Skip to main content

Visual Studio Extension - Changelog

The following table lists improvements and bug fixes that have been implemented for the Visual Studio plugin with the relevant version release.

Notice

See full documentation of this plugin here.

Extension Version

Release Date

CLI Version

Improvements

Bug Fixes

2.0.57

Jul 17, 2024

2.2.0

  • Synchronized version release number with version shown in marketplace.

2.0.51

Jul 16, 2024

2.2.0

  • General improvements and bug fixes

2.0.50

June 28, 2024

2.1.5

  • The CLI that this plugin is based on is now signed with the Checkmarx digital signature, indicating that this is an official Checkmarx product. This enables communication from this plugin to bypass firewalls on Windows computers that previously blocked the unsigned CLI.

2.0.21

June 21, 2024

2.1.5

UNSUPPORTED VERSION

2.0.20

May 20, 2024

2.1.2

UNSUPPORTED VERSION

2.0.19

May 7, 2024

2.1.0

  • Remediated vulnerabilities that we identified in our project.

  • Uses new CLI version in which vulnerabilities affecting our CLI project have been remediated.

2.0.18

Jan 16, 2024

2.0.64

  • Fixed issue that KICS Auto Scanning had been running even when the feature was disabled.

  • Fixed issue related to incorrect use of log object.

  • Updated for CLI version that uses GO version 1.21.1, in order to remediate a vulnerability.

2.0.17

Aug 30, 2023

2.0.54

  • In the SAST results viewer, we added new tabs with additional info about each vulnerability.

    • Learn More - Gives detailed information about the the nature of the risk and their causes, as well as remediation recommendations.

    • Remediation Examples - Shows a sample of code that is subject to this vulnerability, followed by a remediated version of that code.

  • Fixed issue that some buttons weren't showing up properly in blue mode.

2.0.16

July 20,2023

2.0.53

  • Fixed issue that when submitting multiple additional params, only the first was being processed.

  • Fixed issue that when running a scan from the IDE, if the content in your workspace project isn't a Git project we had been treating it as a mismatched project.

  • Fixed issue that when running a scan from the IDE, if a project didn't have any results (identified risks) we had automatically been treating it as a mismatched project.

2.0.15

June 12, 2023

2.0.48

  • You can now initiate scans directly from your Visual Studio IDE (in addition to existing support for this feature in VS Code and JetBrains). This empowers developers to identify vulnerabilities and remediate them as they code.

    You can run a new scan on an existing Checkmarx project by simply clicking on the "play" button in the Checkmarx panel. A Checkmarx scan runs on the files in your current workspace.

    A sanity check is run to verify that the project and branch in your workspace match the project and branch that were scanned for this project. If a mismatch is detected, then a warning message is shown.

    Tip

    This feature needs to be enabled for your organization's account by a Checkmarx admin user under Account Settings.

2.0.14

Apr 19, 2023

2.0.45

  • Fixed a bug that was introduced in version 2.0.12

2.0.13

Apr 19, 2023

2.0.45

  • Fixed a bug that was introduced in version 2.0.12

2.0.12

Apr 19, 2023

2.0.45

  • We added a new environment variable, CX_HTTP_PROXY, which can be used to designate a specialized proxy for Checkmarx One. When this is used, it overrides the proxy specified in your general HTTP_PROXY variable.

    Notice

    We still support use of the HTTP_PROXY variable if you choose to use the same proxy for Checkmarx One as for your other applications.

  • Added support for earlier versions of Visual Studio 2022. We now support SDK version 17.0 and above.

2.0.11

Apr 13, 2023

2.0.44

  • Updated dependencies

2.0.10

Apr 3, 2023

2.0.44

  • Improved memory usage when uploading zip files.

  • Fixed tooltip for Additional parameters so that link points to new documentation portal.

2.0.9

Feb 14, 2023

2.0.41

  • All references to AST have been changed to use the new product name "Checkmarx One".

  • Fixed problem with automatically opening the relevant files when clicking on an attack vector.

2.0.8

Oct 25, 2022

2.0.32

  • We have simplified the integration procedure for IDE plugins. It is no longer required to enter the Base URL or Tenant Name of your Checkmarx One account. Now, you just enter your API Key, and we extract all of the relevant account info from that Key.

  • In the Checkmarx AST settings, there is now a field for adding additional params. This can be used to manually submit the base url and tenant name (in case there is a problem extracting them from the API Key) or to add global params such as --debug or --proxy. To learn more about CLI params, see Global Flags.

2.0.7

Jul 25, 2022

2.0.21

The installation VSIX file is now signed with a code signing license.

2.0.6

Jul 20, 2022

2.0.21

Clicking on a node in the Attack Vector now takes you to the relevant code in the editor window (as expected).

2.0.5

Jul 5, 2022

2.0.21

General improvements and bug fixes

2.0.4

Jun 22, 2022

2.0.20

General improvements

Fixed issue that the app was crashing when opening an attack vector.

2.0.3

May 20, 2022

General improvements

2.0.2

Apr 13, 2022

  • Added links to the relevant Codebashing lessons.

2.0.1

Mar 29, 2022

General improvements

2.0.0

Mar 28, 2022

Initial release of the plugin. Enables you to import results from a Checkmarx One scan directly into your VS Code console.

  • Import Checkmarx One scan results

  • Show results from all scan types (SAST, SCA, and KICS)

  • Group results by file, language, severity, and status

  • Navigate from results directly to the vulnerable code in the editor

  • Vulnerable code is highlighted in the editor