FortiDevSec Visual Studio Code Extension

Scan your code directly from VS Code and discover vulnerabilities before they impact your applications.

This extension integrates seamlessly with the FortiDevSec platform, allowing you to scan your code repositories directly from VS Code. Easily identify and manage vulnerabilities, improve code quality, and gain valuable insights into your security posture.

Key Features

• Scan your code directly from VSCode: No need to leave your development environment.
• Visualize vulnerabilities in the VS Code UI: Easily navigate through and filter vulnerabilities by scan and severity.
• Access detailed information and context: View full vulnerability details, including file and line locations.

Requirements

Ensure the following requirements are met before installing FortiDevSec Visual Studio Code Extension.

• Internet connection for accessing FortiDevSec services during use.
• A valid FortiDevSec license. See Licensing.
• Docker installed and available to run as non-root user. To install the Docker engine across different platforms, see Docker.

Installing FortiDevSec Extension

Perform the following steps to install the FortiDevSec Extension in VS Code.

1. Open VS Code.
2. Click the Extensions icon in the Activity Bar on the left side of VS Code.
3. In the Extensions view, search for FortiDevSec extension.
4. Click Install.

For more information on installing extensions, see Visual Code Studio User Guide.

Initiating Security Scan

Once the FortiDevSec extension is installed successfully, perform the following steps to run security scan.

1. Login to FortiDevSec UI portal.
2. Add a new application. See Adding a New Application.
3. Download the fdevsec.yaml file.

4. Copy the downloaded fdevsec.yaml file to the root directory of your repository. Note: Ensure that the Docker is running on your system.
5. Open your repository in VS Code.
6. Click FortiDevSec icon in the activity bar.
7. Click the Start Scan button to initiate the scan.
8. Do not close VS Code until the vulnerabilities are populated.

Viewing Scan Results

Upon completion of the scan, the results will be downloaded automatically. The FortiDevSec Results view will then display the detected vulnerabilities.

Clicking a vulnerability reveals its detailed view in the right pane. The detailed view includes the following information.

Filtering Scan Results

You can filter the scan results based on scan type or severity.

• Scan Type: Click the desired scan type in the Scans section. To clear the filter, click anywhere within the blank area of the Scans section.
• Severity: Click the preferred severity level in Severity section. To remove the severity filter, click anywhere within the blank area of the Severity section.

You can combine both Scans and Severity to filter the scan results. For example, select python for scan type and medium for severity to view results specific to python and are of medium severity.

Additional Information

• For detailed documentation, please refer to the official FortiDevSec documentation.
• For support, please contact Fortinet Customer Support.

Thank you for using the FortiDevSec Visual Studio Code Extension!

Extension Settings

This extension contributes the following settings:

• fortidevsec.hostConfiguration: Add hosts while scanning the repo. Useful for OnPrem FortiDevSec servers.
• fortidevsec.scannerImage: Set the name of the scanner image. Defaults to registry.fortidevsec.forticloud.com/fdevsec_sast:latest

Release Notes

Initial release of FortiDevSec Visual Studio Code Extension.