Skip to main content

Setting Up the Visual Studio Code Extension Plugin

This section explains installing and configuring the Visual Studio Code Extension Plugin and lists the associated Settings.Json parameters.

Installing the Plugin

Notice

  • The Visual Studio Code Extension plugin requires VSCode to be installed on your host.

  • If you intend to upgrade to an earlier version of the CxSAST Visual Studio Code Extension Plugin, uninstall the older version before installing the current version.

To uninstall an older version of CxSAST Visual Studio Code Extension:

  1. Under Checkmarx SAST 9.x, click 6321177669.png and then select Uninstall from the menu OR click <Uninstall> in the CxVSCode interface on the right side. The Visual Studio Code Extension plugin is uninstalled.

  2. Close the Microsoft Visual Studio Code application.

    VS_11.png

To install the new version of the CXVisual Studio Code Extension plugin:

  1. Navigate to the {S3_Extension_URL} provided in the Release Change log or to the Checkmarx plugin download page and download the CxSAST Visual Studio Code Plugin installation file (*.vsix).

  2. Open the Microsoft Visual Studio application and navigate to the folder to which you extracted the content of the zip archive of the Visual Studio Code application. and then click 6321701344.png Code. The Microsoft Visual Studio application appears.

  3. To view available extension plugins, click 6321376060.png. The Extensions interface appears with available and installed extension plugins.

    VS_12.png

  4. Select Checkmarx SAST 9.x from the list and click <Install>. The Checkmarx SAST 9.x Extension plugin is installed.

    VS_13.png

To install the new version of the CXVisual Studio Code Extension plugin using a CLI command:

  • Open the terminal, navigate to the .vsix file, and then execute the following command, which must include the absolute path of the .vsix file:

code --install-extension <extension_file_name_with_absolute_path>.vsix

The Checkmarx SAST 9.x Extension plugin is installed.

Configuring the Plugin

Visual Studio Code opens into the Explorer view with the CX PORTAL tab open as illustrated below:

VS_14.png

The extension shows the following two tabs in the Explorer view:

  • CX PORTAL - Displays the CxSAST alias, which displays all the scanned source codes (under this alias).

  • CX SCAN RESULTS - Displays the last scan results of the following:

    • The current source code once its scan is completed successfully.

    • If you click Retrieve Scan Results for any source code listed in the CX PORTAL panel.

    • Source codes listed in the CX PORTAL tab.

      VS_15.png

To link the plugin with a CxSAST server:

  1. First, add the CxSAST server URL and the CxSAST alias by clicking + (Add CxPortal Server). You are asked to select a CxSAST server URL and an alias.

  2. After you click <+>, a popup appears from where you choose the CxSAST server URL and the alias.

    Parameter

    Description

    CxServer URL

    Specify the IP address or DNS name of the CxSAST server.

    Alias (name)

    Displays the name of the CxSAST server on the user interface.

    In addition, you can edit the server URL by clicking 1761280297.png.

    Plus_2.png

    Add CxPortal Server

    You are asked to enter a new CxSAST server URL if the cx.server attribute does not exist. on settings.json. Otherwise, the CxSAST server details are displayed automatically.

    Edit_2.png

    Edit CxPortal Server

    If the CxSAST server details on settings.json are different from those indicated on the user interface, the details on settings.json are applied upon clicking 1761280297.png. Otherwise, you are asked to enter new CxSAST server details.

    If the user was logged in to a different server and/or the relevant project was bound, the user is logged out, and the project is unbound.

  3. Enter the CxSAST server URL.

    VS_17.png

  4. Enter the CxSAST server alias.

    VS_18.png

  5. After the user inserts the server URL along with the alias. The alias appears on VSC on the CX PORTAL tab as follows:

    VS_19.png

The Toolbar

Tool (Button)

Function

Description

1764197379.png

Add/Modify File Extension

List of files to be excluded when scanning the source code. Files extension starts with "!".

If file extensions start with **/, it is excluded from all levels. Otherwise, it is excluded from the first level only.

Editing this field updates the cx.fileExtensions attribute in settings.json.

Besides, the user can directly edit the property above from settings.json , and it automatically affects both the user interface and the scan.

