Skip to content

The Checkmarx One Visual Studio Code plugin (extension) enables you to import results from a Checkmarx One scan directly into your VS Code console. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor.

License

Notifications You must be signed in to change notification settings

Checkmarx/ast-vscode-extension

Repository files navigation


Contributors Forks Stargazers Issues License Installs


VS Code Extension

Explore the docs »
Marketplace »

Table of Contents
  1. Overview
  2. Key Features
  3. How To Videos
  4. Prerequisites
  5. Initial Setup
  6. Documentation
  7. Contributing
  8. License
  9. Contact

Overview

Checkmarx continues to spearhead the shift-left approach to AppSec by bringing our powerful AppSec tools into your IDE. This empowers developers to identify vulnerabilities and remediate them as they code. The Checkmarx Visual Studio Code extension integrates seamlessly into your IDE, identifying vulnerabilities in your proprietary code, open source dependencies, and IaC files. The extension offers actionable remediation insights in real-time.

  • Checkmarx One allows developers to access the full functionality of their Checkmarx One account directly from their IDE, eliminating the need for developers to use the CxOne platform. With this integration, you can initiate new scans, review scan results, and receive guided remediation advice. Checkmarx offers comprehensive details about each vulnerability, including remediation recommendations, examples of effective fixes, and AI-generated code suggestions. The extension also lets you quickly navigate from a vulnerability to the associated source code, making it easier to identify and address problematic areas.

This tool requires authentication, using credentials from your Checkmarx One account.

Key Features

  • Remediation Advice
    • Receive actionable results with remediation recommendations. Easily navigate from the results to the vulnerable code within the editor, allowing you to begin remediation immediately.
    • Access one-click Auto Remediation options for open-source risks.
    • Utilize the AI Security Champion feature for code remediation suggestions.
  • Pre-commit Scans
    • Run a new scan directly from your IDE before committing your code, or import scan results from your Checkmarx One account.
  • Checkmarx Static Analysis Security Auto Scanning
    • Perform local scans every few seconds on supported language files.
    • Instantly scan code generated by Copilot.
    • Hover over lines of code to view remediation advice and apply Quick Fixes.
  • Local SCA Scanning
    • Perform local scans looking for Open Source packages with known vulnerabilities
  • Checkmarx IAC Security Auto Scanning
    • A free tool that requires no Checkmarx account.
    • Scans your code automatically, running in the background whenever you open or save an IaC file.
    • Offers one-click Auto Remediation options.
  • Triage results
    • Adjust the severity, update the state, and add comments directly from the VS Code extension.

How To Videos

  • Installation

  • Running a Scan

  • IAC Security Auto Remediation

Prerequisites

  • IAC Security Auto Scanning: You must have Docker installed and running in your environment

  • For Checkmarx One: You need to have a Checkmarx One account and be able to generate an API key for your account. To create an API key, see Generating an API Key.

Initial Setup

  • For IAC Security Auto Scanning, no configuration is needed, just install the extension, and start getting results!
  • For Checkmarx One, you need to configure your account info. See documentation here.

Documentation

Contributing

We appreciate feedback and contribution to the VsCode extension! Before you get started, please see the following:

License

Distributed under the Apache 2.0. See LICENSE for more information.

Contact

Checkmarx - Integrations Team

Project Link: https://github.com/Checkmarx/ast-vscode-extension

Find more integrations from our team here

© 2024 Checkmarx Ltd. All Rights Reserved.

About

The Checkmarx One Visual Studio Code plugin (extension) enables you to import results from a Checkmarx One scan directly into your VS Code console. You can view the vulnerabilities that were identified in your source code and navigate directly to the vulnerable code in the editor.

Topics

Resources

License

Code of conduct

Stars

Watchers

Forks