Explore the docs »
Table of Contents
- Initial Setup
- Getting Started
Checkmarx continues to spearhead the shift-left approach to AppSec by bringing our powerful AppSec tools into your IDE. This empowers developers to identify vulnerabilities and remediate them as they code.
The Checkmarx Visual Studio Code plugin integrates seamlessly into your IDE, identifying vulnerabilities in your proprietary code, open source dependencies, and IaC files. The plugin offers actionable remediation insights in real-time.
This extension comprises two separate tools:
- Checkmarx KICS Auto Scanning is a free tool for identifying vulnerabilities in your IaC files (of supported types). Just install the extension and Checkmarx automatically starts identifying IaC vulnerabilities in your project and providing remediation recommendations. KICS Auto Scanning
- Checkmarx One enables Checkmarx One users to access the full functionality of your Checkmarx One account (SAST, SCA, IaC) directly from your IDE. You can run new scans or import results from scans run in your Checkmarx One account. Checkmarx provides detailed info about each vulnerability, including remediation recommendations and examples of effective remediation. The plugin enables you to navigate from a vulnerability to the relevant source code, so that you can easily zero-in on the problematic code and start working on remediation.
This tool requires authentication, using credentials from your Checkmarx One account.
- Checkmarx KICS Auto Scanning
- Free tool, no Checkmarx account required.
- Scan as you code, with new a new scan running in the background whenever you save an IaC file.
- Recommendations for one-click Auto Remediation actions.
- Checkmarx One
- Access the full power of Checkmarx One (SAST, SCA, and KICS) directly from your IDE.
- Run a new scan from your IDE even before committing the code, or import scan results from your Checkmarx One account.
- Provides actionable results including remediation recommendations. Navigate from results directly to the vulnerable code in the editor and get right down to work on the remediation.
- Recommendations for one-click Auto Remediation actions for open-source risks.
- Triage results (by adjusting the severity and state and adding comments) directly from the VS Code console.
KICS Auto Scanning:
You must have Docker installed and running in your environment
For Checkmarx One:
You need to have a Checkmarx One account and an API key for your account. To create an API key, see Generating an API Key.
For KICS Auto Scanning, no configuration is needed, just install the extension, and start getting results!
For Checkmarx One, you need to configure your account info. See documentation here.
- You have a Checkmarx One account and can run Checkmarx One scans on your source code.
- You have an API key for your Checkmarx One account.
Kics Auto Scanning:
- You must have Docker installed and running in your environment (For KICS auto scanning only)
See our documentation for using KICS Auto Scanning and Checkmarx One.
We appreciate feedback and contribution to the VsCode extension! Before you get started, please see the following:
Distributed under the Apache 2.0. See
LICENSE for more information.
Checkmarx - Integrations Team
Project Link: https://github.com/Checkmarx/ast-vscode-extension
Find more integrations from our team here
© 2022 Checkmarx Ltd. All Rights Reserved.