Skip to main content

Binding and Unbinding Projects in Visual Studio Code Extension

Projects can be set up and configure in of the following two modes:

  • Unbound (default): Every time you run a scan from the IDE, a new CxSAST project is created as long as it does not already exist on the server. If the project already exists on the server, an error message appears.

  • Bound: If you select your CxSAST project to bind, its last scan results is retrieved first. Each time, the source code is scanned, it is bound to an existing CxSAST project selected by the user.

To bind a CxSAST project:

  1. Cick 2006385386.png:

    VS_26.png
  2. Select an existing project from the project list on the CxSAST server. If there are no projects listed, a message appears.

    VS_27.png

After selecting the desired project to be bound, the project name appears next to the alias and the details of the project are stored in settings.json (project_id ,team_id and project_name).

VS_28.png

In addition, a tooltip appears on the alias and indicates if the project got bound or not.

Once the project got bound, the latest scan results of this project appear on the Cx Scan Results panel.

Notice

  • Once the user logs on to the CxSAST server and a bound project is found, the latest scan results of this project appear on the Cx Scan Results panel.

  • If the user bound a project, he can see the project’s last scan result table and attach a vector.

  • If the source code is relevant to the active workspace (i.e., the entire workspace or part of it), the vulnerable file(s) is (are) opened displaying the vulnerable line of code. Otherwise (in case the source code is irrelevant to the active workspace), an error message appears indicating that the file was not found. This means that this mechanism does not work, if the relevant file name exists more than once in the relevant work space. The plugin opens the first file it finds, which is not necessarily the correct one.

To unbind a project:

  • Select the desired project from the list and click the Bind icon. A flag in CxPortal indicates that the project has been unbound.

    VS_29.png

The properties in settings.json are reset to the default (numbers to 0 and strings to empty) as illustrated below and the project is removed from the list.

VS_30.png