Skip to main content

Visual Studio Code Plugin - Changelog

The following table lists of improvements and bug fixes have been implemented for the Visual Studio Code plugin with the relevant version release.

Notice

See full documentation of this plugin here.

Checkmarx One Version

CLI Version

Improvements

Bug Fixes

2.0.10

2.0.27

  • In the SAST results viewer, we added new tabs with additional info about each vulnerability.

    • Learn More - Gives detailed information about the the nature of the risk and their causes, as well as remediation recommendations.

    • Code Samples - Shows a sample of code that is subject to this vulnerability, followed by a remediated version of that code.

  • A notification is now shown in the Output section when KICS Auto-Scanning identifies an IaC vulnerability for which Checkmarx offers a suggested "quick-fix".

2.0.9

2.0.27

  • Added an automatic remediation button, which enables users to automatically replace a vulnerable package version with a non-vulnerable version of that package.

    Tip

    This feature is currently supported only for NPM and only for direct dependencies.

  • It is now possible to add a comment to a vulnerability without changing the state or severity of the vulnerability.

  • All documentation links now point to the new Checkmarx documentation portal at https://checkmarx.com/resource/documentation.

2.0.8

2.0.21

We added a "Quick Fix" feature, enabling users to automatically apply remediation recommendations for KICS risks. There is an option to fix a specific risk or to fix all risks in a particular file or in the entire project.

2.0.7

2.0.21

Fixed the issue that the extension wasn’t working if Git wasn’t enabled in VS Code.

2.0.6

2.0.21

Clicking on a node in the Attack Vector now takes you to the relevant code in the editor window (as expected).

2.0.5

2.0.21

  • General improvements and bug fixes

2.0.4

2.0.20

  • Added a new tool to the VS Code plugin that initiates KICS scans directly from their VS Code console. This is a free tool provided by Checkmarx for all VS Code users, and does not require the user to submit credentials for a Checkmarx One account. For more info, see Visual Studio Code - KICS Auto Scanning.

  • Added hover tooltip for codebashing links.

  • Once a project and branch are selected, the latest scan of that branch is automatically loaded.

2.0.3

  • Once the project and branch are selected, the latest scan is automatically loaded.

2.0.2

2.0.16

  • Added support for users that don’t have git installed.

  • Fixed issue loading result with Urgent state.

2.0.1

  • Added links to the relevant Codebashing lessons.

0.0.10

2.0.13

  • Enabled selecting multiple groups in order to create nested display

Fixed bugs affecting the UI

0.0.9

  • Added ability to triage results directly from the IDE console

  • Added a brief description for SAST vulnerabilities

  • Updated UI elements to reflect the new Checkmarx branding (e.g., logo)

  • Added filter results by “state”

  • General UI improvements

0.0.8

  • Updated CLI to version 2.0.4

  • Shows logs of Checkmarx One results in “Output” tab

  • Added a “Clear” button to “Projects” tab, enabling clearing the current selection and results.

  • Added integration tests and UI tests

  • Fixed display of line and column in the “Details” section to match the line and column shown in the editor

0.0.1

Initial release of the plugin. Enables you to import results from a Checkmarx One scan directly into your VS Code console.

  • Import Checkmarx One scan results

  • Show results from all scan types (SAST, SCA, and KICS)

  • Group results by file, language, severity, and status

  • Navigate from results directly to the vulnerable code in the editor

  • Vulnerable code is highlighted in the editor