Skip to main content

VS Code Extension - Changelog

The following table lists of improvements and bug fixes have been implemented for the Visual Studio Code plugin with the relevant version release.


See full documentation of this plugin here.

Plugin Version

Release Date

CLI Version


Bug Fixes


Apr 9, 2024


  • Improved display of scan date in the Checkmarx One Results panel.


Mar 15, 2024


  • Fixed a problem that was introduced in the previous release.


Mar 13, 2024


  • Changed the name of the AI Guided Remediation feature to AI Security Champion.

  • Moved the Codebashing links into the Description tab.

  • Remediated vulnerabilities that we identified in our project.

  • Uses new CLI version in which vulnerabilities affecting that project have been remediated.

  • In the AI Security Champion tab, we improved the formatting of the response, and fixed the description of the "Confidence" score to accurately explain that it represents the likelihood of the vulnerability being exploited.


Feb 2, 2024


  • We added AI Guided Remediation for SAST vulnerabilities (in addition to existing support for IaC Security vulnerabilities). We send the Checkmarx scan results file to OpenAI together with code snippets around each node of the Attack Vector for the specified vulnerability. We also submit a pre-configured series of instructions to OpenAI, which generates a response that includes the following sections: Confidence, Explanation and Proposed Remediation sections. You can follow up with additional questions. For more information see AI Guided Remediation


    This feature needs to be enabled for your organization's account by a Checkmarx admin user under Account Settings > Settings > Plugins in the Checkmarx One web portal.


Oct 11, 2023


  • Fixed issue that KICS Auto Scanning had been running even when the feature was disabled.

  • Fixed issue related to incorrect use of log object.

  • Updated for CLI version that uses GO version 1.21.1, in order to remediate a vulnerability.


August 11, 2023


  • Fixed issue related to showing masked secrets in the AI Guided Remediation tab.


August 9, 2023


  • Added Podfile and Podfile.lock to the list of included files (when creating the zip archive for scanning).

  • Fixed issue that had been causing KICS Realtime scans to fail.

  • Fixed issue that HTML output wasn't being shown properly for results that contain HTML content.

  • Stopped showing the Policy Violation header in the console results for projects that don't have any associated polities.


July 29, 2023


  • We added ”AI Guided Remediation” feature, which harnesses the power of Open AI's GPT to help you to understand the vulnerabilities in your code, and resolve them quickly and easily. This feature is currently supported only for IaC Security vulnerabilities.


    This feature needs to be activated for your tenant account via the web portal Account Settings > Settings > Plugins. This option may not be available yet in some environments.

    When you initiate an AI chat, we automatically provide the context to GPT so that you can start a conversation about the precise vulnerability instance that you are assessing.


    When sending your IaC files to GPT, we protect your sensitive data by anonymizing all passwords and secrets before the content is sent. The query used for identifying sensitive data can be seen here.

  • Added a new Documentation & Feedback section to the Checkmarx panel, providing quick links to view our documentation and submit requests for improvements.

  • Fixed issue that risk management (triaging results) hadn't been working for IaC Security risks.


May 29, 2023


  • For SCA Realtime scans that return incomplete results, we now show a Dependency resolution errors section which gives info about manifest files that weren't resolved and the reason for the error (e.g., relevant package managers not installed locally).

  • We now create nightly pre-release versions of this extension whenever we merge new code. Users have the option to update automatically to the latest pre-release version or to update only when a new release version is published.

    If you would like to start receiving automatic updates whenever a new pre-release (or release) version is created, go to the Checkmarx extension page and click on Switch to Pre-Release Version. Otherwise, you will continue to get updates only when a new release version is created.

  • We now show the complete Changelog for this extension in Marketplace as well as on the Checkmarx Extension page that is shown in the IDE.


Apr 28, 2023


  • Added error handling for SCA Realtime scanner.


Apr 11, 2023


  • Fixed problem that was introduced in version 2.0.15 relating to showing SCA Realtime results.


Apr 11, 2023


  • Fixed problem that was introduced in version 2.0.15 relating to Create Scan button.


Apr 6, 2023


  • Improved visibility of the Create Scan button by moving it to the header bar of the Checkmarx pane.

  • Fixed issue that the Create Scan button had been disabled after unexpected shutdown.

  • Fixed issue that SCA Realtime wasn't yielding results for users that didn't enter account credentials.


    This is a free tool that does not require a Checkmarx account.

  • Fixed issue that filters hadn't been functioning properly.


Mar 13, 2023


  • Added the SCA Realtime scanner tool, which enables all VS Code users to run an SCA scan on the project in their workspace and view results in the VS Code console.


    This is a free tool that doesn't require a Checkmarx One or Checkmarx SCA account. For Checkmarx users, the results are not synced with their account.


