Skip to main content

Installing and Setting up the Checkmarx VS Code Extension

Installing the Extension

The Visual Studio Code Extension is available on the Visual Studio Code marketplace. You can initiate the installation directly from the Visual Studio Code console.

Figure 1. Installation and Initial Setup
Installation and Initial Setup

GIF - How to install and set up the extension

To install the extension:

  1. Open Visual Studio Code.

  2. In the main menu, click on the Extensions icon.

  3. Search for the Checkmarx extension, then click Install for that extension.


    The Checkmarx extension is installed and the Checkmarx icon appears in the left-side navigation panel.


Setting up the Extension

After installing the plugin, in order to use the Checkmarx One Results tool you need to configure access to your Checkmarx One account, as described below.


If you are only using the free KICS Auto Scanning tool, then this set up procedure is not relevant.

  1. In the VS Code console, click on the Checkmarx extension icon and then click on the Open settings button.

    The Checkmarx AST Settings form opens.

  2. In the API Key field, enter your Checkmarx One API Key.


    If you need to create an API key, see Generating an API Key.

    The configuration is saved automatically.

  3. In the Additional Params field, you can submit additional CLI params. This can be used to manually submit the base url and tenant name if there is a problem extracting them from the API Key. It can also be used to add global params such as --debug or --proxy. To learn more about CLI globalparams, see Global Flags.

Configuring the KICS Realtime Scanning Tool (Optional)

This tool is activated automatically upon installation and no configuration is required.


It is not necessary to configure the Checkmarx One Authentication settings in order to use the KICS Realtime Scanning feature.

If you would like to customize the scan settings, you can use the following procedure:

  1. In the VS Code console, go to Settings > Extensions > Checkmarx > Checkmarx KICS Realtime Scanning.

  2. By default the extension is configured to run a KICS scan whenever an infrastructure file of a supported type is opened or saved. If you would like to disable automatic scanning, deselect the Activate KICS Auto Scanning checkbox.


    In this case, you will still be able to trigger scans manually from the command palette, as described below.

  3. If you would like to customize the scan parameters, enter the desired flags in the Additional Parameters field. For a list of available options, see Scan Command Options.