Checkmarx/ast-vscode-extension

[![Contributors][contributors-shield]][contributors-url] [![Forks][forks-shield]][forks-url] [![Stargazers][stars-shield]][stars-url] [![Issues][issues-shield]][issues-url] [![License][license-shield]][license-url] [![Installs][installs-vscode-shield]][installs-vscode-url]

VS Code Extension

Explore the docs »
Marketplace »

Table of Contents

Overview
Key Features
How To Videos
Prerequisites
Initial Setup
Documentation
Contributing
License
Contact

Overview

Checkmarx continues to spearhead the shift-left approach to AppSec by bringing our powerful AppSec tools into your IDE. This empowers developers to identify vulnerabilities and remediate them as they code. The Checkmarx Visual Studio Code extension integrates seamlessly into your IDE, identifying vulnerabilities in your proprietary code, open source dependencies, and IaC files. The extension offers actionable remediation insights in real-time.

Checkmarx One allows developers to access the full functionality of their Checkmarx One account directly from their IDE, eliminating the need for developers to use the CxOne platform. With this integration, you can initiate new scans, review scan results, and receive guided remediation advice. Checkmarx offers comprehensive details about each vulnerability, including remediation recommendations, examples of effective fixes, and AI-generated code suggestions. The extension also lets you quickly navigate from a vulnerability to the associated source code, making it easier to identify and address problematic areas.

This tool requires authentication, using credentials from your Checkmarx One account.

Key Features

Remediation Advice
- Receive actionable results with remediation recommendations. Easily navigate from the results to the vulnerable code within the editor, allowing you to begin remediation immediately.
- Access one-click Auto Remediation options for open-source risks.
- Utilize the AI Security Champion feature for code remediation suggestions.
Pre-commit Scans
- Run a new scan directly from your IDE before committing your code, or import scan results from your Checkmarx One account.
Checkmarx Static Analysis Security Auto Scanning
- Perform local scans every few seconds on supported language files.
- Instantly scan code generated by Copilot.
- Hover over lines of code to view remediation advice and apply Quick Fixes.
Local SCA Scanning
- Perform local scans looking for Open Source packages with known vulnerabilities
Checkmarx IAC Security Auto Scanning
- A free tool that requires no Checkmarx account.
- Scans your code automatically, running in the background whenever you open or save an IaC file.
- Offers one-click Auto Remediation options.
Triage results
- Adjust the severity, update the state, and add comments directly from the VS Code extension.

How To Videos

Installation
Running a Scan
IAC Security Auto Remediation

Prerequisites

IAC Security Auto Scanning: You must have Docker installed and running in your environment
For Checkmarx One: You need to have a Checkmarx One account and be able to generate an API key for your account. To create an API key, see Generating an API Key.

Initial Setup

For IAC Security Auto Scanning, no configuration is needed, just install the extension, and start getting results!
For Checkmarx One, you need to configure your account info. See documentation here.

Documentation

Contributing

We appreciate feedback and contribution to the VsCode extension! Before you get started, please see the following:

License

Distributed under the Apache 2.0. See LICENSE for more information.

Contact

Checkmarx - Integrations Team

Project Link: https://github.com/Checkmarx/ast-vscode-extension

Find more integrations from our team here