Skip to main content

Visual Studio Extension - Changelog

The following table lists improvements and bug fixes that have been implemented for the Visual Studio plugin with the relevant version release.


See full documentation of this plugin here.

Plugin Version

Release Date

CLI Version


Bug Fixes


Aug 30, 2023


  • In the SAST results viewer, we added new tabs with additional info about each vulnerability.

    • Learn More - Gives detailed information about the the nature of the risk and their causes, as well as remediation recommendations.

    • Remediation Examples - Shows a sample of code that is subject to this vulnerability, followed by a remediated version of that code.

  • Fixed issue that some buttons weren't showing up properly in blue mode.


July 20,2023


  • Fixed issue that when submitting multiple additional params, only the first was being processed.

  • Fixed issue that when running a scan from the IDE, if the content in your workspace project isn't a Git project we had been treating it as a mismatched project.

  • Fixed issue that when running a scan from the IDE, if a project didn't have any results (identified risks) we had automatically been treating it as a mismatched project.


June 12, 2023


  • You can now initiate scans directly from your Visual Studio IDE (in addition to existing support for this feature in VS Code and JetBrains). This empowers developers to identify vulnerabilities and remediate them as they code.

    You can run a new scan on an existing Checkmarx project by simply clicking on the "play" button in the Checkmarx panel. A Checkmarx scan runs on the files in your current workspace.

    A sanity check is run to verify that the project and branch in your workspace match the project and branch that were scanned for this project. If a mismatch is detected, then a warning message is shown.


    This feature needs to be enabled for your organization's account by a Checkmarx admin user under Account Settings.


Apr 19, 2023


  • Fixed a bug that was introduced in version 2.0.12


Apr 19, 2023


  • Fixed a bug that was introduced in version 2.0.12


Apr 19, 2023


  • We added a new environment variable, CX_HTTP_PROXY, which can be used to designate a specialized proxy for Checkmarx One. When this is used, it overrides the proxy specified in your general HTTP_PROXY variable.


    We still support use of the HTTP_PROXY variable if you choose to use the same proxy for Checkmarx One as for your other applications.

  • Added support for earlier versions of Visual Studio 2022. We now support SDK version 17.0 and above.


Apr 13, 2023


  • Updated dependencies


Apr 3, 2023


  • Improved memory usage when uploading zip files.

  • Fixed tooltip for Additional parameters so that link points to new documentation portal.


Feb 14, 2023


  • All references to AST have been changed to use the new product name "Checkmarx One".

  • Fixed problem with automatically opening the relevant files when clicking on an attack vector.


Oct 25, 2022


  • We have simplified the integration procedure for IDE plugins. It is no longer required to enter the Base URL or Tenant Name of your Checkmarx One account. Now, you just enter your API Key, and we extract all of the relevant account info from that Key.

  • In the Checkmarx AST settings, there is now a field for adding additional params. This can be used to manually submit the base url and tenant name (in case there is a problem extracting them from the API Key) or to add global params such as --debug or --proxy. To learn more about CLI params, see Global Flags.


Jul 25, 2022


The installation VSIX file is now signed with a code signing license.


Jul 20, 2022


Clicking on a node in the Attack Vector now takes you to the relevant code in the editor window (as expected).


Jul 5, 2022


General improvements and bug fixes


Jun 22, 2022


General improvements

Fixed issue that the app was crashing when opening an attack vector.


May 20, 2022

General improvements


Apr 13, 2022

  • Added links to the relevant Codebashing lessons.


Mar 29, 2022

General improvements


Mar 28, 2022

Initial release of the plugin. Enables you to import results from a Checkmarx One scan directly into your VS Code console.

  • Import Checkmarx One scan results

  • Show results from all scan types (SAST, SCA, and KICS)

  • Group results by file, language, severity, and status

  • Navigate from results directly to the vulnerable code in the editor

  • Vulnerable code is highlighted in the editor