Synopsys Code Sight for Visual Studio Code

The Synopsys® Code Sight™ extension helps you find and fix security and quality issues in your software while you code. It can quickly identify vulnerabilities in both source code and open source dependencies, and help you fix them right in the IDE.

Code Sight can scan large projects and development artifacts in seconds, including:

• web and mobile application files,
• microservices and
• Infrastructure-as-Code *(IaC) configurations.

Code Sight will alert you to any detected issues, including:

• code security risks,
• API safety standards,
• cryptography issues,
• hard-coded secrets, and
• vulnerabilities in your open source dependencies (e.g. Log4j CVE-2021-44228).

Once the issues have been identified, Code Sight provides detailed remediation guidance and access to training directly in the IDE help you quickly fix issues today and write better code going forward.

Code Sight Standard Edition Free Trial

Sign up for a free trial of Code Sight and get started in only a couple of minutes.

Code Sight Standard Edition uses integrated analysis of your code and open source to provide IDE-based security analysis without requiring installation of a centralized SAST or SCA solution. Sign-up for the trial directly within the extension and start scanning code in less than five minutes. You can contact sales to purchase licenses for you and your team.

Code Sight Standard Edition is very easy to use, and if you’d like some recommendations on how to get the most out of it, check out these resources:

• Code Sight Standard Edition Interactive Tour
• Code Sight Standard Edition Getting Started Guide

Code Sight Extension for Black Duck and Coverity

Extend the capabilities of your Synopsys tools to the developer desktop

Existing Synopsys customers can connect Code Sight with their Coverity SAST or Black Duck SCA deployments to give developers direct access to these tools’ deeper analysis and enhanced capabilities, with the flexibility to use the built-in Rapid Scan capabilities included in Code Sight Standard Edition. After you install the Code Sight extension, simply click the “Enable Coverity” or “Enable Black Duck” buttons to connect Code Sight to these tools.

For more information, refer to the quick start guides below:

• Code Sight for Black Duck Quick Start
• Code Sight for Coverity Quick Start

Additional information can be found here:

• Code Sight Documentation
• Code Sight Tutorials

Using Code Sight

Follow these simple steps to use the Code Sight IDE extension to analyze your projects:

1. Install Code Sight.
2. Register for Code Sight Standard Edition.
3. Click the triangular “scan” button visible on the left side of the IDE window to scan your codebase and display detected risks in source code and open source dependencies.
4. Select any issue from the results list for more details and any recommended fixes.

License Terms

By downloading this extension, you are agreeing to the Synopsys End User License Agreement. Users with active commercial licenses for Coverity SAST or Black Duck SCA can also use Code Sight free of charge.

Resources

Support Portal

Documentation

Interactive Tour

Synopsys Website

Contact Sales

Getting started with Coverity SAST