with SAP ABAP Development Tools (ADT). Right-click any ABAP object, run Scan with RedRays, and security findings appear in a dedicated view - so you fix issues while you write the code, not after it ships.

Shift-left

Catch vulnerabilities in the IDE, during development - the cheapest place to fix them.

Two backends

Send source to a BTP scanner tenant or the RedRays Management Console - your choice.

Zero code retention

Source is scanned and discarded; findings come back to Eclipse, sorted by severity.

How it works

You pick a Working mode in the preferences once. From then on, every scan sends the selected ABAP source to that backend, which runs the checks and returns the findings.

Mode 1

BTP tenant

Source goes to your SAP BTP scanner tenant (for example https://<tenant>.cloud.abap-security.com/), authenticated with an rrk_ API token.

  • Best if you already run the scanner on SAP BTP.
  • Multi-tenant isolated; nothing stored after the scan.
Mode 2

Management Console

Source goes to the RedRays Scanner Management Console (self-hosted or RedRays-hosted), authenticated with a RedRays API key. Results are also visible in the console.

  • Best if your team works from the central Management Console.
  • Findings tracked centrally as well as in Eclipse.

What you get

Right-click scan

Scan with RedRays from the editor, the Project Explorer, or the toolbar shield icon.

Findings view

A dedicated RedRays Findings view, sorted CRITICAL → INFO, then by line.

Jump to code

Double-click a finding to jump straight to the vulnerable line in the ABAP editor.

Scan profiles

Choose Quick, Standard or Deep to trade speed for depth.

Secure token

Your API token is kept in Eclipse secure storage, never in plain config.

Includes control

Optionally scan function-group includes (TOP/UXX/F…) together with the modules.

Install

Requires Eclipse with ABAP Development Tools (ADT). Supported on Eclipse 2023-03 (4.27) through 2026-06 (4.40), on Windows, macOS and Linux.

Recommended

Eclipse Marketplace

  1. Open Help → Eclipse Marketplace…
  2. Search for RedRays ABAP Security Scanner.
  3. Click Install, accept the terms, and restart Eclipse.
Update site

Install New Software

  1. Open Help → Install New Software…
  2. Add this update site: https://plugin.abap-security.com/
  3. Tick RedRays ABAP Scanner, Next → Finish, restart.

Verify: a red shield icon appears in the toolbar, and Window → Show View → Other → RedRays lists RedRays Findings.

Configure

Open Window → Preferences → RedRays Scanner, pick your Working mode, paste your token, and click Test connection.

RedRays Scanner preferences in Eclipse: working mode, backend URL, API token, scan profile, test connection
Window → Preferences → RedRays Scanner
SettingWhat it is
Working modeBTP (send source to your scanner tenant) or RedRays (send source to the Management Console).
Backend URLYour BTP scanner-tenant route, e.g. https://<tenant>.cloud.abap-security.com/.
API token (rrk_)Mint it in the Scanner UI / Management Console → Team → API Tokens, or use Get API key.
Scan profileQuick / Standard / Deep.
Result wait timeoutMinutes to wait for results (default 30).
Auto-open Findings viewOpen the Findings view automatically after each scan.
Scan function-group includesInclude TOP/UXX/F… parts together with the modules.

Run a scan

  1. In the Project Explorer or editor, right-click an ABAP object (class, program, function group…).
  2. Choose Scan with RedRays.
  3. The plugin sends the source to your backend and waits for the scan to finish.
  4. Findings open in the RedRays Findings view, sorted by severity.
  5. Double-click a finding to jump to the exact line in the editor and fix it.
Right-click an ABAP object in Eclipse and choose Scan with RedRays
Right-click → Scan with RedRays

Start scanning ABAP in Eclipse

Install from the Marketplace and run your first scan in minutes.

Get it on Eclipse Marketplace See the platform

Support: [email protected] · Updates: plugin.abap-security.com