1762592353.png

Add/Modify Folder Exclusion

List of folders to be excluded when scanning the source code.

Editing this field updates the cx.folderExtensions attribute in settings.json. Besides, the user can directly edit the property above from settings.json , and it automatically affects both the user interface and the scan.

1764361074.png

Bind Project

Select an existing project from the project list on the CxSAST server or display a message if no projects are found.

1764361079.png

Login

Users can log in individually via username and password or SSO. By default, only login via SSO is enabled. To individually log in via user name and password, the individual login option must be enabled in the extension settings by setting cx.enableUserCredentialsLogin to true in settings.json. By default, this option is set to false.

If enabled, users can select SSO or User Name/Password as the login path to the SAST server.

1762624453.png

Logout

Logs user off the CxSAST server and deletes the user credentials from settings.json.

1764197390.png

Scan Any File

Scans any file found locally on your PC or laptop.

This option is disabled by default.

if cx.enableScanButtons in settings.json is true, this option is available.

1764197398.png

Scan Any Folder

Scans any folder found locally on your PC or laptop.

This option is disabled by default.

if cx.enableScanButtons in settings.json is true, this option is available.

1764361089.png

Unbind Project

Unbinds an existing bound project and deletes the properties (project_id , team_id, project_name) from settings.json.

6448283765.png

Scan the current file found in the workspace explorer by right-clicking it.

6447923324.png

Scan the files in the current folder found in the workspace explorer by right-clicking it.

6449299519.png

Scan the entire workspace.

vs.png

View Query Results

Click the vulnerability name to view the query results table.

1764361149.png

Save Report

Save the report.

1762592373.png

Show Query Description

Show the query description.

The Settings.Json Settings

This section lists the parameters for the Settings.json Configuration.

VS_20.png

Parameter

Description

cx.quiet

Manages the popup messages displayed to the user.

If set to true, messages are not displayed.

cx.enableScanButtons

Manages the Scan Any File/Folder buttons.

If true, the Scan Any File/Folder buttons are enabled.

cx.fileExtensions

Setting this attribute affects the relevant icon in the user interface and the scan-relevant settings.

Default file extensions are used if this attribute is not configured.

cx.folderExclusions

Setting this attribute affects the relevant icon in the user interface and the scan-relevant settings.

Default folder exclusions are applied if this attribute is not configured.

cx.avoidDuplicateProjectScansInQueue

If enabled, blocks send a new scan request if a scan is in Queue or Working mode.

True = Enabled

cx.reportPath

Defines the path for the scan report.

This attribute can be modified from the user interface as well.

cx.enableUserCredentialsLogin

This attribute allows users to log in individually via user name and password.

cx.sslCertificatePath

The path of the chain file that contains all the intermediate and root CA certificates,

for example d:\certificates\cacert_chain.crt, /home/user/certs/cacert_chain.pem

cx.enableWorkspaceOnlyScan

This attribute allows users to disable the option to scan anything other than a workspace. By default, workspace, folder, or file should be enabled.

When set to true, users can scan only an entire workspace. Checkmarx: Scan Current File and Checkmarx: Scan Current Folder is disabled when right-clicking on File or Folder .

cx.server

This object defines the Checkmarx server and contains the fields listed below:

  url

Checkmarx server URL: IP address or hostname.

  alias

Checkmarx alias: Display the server's name (on the user interface).

  username

Checkmarx user name

  password

Checkmarx password

  project_id

Checkmarx project ID

  team_id

Checkmarx team ID

  project_name

Checkmarx project name

Notice

  • username, password, project_id, team_id and project_name attributes belong to the cx.server object and cannot be manually changed on settings.json and are not configured as code.

  • The remaining attributes can be manually changed on settings.json and are configured as code.

The Checkmarx Output Channel

The extension logs can be found in the Output channel when selecting Checkmarx from the dropdown list.

To enable the Output channel:

  1. From the menu, select View > Output as illustrated below. The Output channel is enabled.

    VS_21.png

  2. Once the Output channel is enabled, select Checkmarx from the dropdown list as illustrated below.

    VS_22.png
In this section: