Skip to main content

Binding a Visual Studio Project

Code projects can be configured in one of two CxSAST modes:

  • Unbound: Each time you run a scan from the IDE, a new CxSAST project is created. Your scan results can be set to appear or not appear in other developers' installations.

  • Bound: The code project is associated with a specific CxSAST project. Scans are run according to CxSAST project settings (automatically, via CxSAST web interface or from the IDE). All installations of the IDE with projects bound to the CxSAST project can download the latest scan results.

Binding a Project

By default, code projects are unbound. The Checkmarx SAST plugin for Visual Studio supports the following scenarios only:

  • The source code and the projects are part of a solution file and the solution file is opened in Visual Studio.

  • The source code is loaded in Visual Studio as a website.

Upon clicking the Bind button, a list of 100 projects is displayed by default, and if you need to configure this number then follow the below steps:

  • Visual Studio 2019 –

    • Go to the File Explorer and navigate to the CxVSPlugin.conf file, which is located under \Visual Studio 2019\Settings

    • Open CxVSPlugin.conf and update the following XML tag <BindProjectCount>50</BindProjectCount>

  • Visual Studio 2022 –

    • Go to the File Explorer and navigate to the CxVSPlugin.conf file, which is located under \Visual Studio 2022\Settings

    • Open CxVSPlugin.conf and update the following XML tag - <BindProjectCount>50</BindProjectCount>

Notice

The plugin is not supported, if the source code is opened as files or folders where Visual Studio is used as text editor only.

To Bind a Code Project to a CxSAST Project:

  1. In the IDE, right-click the project and select CxViewer > Bind.

    Bind.png

  2. Select a CxSAST project, and then click Bind. The project is bound, and the CxSuite's latest scan results are downloaded to the IDE.

    VS_2.png

To Bind a Project, if the Code is Opened as a Website:

  1. Open the website project by opening File > Open > Website.

    Bind_if_code_opened_as_website_1.png

  2. Select the project as illustrated below. The plugin menu appears even if the code is opened as a website.

    Bind_if_code_opened_as_website_2.png
    Bind_if_code_opened_as_website_3.png

    The scan can be performed on a single file or folder as well.

    Bind_if_code_opened_as_website_4.png

Downloading Scan Results

After binding the project, the scan results of this project are automatically downloaded. Subsequently, scan results need to be manually downloaded.

To download scan results to a bound project:

  • In the IDE, right-click the project and select CxViewer > Retrieve Results.

Unbinding a Project

To unbind a project:

  • In the IDE, right-click the project and select CxViewer > Unbind.

In this section: