Skip to main content

Using the Checkmarx VS Code Extension - Dev Assist

AI Remediation

How to Remediate Risks Using AI

  1. When Checkmarx realtime scanners identify a risk, it is flagged as a Problem, which is marked in the code with a squiggly underline and annotated in the margin with an icon that indicates the type of risk.

    Image_1949.png

  2. Hover over the vulnerable line of code.

    The Checkmarx dialog opens.

    image-20250625-065452.png

  3. Click on Fix with CxOne Assist.

    A Copilot session opens in the side panel and all relevant info is sent for analysis.

    Notice

    Depending on your IDE configuration, you may need to click Continue several times in order to complete the process.

  4. Copilot automatically makes the necessary changes in the code in order to remediate the risk.

    • If you approve the change, click Accept.

      The change is made and the code is rescanned to verify that the risk is no longer present.

    • If you want to improve on the suggestion, click Undo. You can then chat with Copilot to determine the best way of remediating the code.

Ignoring Risks

In order to help you to focus on actionable risks, CxOne Assist enables marking risks as Ignore, so that the risks will no longer be shown in your IDE. You can Revive a risk at any time to resume showing that risk. This can be applied to a specific instance of a risk or it can be applied to all instances of that risk in your project. You can revive the risk at any time to resume showing risks for that package.

Notice

For risks identified in open source packages, a risk instance refers to the entire package that the vulnerability is associated with.

To Ignore a risk

  1. When Checkmarx realtime scanners identify a risk, it is flagged as a Problem, which is marked in the code with a squiggly underline and annotated in the margin with an icon that indicates the type of risk.

    Image_1949.png

  2. Hover over the vulnerable line of code.

    The Checkmarx dialog opens.

    Image_147.png

  3. To ignore the risk in this particular instance, click on Ignore this vulnerability.

  4. To ignore all instances of the risk, click on Ignore all of this type.

To revive a package:

  1. Click on the Ignore icon in the bottom bar.

    Image_056.png

  2. The Ignored Vulnerabilities tab opens.

    Image_050.png

  3. For the desired vulnerability click on the Revive button.

    Notice

    This can also be done as a bulk action for all selected items.

In this section: