Skip to main content

AI Secure Coding Assistant (ASCA) for VS Code

Overview

We have added the AI Secure Coding Assistant (ASCA) scanner to our VS Code extension. This feature enables developers to identify secure coding best practice violations in the file that they are working on as they code. The ASCA scanner is a lightweight scan engine that runs in the background as you work in VS Code. Whenever you edit a file in VS Code the ASCA scanner automatically scans that file. The ASCA scan runs on your local machine as a running process and returns results within milliseconds.

The results are shown in the Problems section. The relevant code is also underlined by a color coded line indicating the severity of the risk. Hover over the text to show risk details. There is also an integration with Copilot that enables you to harness AI to generate custom snippets for remediating the vulnerability. Each time that you edit the file and then pause for 2 seconds a new scan runs and the results shown in the IDE are updated.

Notice

Results from the ASCA scanner are only available within the IDE, they are not synced with the Checkmarx One platform.

Warning

ASCA scans provide important feedback to developers in realtime. However, the results are not comprehensive and are limited to analyzing a single file at a time. Therefore, it is important to also run complete Checkmarx One scans periodically.

Prerequisites

  • Checkmarx One account with "AI Security" license

  • Running version 2.21.0 or above of the Checkmarx One extension for VS Code

  • To get remediation snippets, you need to have a Copilot license

Supported Languages

ASCA currently supports Java, JavaScript (Node.js), C#, and Python.

Activating ASCA Scanner

Open the Checkmarx One extension Settings and select the checkbox for Checkmarx AI Secure Coding Assistant (ASCA).

Image_1078.png

Viewing ASCA Results

Results from the ASCA scanner are shown in the Problems tab and event logs are shown in the Output tab.

Image_1079.png

The results are also indicated in the code using a squiggly line. The color of the line indicates the severity. Hovering over a result shows additional info about the vulnerability.

Image_1080.png

Remediating ASCA Results

If you have GitHub Copilot in your IDE, then you can generate a customized snippet to remediate the secure coding issue using Copilot. ASCA prompts Copilot with the remediation data in our system so that Copilot can generate customized code to remediate the risk.

Warning

Checkmarx cannot guarantee the reliability of the remediation recommendations, because they are generated by Copilot.

To remediate a vulnerability:

  1. Hover over an ASCA result and click on the Show Code Actions (lightbulb) icon.

  2. Click on Fix using Copilot.

    Copilot generates a correction based on the prompts that it receives from ASCA.

  3. If you are satisfied with the suggestion, click Accept.

    The code is fixed. The file is rescanned and if the fix was effective the vulnerability is no longer shown.

Figure 1. Using ASCA to Remediate Vulnerabilities
Using ASCA to Remediate Vulnerabilities

GIF - Using ASCA to Remediate Vulnerabilities