Skip to main content

Troubleshooting Visual Studio Code Extension Issues

This page provides tips to address and work around issues that you may encounter.

SSO Login

If you attempt to log on and receive the unauthorized_ client Invalid redirect_uri error, check whether the correct quick fix (QF) is applied.


The required QF depends on the SAST version in use:

  • For SAST 9.4:

  • For SAST 9.3:

  • For SAST 9.2:

CxOrigin Issue

The VS Code plugin is sending the CxOrigin value of “Visual-Studio-Code” to the Checkmarx server.

The CxOrigin value is mandatory for Checkmarx server instances with a Security gate license. Submitting a different value triggers the “Forbidden” error.


  • The Security gate license is not supported for Checkmarx servers prior to the 9.0 version.

  • The “Visual-Studio-Code” CxOrigin value does not work with Checkmarx version 9.0 with the Security Gate license. This particular configuration requires a special hotfix.

Login with SSL Certificate Issue

If you attempt to log on and receive the error: unable to verify the first certificate error, check whether the correct certificate chain order is available in the Enable SSL Certificate Path extension.


CA Signed certificate: If the certificate used for CxSAST is signed by a commercial CA (for example – GO Daddy), the whole certificate chain from the server certificate to the root (in that order) should be placed in the cert chain file.

Self-Signed certificate: If the certificate used for CxSAST is self-signed, the certificate chain file should contain just the server certificate. In some cases, there might be a self-sign CA-issued certificate. In these cases, the cert chain file should contain the server and self-signed CA certificates.