CxSuite

The CxSuite Visual Studio plugin is installed in the Visual Studio development environment, and enables:

• Uploading a Visual Studio project's code to CxSuite directly from Visual Studio.
• An interactive interface for viewing scan results in the Visual Studio environment. This interface has several advantages over the regular CxSuite web interface:
  • You can make changes to the code as you view the vulnerabilities, in the locations indicated by the scan results, without needing to switch between applications.
  • The plugin displays full paths with their intersections, rather than just the first and last elements of each vulnerability instance.
  • The plugin highlights the elements where fixes can be most efficiently applied.

Visual Studio  2005 and above is supported.

USER GUIDE:

<SETUP>

To install and configure the CxSuite Visual Studio Plugin:

1. Close Visual Studio. 
2. Download the CxSuite Visual Studio Plugin zip archive.
3. To make the plugin centrally available to organizational users, you can put the extracted installerin a designated folder in the CxSuite server's web server home directory. For example, in:
   C:\inetpub\wwwroot\VisualStudio
   Organizational Visual Studio users can then download it by pointing their browsers to:
   http://<CxSuite>/VisualStudio/Checkmarx_VS_Plugin.msi
   where <CxSuite> is the IP address or resolvable name of the CxSuite server.  
4. Run the Checkmarx_VS_Plugin installer.
5. Confirm any security warnings and go through the installation wizard. Make sure to select the relevant Visual Studio version or versions.
6. When installation is complete, start Visual Studio and go toTools > Options > CxViewer Preferences> Authentication:
    
7. By Server, type the IP address or resolvable name of the CxSuite server (just the server; don't specify a folder), provide credentials with which to access CxSuite, and click Apply.
8. Test Connection.
9. Click OK.

<Visual Studio Project Binding>

Binding Overview

Code projects can be configured in one of two CxSuite modes:

• Unbound: Each time you run a scan from the IDE, a new CxSuite project is created. Your scan results can be set to appear or not appear in other developers' installations.
• Bound: The code project is associated with a specific CxSuite project. Scans are run according to CxSuite project settings (automatically, via CxSuite web interface or from the IDE). All installations of the IDE with projects bound to the CxSuite project can download the latest scan results.

By default, code projects are unbound.

Binding a Project

By default, code projects are unbound. To bind a code project to a CxSuite project:

1. In the IDE, right-click the project and select CxViewerAction > Bind Project:
   
2. Select a CxSuite project, and click Bind:
   

The project is bound, and the CxSuite's latest scan results are downloaded to the IDE.

Downloading Scan Results

Upon binding, the latest scan results are automatically downloaded. Subsequently, scan results need to be manually downloaded.
To download scan results to a bound project: In the IDE, right-click the project and select CxViewerAction > Retrieve Results from Server.

Unbinding a Project

To unbind a project: In the IDE, right-click the project and select CxViewerAction > Unbind Project.

<Running a Scan from Visual Studio>