Skip to main content

Visual Studio Code Extension Plugin Change Log

The following table lists the features and changes that have been implemented for the plugin with the relevant version release. To obtain the plugin, go to the plugin download section.

Version

Change / Feature

Additional Description

2022.3.3

  • The result viewer has been enhanced with the following:

    • Comments can now be added for one or more vulnerabilities using Add Comments. For a single vulnerability, the Edit icon in the respective row can be used.

    • If Mandatory Comments is enabled, the system now prompts for entering a comment while changing the state of a vulnerability.

  • The following libraries have been upgraded:

    • degenerator from 2.0.2 to 3.0.2

    • jQuery from 3.4.1 to 3.6.0

  • Supported SAST Versions: 9.3, 9.4, 9.5

  • OSA Support: Not supported

  • SCA Support: Not supported

  • Operating Systems: Windows, Linux, MAC

  • SAML Support: CxSAST versions, 9.3, 9.4, 9.5

  • Supported Node JS version: 12.16.2 LTS version

  • Supported Tool Version: Visual Studio Code version 1.67.2 and higher

2022.2.1

  • The CLI Node module has been excluded from the package. As a result, log4j is not deployed anymore.

  • Supported SAST Versions: 9.2, 9.3, 9.4

  • OSA Support: Not supported

  • SCA Support: Not supported

  • Operating Systems: Windows, Linux, MAC

  • SAML Support: CxSAST versions 9.2, 9.3, 9.4

  • Supported Node JS version: 12.16.2 LTS version

  • Supported Tool Version: Visual Studio Code version 1.67.2

2022.1.2

  • The following enhancements have been made in the in-result viewer:

    • Users are now able to add or edit comments.

    • Triaging of vulnerabilities can be performed by assigning users to vulnerabilities.

  • Fixed the issue that caused the performance to decrease while binding a project.

  • Supported SAST Versions: 9.2, 9.3, 9.4

  • OSA Support: Not supported

  • SCA Support: Not supported

  • Operating Systems: Windows, Linux, MAC

  • SAML Support: CxSAST versions 9.2, 9.3, 9.4

  • Supported Node JS version: 12.16.2 LTS version

  • Supported Tool Version: Visual Studio Code version 1.60.2

2021.3.1

  • Setting Single Sign On (SSO) login as default. The User name + Password login option can be enabled from the extension settings.

  • To enable SAML Single Sign On (SSO), QF_VSCodeSAML must be installed.

    To do so, run 9.x.0.QF_VSCodeSAML.zip.

    9.x stands for the CxSAST version, for example, 9.4.

    For additional information and instructions on enabling SAML Single Sign-On, refer to the relevant knowledge base article.

  • Supports the configuration of the Certificate Authority (CA) certificate chain file path in the extension settings. This must be configured, when CxSAST is using a self-signed certificate.

  • Menu items are renamed as follows:

    • From 'Scan Current Folder' to 'Checkmarx: Scan Current Folder'

    • From 'Scan Current File' to 'Checkmarx: Scan Current File'

    • From 'Scan Workspace' to 'Checkmarx: Scan Workspace'

  • The extension can be configured to allow workspace-level scans only.

  • For new projects, users can define projects as public or private. If a project is defined as private, scans performed are always private.

  • The following enhancements have been made in the in result viewer:

    • Added columns to show additional vulnerability details

    • Vulnerabilities can be filtered based on different columns

    • Triaging of vulnerabilities can be performed by changing the state of vulnerabilities

    • Displaying a short description of the respective vulnerability.

  • Supported SAST Versions: 8.9, 9.0, 9.2, 9.3, 9.4

  • OSA Support: Not supported

  • SCA Support: Not supported

  • Operating Systems: Windows, Linux, MAC

  • SAML Support: CxSAST versions 9.0, 9.2, 9.3, 9.4

  • Supported Node JS version: 12.16.2 LTS version

  • Supported Tool Version: Visual Studio Code version 1.60.2

2020.3.1

  • First generally available release

  • Binding an existing project for scanning

  • Creating a new project for scanning

  • Executing a CxSAST scan

  • Retrieving CxSAST results of scanned source code

  • Displaying vulnerabilities in Result Table and Attack Vector views

  • Saving CxSAST scan reports to an external JSON file

  • Showing vulnerability query description

  • Retrieving the last scan results of a bound project without running a scan

  • Ability to disable 'Scan Any File/Folder' buttons

  • Login - support credentials and SSO methods

  • Supporting incremental and full scans

  • Supporting private and public scans

  • Unbinding project

  • Silent mode - controls the number of popup messages displayed to the user

  • Config as Code for selected attributes

  • Result Table and Attack Vector are supported for Linux and MacOS as well

  • Supported SAST Versions: 8.9, 9.0, 9.2, 9.3, 9.4

  • OSA Support: Not supported

  • SCA Support: Not supported

  • Operating Systems: Windows

  • Supported Node JS version: 12.16.2 LTS version

  • Supported Tool Version: Visual Studio Code version 1.44

2020.2.1-Beta

  • Executing CxSAST scans

  • Retrieving CxSAST scan results

  • Displaying vulnerabilities in the Attack Vector view

  • Saving CxSAST scan reports to external files

  • Displaying vulnerability query description

  • Certified SAST Versions: 8.9, 9.0

  • OSA Support: Not supported

  • SCA Support: Not supported

  • Operating Systems: Windows

  • Supported Node JS version: 12.16.2 LTS version

  • Supported Tool Version: Visual Studio Code version 1.44

In this section: