Skip to main content

AI Secure Coding Assistant (ASCA) for JetBrains

Overview

We have added the AI Secure Coding Assistant (ASCA) scanner to our JetBrains plugin. This feature enables developers to identify secure coding best practice violations in the file that they are working on as they code. The ASCA scanner is a lightweight scan engine that runs in the background as you work in JetBrains. Whenever you edit a file in JetBrains the ASCA scanner automatically scans that file. The ASCA scan runs on your local machine as a running process and returns results within milliseconds.

The results are shown in the Problems section. The relevant code is also underlined by a color coded line indicating the severity of the risk. Hover over the text to show risk details. There is also an integration with Copilot that enables you to harness AI to generate custom snippets for remediating the vulnerability. Each time that you edit the file and then pause for 2 seconds a new scan runs and the results shown in the IDE are updated.

Notice

Results from the ASCA scanner are only available within the IDE, they are not synced with the Checkmarx One platform.

Warning

ASCA scans provide important feedback to developers in realtime. However, the results are not comprehensive and are limited to analyzing a single file at a time. Therefore, it is important to also run complete Checkmarx One scans periodically.

Prerequisites

  • Checkmarx One account with "AI Security" license

  • Running version 2.2.0 or above of the Checkmarx One extension for JetBrains

  • To get remediation snippets, you need to have a GitHub Copilot license

Supported Languages

ASCA currently supports Java, JavaScript (Node.js), C#, and Python.

Activating ASCA Scanner

Open the Checkmarx One extension Settings and select the checkbox for Checkmarx AI Secure Coding Assistant (ASCA).

The message "AI Secure Coding Assistant Engine started" should be displayed.

Image_1332.png

Viewing ASCA Results

When ASCA identifies a risk in your code, the problematic code is indicated byg a squiggly line. The color of the line indicates the severity. Hovering over the code shows additional info about the vulnerability.

Image_1333.png

Remediating ASCA Results

If you have a GitHub Copilot license, then you can generate a customized snippet to remediate the secure coding issue using Copilot. ASCA generates a prompt that you can submit to Copilot with the remediation data in our system so that Copilot can generate customized code to remediate the risk.

Warning

Checkmarx cannot guarantee the reliability of the remediation recommendations, because they are generated by Copilot.

To remediate a vulnerability:

  1. Hover over an ASCA result and click on the ASCA - Copy fix prompt.

  2. Click on More actions > Open GitHub Copilot Inline Chat.

  3. Paste the ASCA generated prompt into the text box.

  4. Click on Preview to compare the existing code to the remediated code.

  5. If you are satisfied with the suggestion, click Apply All Diffs.

    The code is fixed. The file is rescanned and if the fix was effective the risk is no longer shown.

Figure 1. Using ASCA to Remediate Vulnerabilities
Using ASCA to Remediate Vulnerabilities