Dec 7, 2022


  • The KICS scanner is now referred to in Checkmarx One as "IaC Security". All mentions of the scanner and the vulnerabilities identified by it, now refer to IaC Security.


    This change does not apply to the KICS Auto Scanning tool (free tool), which will continue to be referred to as KICS.

  • Scan results now differentiate between regular SCA vulnerabilities and Supply Chain Security (SCS) risks.

  • We added a new grouping category. For SCA vulnerabilities you can now differentiate between Direct Dependencies and Transitive Dependencies in the results tree.


Nov 10, 2022


  • The "Code samples" tab was renamed "Remediation Examples".


Oct 25, 2022


  • You can now initiate scans directly from your IDE. This empowers developers to identify vulnerabilities and remediate them as they code. This feature is currently supported for VS Code and JetBrains. This feature needs to be enabled for your organization's account by a Checkmarx admin user under Account Settings.

    You can run a new scan on an existing Checkmarx project by simply clicking on the "play" button in the Checkmarx panel. A Checkmarx scan runs on the files in your current workspace.

  • We have simplified the integration procedure for IDE plugins. It is no longer required to enter the Base URL or Tenant Name of your Checkmarx One account. Now, you just enter your API Key, and we extract all of the relevant account info from that Key.

  • In the Checkmarx AST settings, there is now a field for adding additional params. This can be used to manually submit the base url and tenant name (in case there is a problem extracting them from the API Key) or to add global params such as --debug or --proxy. To learn more about CLI params, see Checkmarx One CLI Commands.

  • Fixed results panel for KICS results. The code samples tab is no longer shown.


Sep 19, 2022


  • In the SAST results viewer, we added new tabs with additional info about each vulnerability.

    • Learn More - Gives detailed information about the the nature of the risk and their causes, as well as remediation recommendations.

    • Code Samples - Shows a sample of code that is subject to this vulnerability, followed by a remediated version of that code.

  • A notification is now shown in the Output section when KICS Auto-Scanning identifies an IaC vulnerability for which Checkmarx offers a suggested "quick-fix".


Sep 2, 2022


  • In the SCA results viewer, we added an automatic remediation button, which enables users to automatically replace a vulnerable package version with a non-vulnerable version of that package.


    This feature is currently supported only for NPM and only for direct dependencies.

  • It is now possible to add a comment to a vulnerability without changing the state or severity of the vulnerability.

  • All documentation links now point to the new Checkmarx documentation portal at


Aug 12, 2022


We added a "Quick Fix" feature, enabling users to automatically apply remediation recommendations for KICS risks. There is an option to fix a specific risk or to fix all risks in a particular file or in the entire project.


Jul 29, 2022


Fixed the issue that the extension wasn’t working if Git wasn’t enabled in VS Code.


Jul 22, 2022


Clicking on a node in the Attack Vector now takes you to the relevant code in the editor window (as expected).


Jul 5, 2022


  • General improvements and bug fixes


Jun 22, 2022


  • Added a new tool to the VS Code plugin that initiates KICS scans directly from their VS Code console. This is a free tool provided by Checkmarx for all VS Code users, and does not require the user to submit credentials for a Checkmarx One account. For more info, see Visual Studio Code - KICS Auto Scanning.

  • Added hover tooltip for codebashing links.

  • Once a project and branch are selected, the latest scan of that branch is automatically loaded.


Jun 14, 2022

  • Once the project and branch are selected, the latest scan is automatically loaded.


Apr 12, 2022


  • Added support for users that don’t have git installed.

  • Fixed issue loading result with Urgent state.


Mar 30, 2022

  • Added links to the relevant Codebashing lessons.


Feb 25, 2022


  • Enabled selecting multiple groups in order to create nested display

Fixed bugs affecting the UI


Jan 26, 2022

  • Added ability to triage results directly from the IDE console

  • Added a brief description for SAST vulnerabilities

  • Updated UI elements to reflect the new Checkmarx branding (e.g., logo)

  • Added filter results by “state”

  • General UI improvements


Nov 3, 2021

  • Updated CLI to version 2.0.4

  • Shows logs of Checkmarx One results in “Output” tab

  • Added a “Clear” button to “Projects” tab, enabling clearing the current selection and results.

  • Added integration tests and UI tests

  • Fixed display of line and column in the “Details” section to match the line and column shown in the editor


Initial release of the plugin. Enables you to import results from a Checkmarx One scan directly into your VS Code console.

  • Import Checkmarx One scan results

  • Show results from all scan types (SAST, SCA, and KICS)

  • Group results by file, language, severity, and status

  • Navigate from results directly to the vulnerable code in the editor

  • Vulnerable code is highlighted in the editor