Skip to main content

Using the Checkmarx VS Code Extension - KICS Realtime Scanning

Scanning IaC Files

A scan runs automatically whenever an infrastructure file of a supported type is opened in VS Code. The file is rescanned each time that it is saved, either manually or by auto-save.

In addition, you can trigger a scan manually for the file that is open in your editor by opening the command palette and entering Checkmarx-ast: Run kics realtime scan ( you can enter search text and select the command).

Viewing KICS Results

Viewing KICS Vulnerabilities

Risks identified by KICS are shown in the file editor window with the KICS label and the severity level shown above the vulnerable code. The risks detected by KICS are also shown in the PROBLEMS section of the VS Code console.


Hover over the vulnerable code to show a tooltip with detailed info about the vulnerability.


Auto Remediation for KICS

KICS automatically generates recommended actions for remediating each risk. You can easily implement these changes in your code, by selecting the Quick Fix link in the hover window.

Figure 1. KICS Auto Remediation
KICS Auto Remediation

GIF - How to automatically remediate KICS risks


This feature is currently supported only for Terraform projects.


The dialog that opens, enables you to remediate the selected risk. In addition, where relevant, the dialog offers the option to remediate all risks in the specified line or in the entire file.


Viewing the Results Summary

When a scan is completed, a summary of the number of vulnerabilities identified, by severity level, is shown in the Checkmarx OUTPUT section of the VS Code console.