Skip to main content

Visual Studio Code - KICS Auto Scanning

Configuring the Extension

This tool is activated automatically upon installation, and no configuration is required.


It is not necessary to configure the Checkmarx One Authentication settings in order to use the KICS Auto Scanning feature.

If you would like to customize the scan settings, you can use the following procedure:

  1. In the VS Code console, go to Settings > Extensions > Checkmarx > Checkmarx KICS Auto Scanning.

  2. By default the extension is configured to run a KICS scan whenever an infrastructure file of a supported type that is open in your editor is saved. If you would like to disable automatic scanning, deselect the Activate KICS Auto Scanning checkbox.

  3. If you would like to customize the scan parameters, enter the desired flags in the Additional Parameters field. For a list of available options, see Scan Command Options.

Viewing KICS Results

Viewing the Results Summary

When a scan is completed, a summary of the number of vulnerabilities identified by severity level is shown in the OUTPUT section of the VS Code console.

Example of results summary:

CxINFO - 2:04:47 PM]Results summary:
                    Total Results": 141,
                    "HIGH": 10,
                    "INFO": 4,
                    "LOW": 62,
                    "MEDIUM": 65

Viewing KICS Vulnerability Details

Detailed information about the vulnerabilities that were detected is shown in the file editor window. The vulnerable code is highlighted according to the severity level of the vulnerability, as follows:

  • High - red

  • Medium - orange

  • Info - green

  • Low - blue

Hover over the vulnerable code to show a tooltip with detailed info about the vulnerability.