Skip to main content

Setting Up the Visual Studio Code Extension Plugin

This section explains how to install and configure the Visual Studio Code Extension Plugin and lists the associated Settings.Json parameters.

Installing the Plugin

Notice

  • The Visual Studio Code Extension plugin requires VSCode be installed on your host.

  • If you intend to upgrade an earlier version of CxSAST Visual Studio Code Extension Plugin, you have to first uninstall the older version before installing the current version.

To uninstall an older version of CxSAST Visual Studio Code Extension:

1. Under Checkmarx SAST 9.x, click 6321177669.png and then select Uninstall from the menu OR click <Uninstall> in the CxVSCode interface on the right side. The Visual Studio Code Extension plugin is uninstalled.

2. Close the Microsoft Visual Studio Code application.

Uninstall_old_version.png

To install the new version of the CXVisual Studio Code Extension plugin:

1. Navigate to the {S3_Extension_URL} provided in the Release Change log or to the Checkmarx plugin download page and download the CxSAST Visual Studio Code Plugin installation file (*.vsix).

2. Open the Microsoft Visual Studio application, navigate to the folder to which you extracted the content of the zip archive of the Visual Studio Code application. and then click 6321701344.png Code. The Microsoft Visual Studio application appears.

3. To view available extension plugins, click 6321376060.png. The Extensions interface appears with available and installed extension plugins.

Extensions_Interface.png

4. Select Checkmarx SAST 9.x from the list and click <Install>. The Checkmarx SAST 9.x Extension plugin is installed.

Checkmarx_Extension_Plugin_installed.png

To install the new version of the CXVisual Studio Code Extension plugin using a CLI command:

  • Open the terminal, navigate to the .vsix file and then execute the following command, which must include the absolute path of the .vsix file:

code --install-extension <extension_file_name_with_absolute_path>.vsix

The Checkmarx SAST 9.x Extension plugin is installed.

Configuring the Plugin

Visual Studio Code opens into the Explorer view with the CX PORTAL tab open as illustrated below:

1759150947.png

The extension shows the following two tabs in the Explorer view:

  • CX PORTAL - Displays the CxSAST alias for which all the scanned source codes (under this alias) are displayed.

  • CX SCAN RESULTS - Displays the last scan results of the following:

    • The current source code once its scan completed successfully.

    • If you click Retrieve Scan Results for any source code listed in the CX PORTAL panel.

    • Source codes listed in the CX PORTAL tab.

2009695167.png

To link the plugin with a CxSAST server:

1. First, add the CxSAST server URL and the CxSAST alias by clicking + (Add CxPortal Server). You are asked to select a CxSAST server URL and an alias

2. After you click <+>, a popup appears from where you choose the CxSAST server URL and the alias:

Parameter

Description

CxServer URL

Specify the IP address or DNS name of the CxSAST server

Alias (name)

Display name of the CxSAST server on the user interface

In addition, you can edit the server URL by clicking 1761280297.png.

1760657945.png
1760788940.png

Add CxPortal Server

You are asked to enter a new CxSAST server URL in case the cx.server attribute does not exist. on settings.json. Otherwise, the CxSAST server details are displayed automatically.

1761280302.png

Edit CxPortal Server

If the CxSAST server details on settings.json are different from those indicated on the user interface, the details on settings.json are applied upon clicking 1761280297.png. Otherwise, you are asked to enter new CxSAST server details.

If the user was logged in to a different server and/or the relevant project was bound, the user is logged out and the project is unbound.

3. Enter the CxSAST server URL.

1760658000.png

4. Enter the CxSAST server alias.

1761018312.png

5. After the user inserts the server URL along with the alias. The alias appears on VSC on the CX PORTAL tab as follows:

2006777986.png

The Toolbar

Tool (Button)

Function

Description

1764197379.png

Add/Modify File Extension

List of files to be excluded when scanning the source code. Files extension start with "!".

If file extensions starts with **/, it is excluded from all levels. Otherwise, it is excluded from the first level only.

Editing this field updates the cx.fileExtensions attribute in settings.json.

