HCL AppScan extension for Visual Studio 2022
HCL AppScan Visual Studio 2022 extension enables you to scan your source code and eliminate vulnerabilities early in the development life cycle.
Before installing the extension, ensure the target system meets these requirements:
To install the HCL AppScan for Visual Studio 2022 extension:
What's new in HCL AppScan extension for Visual Studio 2022
Below settings are available for HCL AppScan Visual Studio extension under Tools->Options->HCL AppScan
ASoC ConfigurationYou can connect HCL AppScan Visual Studio extension to HCL AppScan on Cloud. To configure connection details: 1. Go to Tools->Options->HCL AppScan->ASoC. 2. Provide the API Key ID and API Key Secret. If you don’t have a Key ID/Secret, create one by following the steps [here](https://help.hcltechsw.com/appscan/ASoC/appseccloud_generate_api_key_cm.html). 4. Click OK to save the credentials.”
Once connected, issues that have been set to “Noise” in AppScan on Cloud are not shown in CodeSweep.
To remove the connection to AppScan on Cloud, remove the keyID and keySecret credentials and restart Visual Studio.
We are collecting telemetry data [rules ignored, rules info viewed, file types scanned] to give you a better user experience with our future releases. No information about specific issues is captured or stored. In case you want to opt out, please disable this option by navigating to Tools->Options->HCL AppScan->General->Manage Telemetry and choose "Disable".
Manage Vulnerable Code HighlightThis settings enables you to choose the code highlight option for issues identified in a scan.
CodeSweep Findings table
CodeSweep Findings operations
Marking an issue as “noise” indicates it should be ignored now and in the future; it will not be reported in future scans of the file. Issues marked as noise are strike through and greyed out until the next save of the corresponding file or an editor restart, whichever happens first. To mark an issue as noise, click Mark as noise.
Unmarking an issue as noise ensures that the issue considered in future scans. You can clear the noise status only for issues marked as noise in the current session, provided the file has not been saved since being labelled as noise. To unmark an issue as noise, click Clear status.
CodeSweep Rules Panel
This view displays applicable rules grouped by supported programming languages. Within every group, the rules are ordered based on severity.
CodeSweep Rules operation
1. Disable Rule
Disabling a rule means it will not be considered for future scans. Once disabled, the rule name is annotated with the “Rule Disabled” label and the severity icon changes to note the disabled status. Once a rule is disabled, issues listed for a rule are no longer displayed. To disable a rule, either:
2. Enable Rule
Enabling a rule means that it will be considered for future scans. Enabling a rule will not display any issues belonging to that rule reported earlier in the same session; they are listed after you save a file which has issues corresponding to that rule. To enable a rule, either:
3. Rule Info
The AppScan Rule Info pane in Visual Studio displays relevant information both enabled and disabled rules. To view the advisory and remediation information for a rule, either:
Use the CodeSweep slack channel to report feedback or ask general questions about the extension.