Using the Checkmarx VS Code Extension - KICS Realtime Scanning
Scanning IaC Files
A scan runs automatically whenever an infrastructure file of a supported type is opened in VS Code. The file is rescanned each time that it is saved, either manually or by auto-save.
In addition, you can trigger a scan manually for the file that is open in your editor by opening the command palette and entering Checkmarx-ast: Run kics realtime scan
( you can enter search text and select the command).
Viewing KICS Results
Viewing KICS Vulnerabilities
Risks identified by KICS are shown in the file editor window with the KICS label and the severity level shown above the vulnerable code. The risks detected by KICS are also shown in the PROBLEMS section of the VS Code console.
![]() |
Hover over the vulnerable code to show a tooltip with detailed info about the vulnerability.

Auto Remediation for KICS
KICS automatically generates recommended actions for remediating each risk. You can easily implement these changes in your code, by selecting the Quick Fix link in the hover window.

GIF - How to automatically remediate KICS risks
Notice
This feature is currently supported only for Terraform projects.

The dialog that opens, enables you to remediate the selected risk. In addition, where relevant, the dialog offers the option to remediate all risks in the specified line or in the entire file.
![]() |
Viewing the Results Summary
When a scan is completed, a summary of the number of vulnerabilities identified, by severity level, is shown in the Checkmarx OUTPUT section of the VS Code console.
![]() |