Note: Support for Code Sight in VS 2017 has been deprecated as of the 2024.3.0 release and we plan to stop supporting VS 2017 in a future release. If this impacts your team, we want to hear from you so please contact us right away.

Note: Click here for Code Sight for Visual Studio 2019 and Code Sight for Visual Studio 2022

Code Sight for Visual Studio 2017 v15.8+

Black Duck® Code Sight™ empowers developers to capitalize on the benefits of AI coding assistants without sacrificing speed, code quality or security. It automatically identifies security vulnerabilities, secrets, quality issues, IaC misconfigurations, vulnerable components and license compliance risks as code is created. Easy-to-understand descriptions and remediation advice are provided with each issue, making code fixes easier and allowing you to focus on building amazing applications.

Code Sight finds a wide range of issues in your code including Gen AI code generated by Coding Assistants:

• Security vulnerabilities: Security issues are identified as code is created, whether written by a developer or an AI coding assistant.
• Quality issues: Quality checkers find a wide range of coding issues that can impact the reliability and maintainability of your applications.
• Secrets: More than 200 secret patterns are identified so they can be removed before putting your business or customer data at risk.
• Infrastructure as Code (IaC) misconfigurations: More than 1,600 IaC checks are run to uncover configuration issues based on CIS benchmarks for Ansible, ARM, AWS CloudFormation, Docker, GCP Deployment Manager, Kubernetes, and Terraform.
• Vulnerable open source components: All direct and transitive open source dependencies are identified, providing full visibility into security and license risks.

Key Benefits:

• Shift-Left and reduce costs: Finding and resolving issues as code is created prevents them from impacting release timelines and reduces costly rework associated with fixing issues later in the development process.
• Boost developer productivity: Developers can leverage AI coding assistants with confidence, as issues are flagged as soon as code is created, and actionable remediation advice and AI-powered code fix suggestions help them resolve issues quickly.
• Release Better Software Faster: Security vulnerabilities, quality issues, secrets, and vulnerable open source components are resolved early in the development process, enabling faster release cycles and the confidence that your software is free of critical issues.

Core Features:

• Real-time feedback with Auto-scan: Identifies secrets and vulnerabilities automatically when a file is opened or saved. This pairs perfectly with AI code assistants for real-time issue detection by enabling developers to resolve issues immediately, without manually initiating a scan.
• Detailed remediation guidance: Helps developers fix issues quickly by providing a description of each issue, including associated CVEs, and step-by-step code analysis so they can understand what went wrong and learn to avoid mistakes in the future.
• AI-Powered code fixes: Provides recommended fixes that developers can simply copy and paste into their code.
• Scan code in the IDE (Local View): Displays all defects and security vulnerabilities specific to code changes each developer has made locally.
• View pipeline scan results in the IDE (Team View): Displays a complete list of security and quality defects found during centralized, pipeline-based scans of the full project.
• When your company subscribes to one or more of the following Black Duck products, you and your Dev team can run rapid Source Code Analysis and Open Source Analysis directly within the IDE.

Integrated Black Duck Products

Code Sight integrates with the following Black Duck products to identify defects, vulnerabilities, hardcoded secrets, and license compliance risks as you code, with actionable remediation guidance to help resolve issues quickly.

• Polaris®
• Coverity®
• Black Duck SCA®
• Software Risk Manager
• Code Sight Standard Edition (Free trial available. Details below)

Code Sight Standard Edition Free Trial

If you are not a Black Duck customer, you can sign-up for a free trial of Code Sight directly from your IDE, and start scanning today! Contact us if you have any license or product questions.

Guided Walkthroughs

Check out these quick guided walkthroughs that will help you get started if your company uses Black Duck AST tools already:

• Polaris Quick Tour (3 mins)
• Coverity Quick Tour (3 mins)
• Black Duck SCA Quick Tour (3 mins)

Support Matrix

Click here to view our full support matrix.

License Terms

By downloading this extension, you are agreeing to the Black Duck End User License Agreement. Users with active commercial licenses for Coverity, Black Duck SCA, Polaris, or SRM can also use Code Sight free-of-charge.

Resources

• Documentation
• Support Portal
• Black Duck Code Sight
• Request SBOM
• Contact Us

NOTE: This plugin is not tested with forks of Visual Studio Code although it's expected to work in most cases. If you have any questions, please contact us Black Duck Community.