Skip to main content

Checkmarx One Visual Studio Code Extension (Plugin)

The Checkmarx Visual Studio Code extension contains two separate tools:

  • Checkmarx AST results - This tool enables you to import results from a Checkmarx One scan directly into your IDE. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor. This tool requires authentication with credentials from your Checkmarx One account.

  • Checkmarx KICS Auto Scanning - This tool initiates KICS scans directly from their VS Code console. The scan runs automatically whenever an infrastructure file of a supported type is saved, either manually or by auto-save. The scan runs only on the file that is open in the editor. The results are shown in the VS Code console, making it easy to remediate the vulnerabilities that are detected. This is a free tool provided by Checkmarx for all VS Code users, and does not require the user to submit credentials for a Checkmarx One account.

Main Features

  • Checkmarx One results

    • Import Checkmarx One scan results into your IDE

    • Show results from all scan types (SAST, SCA, and KICS)

    • Group and filter results

    • Navigate from results directly to the vulnerable code in the editor

    • Vulnerable code is highlighted in the editor

    • Triage results - edit the result predicate (severity, state and comments) directly from the Visual Studio Code console

    • Links to Codebashing lessons

    • Automatically update package version based on Checkmarx SCA remediation recommendations

  • Checkmarx KICS Auto Scanning

    • Free tool, no Checkmarx account required

    • Run scans directly from your IDE

    • Scans are triggered automatically whenever a file is saved

    • Apply quick-fix to automatically remediate IaC vulnerabilities

Note

The plugin is available on marketplace. In addition, the code can be accessed here.

Prerequisites

  • For Checkmarx One Results:

    • You have a Checkmarx One account and can run Checkmarx One scans on your source code.

      Notice

      Scans can be initiated via Checkmarx One, Checkmarx One CLI, SCM Plugins, CI/CD Plugins or REST APIs.

    • You have an API key for your Checkmarx One account. To create an API key, see Generating an API Key.

  • KICS Auto Scanning:

    • You must have Docker installed and running in your environment

Installing the Extension

The Visual Studio Code Extension is available on the Visual Studio Code marketplace. You can initiate the installation directly from the Visual Studio Code console.

To install the extension:

  1. Open Visual Studio Code.

  2. In the main menu, click on the Extensions icon.

  3. Search for the Checkmarx extension, then click Install for that extension.

    Image_766.png

    The Checkmarx extension is installed and the Checkmarx icon appears in the left-side navigation panel.

    Image_767.png