Skip to main content

VSCode Tutorial - Initiate Scan, View Report & Bind Unbind Project

Goals

This tutorial is designed to teach users how to do the following:

  • Iinitiate new scan of a workspace

  • Initiate scan of a file/folder

  • Scan a new or existing SAST project

  • Use the detailed scan table view

  • Use the attack vector

  • Load a vulnerability description with a cause and recommendation to fix

  • Save a report to a json file.

Prerequisites

Procedure: Scan

To perform a scan:

1. Open your source code.

2. Right-click one of the files/folders.

3. Select Scan Workspace.

2085486821.png

4. Enter the Project Name.

5. Choose the Team Path.

6. Select a Preset.

7. Select Private or Public.

8. As Scan Type, select Full Scan for this tutorial. The default is Incremental.

9. Select Private or Public. For this tutorial, select Private when asked. At the bottom right, a popup message is displayed indicating the scan completion in per cent.

2085388507.png

Once the scan is completed, the following messages are displayed at the bottom right of the screen indicating the SAST scan completed successfully and the report was generated successfully:

2085355685.png
2085486859.png

Notice

  • It is possible to scan the current folder or file, the procedure is the same.

  • It is possible to scan another folder or file, but this option is disabled by default. To enable contact technical support.

Procedure: Review Results

To review the results of a scan:

  • In the CX SCAN RESULTS filter, select the vulnerability severity and its type, for example High and SQL_Injection.

2085421365.png

The Results Table is displayed at the bottom in the middle of the screen.

6448644353.png

The Result table can be filtered based on different columns by entering text into the search box. The filtering is carried out according to the content of the comlumn and the entered text in the search field.

6448152827.png

Users can select vulnerabilities from the Result table and change the Result State of the selected vulnerability.

6447923522.png

At the top of the Result Table, a short description is available for each vulnerability.

6448873767.png

The Attack Vector is displayed on the right side of the screen.

2085421371.png

By selecting a row in the Results Table or a square in the Attack Vector, the user is directed to the specific line of code.

To view the description of a vulnerability:

1. Click the Copy icon. This icon is located to right of the vulnerability name, for example Reflected_XSS_All_Clients. The Vulnerability Description appears.

2085388691.png

To unbind a project:

  • In the CX PORTAL dialog box, click the Bind icon. A message at the bottom right indicates that the project has been successfully unbound.

2085487011.png
2085487030.png

To bind the same project again:

1. In the CX PORTAL dialog box, click the Open Book icon. You are asked to select the project for binding.

2085388767.png

2. Select the project name scanned in the previous tutorial. A message at the bottom right indicates that the scan report is being generated. Once completed, a message appears that the report has been generated.

2085388779.png
2085487080.png

The Results Table, Attack Vector and Vulnerability Description are available again.

Procedure: Export Results

To save the results as report for download:

1. Under CX SCAN RESULTS, click Scan icon. You are asked to enter the full path and file name for the report in JSON format.

2271707791.png

2. Enter the JSON report full path and file name. A message appears indicating that the export is completed.

2085487239.png
2275311630.png
2085487247.png

Once completed, the report is available in the selected folder.