- Checkmarx Documentation
- SAST/SCA Integrations
- IDE Plugins
- Visual Studio Plugin
- Binding a Visual Studio Project
Binding a Visual Studio Project
Code projects can be configured in one of two CxSAST modes:
Unbound: Each time you run a scan from the IDE, a new CxSAST project is created. Your scan results can be set to appear or not appear in other developers' installations.
Bound: The code project is associated with a specific CxSAST project. Scans are run according to CxSAST project settings (automatically, via the CxSAST web interface or from the IDE). All installations of the IDE with projects bound to the CxSAST project can download the latest scan results.
Binding a Project
By default, code projects are unbound. The Checkmarx SAST plugin for Visual Studio supports the following scenarios only:
The source code and the projects are part of a solution file, and the solution file is opened in Visual Studio.
The source code is loaded in Visual Studio as a website.
Upon clicking the Bind button, a list of 100 projects is displayed by default, and if you need to configure this number, then follow the below steps:
Visual Studio 2019 –
Go to the File Explorer and navigate to the CxVSPlugin.conf file, which is located under \Visual Studio 2019\Settings
Open CxVSPlugin.conf and update the following XML tag <BindProjectCount>50</BindProjectCount>
Visual Studio 2022 –
Go to the File Explorer and navigate to the CxVSPlugin.conf file, which is located under \Visual Studio 2022\Settings
Open CxVSPlugin.conf and update the following XML tag - <BindProjectCount>50</BindProjectCount>
Notice
The plugin is unsupported if the source code is opened as files or folders where Visual Studio is only used as a text editor.
To Bind a Code Project to a CxSAST Project:
In the IDE, right-click the project and select CxViewer > Bind.
(recommended) Enable the following to ensure that you can bind a project using the latest Visual Studio Plugin (9.00.27)
Select a CxSAST project, and then click Bind. The project is bound, and the CxSuite's latest scan results are downloaded to the IDE.
To Bind a Project, if the Code is Opened as a Website:
Open the website project by opening File > Open > Website.
Select the project as illustrated below. The plugin menu appears even if the code is opened as a website.
The scan can be performed on a single file or folder as well.
Downloading Scan Results
After binding the project, the scan results of this project are automatically downloaded. Subsequently, scan results need to be manually downloaded.
To download scan results to a bound project:
In the IDE, right-click the project and select CxViewer > Retrieve Results.
Unbinding a Project
To unbind a project:
In the IDE, right-click the project and select CxViewer > Unbind.