Installing and Setting up the Checkmarx VS Code Extension
Installing the Extension
The Visual Studio Code Extension is available on the Visual Studio Code marketplace. You can initiate the installation directly from the Visual Studio Code console.
To install the extension:
Open Visual Studio Code.
In the main menu, click on the Extensions icon.
Search for the Checkmarx One extension, then click Install for that extension.
Notice
By default, only release versions are installed. You can click on the down arrow next to Install and select Install Pre-Release Version to get the latest pre-release version. See Automatic Updates - Releases Versions and Pre-Release Versions
The Checkmarx One extension is installed and the Checkmarx icon appears in the left-side navigation panel.
Automatic Updates - Releases Versions and Pre-Release Versions
Once you have installed the Checkmarx extension, it is automatically updated to the latest version whenever we create a new release.
Whenever new code is merged in between full releases, we create nightly pre-release versions. You can choose to install a pre-release version. Once you have installed a pre-release version, you will continue to get automatic updates whenever a new pre-release (or release) is created.
To start getting pre-release versions:
In the main menu, click on the Extensions icon.
Search for the Checkmarx extension, then click Switch to Pre-Release Version.
A restart is required to activate the changes.
Notice
You can revert at any time to only getting release versions by clicking on Switch to Release Version.
Setting up the Extension
After installing the plugin, in order to use the Checkmarx One Results tool you need to configure access to your Checkmarx One account, as described below.
Notice
If you are only using the free KICS Auto Scanning tool and/or the SCA Realtime Scanning tool, then this setup procedure is not relevant. However, for SCA Realtime Scanning tool, if your environment doesn't have access to the internet, then you will need to configure a proxy server in the Settings, under Checkmarx One: Additional Params.
In the VS Code console, click on the Checkmarx extension icon and then click on the Open settings button.
The Checkmarx Settings form opens.
Under Checkmarx One settings, in the API Key field, enter your Checkmarx One API Key.
Notice
To create an API key, see Generating an API Key
The roles (permissions) assigned to the API Key are inherited from the user account that generates the key. Therefore, make sure that you are logged in to an account with the appropriate roles.
In order to use this integration for running an end-to-end flow of scanning a project and viewing results, the API Key must have at a minimum the out-of-the-box composite role
ast-scanner
as well as the IAM roledefault-roles
.The configuration is saved automatically.
In the Additional Params field, you can submit additional CLI params. This can be used to manually submit the base url and tenant name if there is a problem extracting them from the API Key. It can also be used to add global params such as
--debug
or--proxy
. To learn more about CLI globalparams, see Global Flags.
Configuring AI Security Champion
AI Security Champion can be used with the Checkmarx One results tool as well as with the KICS Realtime Scanning tool. In order to use AI Security Champion you need to integrate the VS Code extension with your OpenAI account.
To set up the integration with your OpenAI account:
Go to the Checkmarx extension Settings and select Checkmarx AI Security Champion.
In the Model field, select from the drop-down list the model of the GPT account that you are using.
In the Key field, enter the API key for your OpenAI account.
Notice
Follow this link to generate an API key.
The configuration is saved automatically.