Besides, the user can directly edit the property above from settings.json and it automatically affects both the user interface and the scan.

1762592353.png

Add/Modify Folder Exclusion

List of folders to be excluded when scanning the source code.

Editing this field updates the cx.folderExtensions attribute in settings.json. Besides, the user can directly edit the property above from settings.json and it automatically affects both the user interface and the scan.

1764361074.png

Bind Project

Select an existing project from the project list on the CxSAST server or display a message if no projects are found.

1764361079.png

Login

Users can either log in individually via user name and passwod or log in via SSO. By default, only login via SSO is enabled. In order to individually log in via user name and password, theindividual login option must be enabled in the extension settings by setting cx.enableUserCredentialsLogin to true in settings.json. By default, this option is set to false.

If enabled, users are able to select either SSO or User Name/Password as login path to the SAST server.

1762624453.png

Logout

Logs user off the CxSAST server and deletes the user credentials from settings.json.

1764197390.png

Scan Any File

Scans any file found locally on your PC or laptop.

This option is disabled by default.

if cx.enableScanButtons in settings.json is set to true, this option is available.

1764197398.png

Scan Any Folder

Scans any folder found locally on your PC or laptop.

This option is disabled by default.

if cx.enableScanButtons in settings.json is set to true, this option is available.

1764361089.png

Unbind Project

Unbinds an existing bound project and deletes the properties (project_id , team_id, project_name) from settings.json.

6448283765.png

Scan the current file found in the workspace explorer by right-clicking it.

6447923324.png

Scan the files in the current folder found in the workspace explorer by right-clicking it.

6449299519.png

Scan the entire workspace.

1764197421.png

View Query Results

View the results table.

1764361149.png

Save Report

Save the report.

1762592373.png

Show Query Description

Show the query description.

The Settings.Json Settings

This section lists the parameters for the Settings.json Configuration.

6448480351.png

Parameter

Description

cx.quiet

Manages the popup messages displayed to the user.

If set to true, messages are not displayed.

cx.enableScanButtons

Manages the Scan Any File/Folder buttons.

If set to true, the Scan Any File/Folder buttons are enabled.

cx.fileExtensions

Setting this attribute affects both the relevant icon in the user interface and the scan relevant settings.

Default file extensions are used, if this attribute is not configured.

cx.folderExclusions

Setting this attribute affects both the relevant icon in the user interface and the scan relevant settings.

Default folder exclusions are applied, if this attribute is not configured.

cx.reportPath

Defines the path for the scan report.

This attribute can be modified from the user interface as well.

cx.enableUserCredentialsLogin

This attribute allows users to log in individually via user name and password.

cx.sslCertificatePath

The path of the chain file that contains all the intermediate and root CA certificates,

for example d:\certificates\cacert_chain.crt, /home/user/certs/cacert_chain.pem

cx.enableWorkspaceOnlyScan

This attribute allows users to disable the option to scan anything other than a workspace. By default, workspace, folder or file should be enabled.

When set to true, users can scan only an entire workspace. Checkmarx: Scan Current File and Checkmarx: Scan Current Folder are disabled when right-click on File or Folder respectively.

cx.server

This object defines the Checkmarx server and contains the fields listed below:

  url

Checkmarx server URL: IP address or host name.

  alias

Checkmarx alias: Display name of the server (on the user interface).

  username

Checkmarx user name

  password 

Checkmarx password

  project_id

Checkmarx project ID

  team_id

Checkmarx team ID

  project_name

Checkmarx project name

cx.mandatoryComment

Mandatory comments when the result status for a given vulnerabilty changes.

Notice

  • username, password, project_id, team_id and project_name attributes belong to the cx.server object and cannot be manually changed on settings.json and are not configured as code.

  • The remaining attributes can be manually changed on settings.json and are configured as code.

The Checkmarx Output Channel

The extension logs can be found in the Output channel when selecting Checkmarx from the dropdown list.

To enable the Output channel:

1. From the menu, select View > Output as illustrated below. The Output channel is enabled.

2025882333.png

2. Once the Output channel is enabled, select Checkmarx from the dropdown list as illustrated below.

2026406448.png