- Checkmarx Documentation
- SAST/SCA Integrations
- IDE Plugins
- Visual Studio Plugin
- Scans Triggered from Visual Studio
Scans Triggered from Visual Studio
Developers who work in an integrated development environment (IDE) such as CxSAST Visual Studio plugin, as part of a much larger development project managed in source control, would sometimes prefer to scan their code before uploading it to their source control repository.
The CxSAST Visual Studio plugin allows the developer to scan the code from within the Visual Studio project. When scanning code from the CxSAST Visual Studio plugin, the scanned coded is always the local code, which resides in the Visual Studio project, regardless of the CxSAST project’s Location type (Local/Shared/Source Control). This implies that projects can now contain scans of different location types, and the location type can be viewed as a scan property.
Usually, scan results of local code have no relevance to the entire team, and we would like to limit their visibility only to the scan owner. Furthermore, results of "interim scans". namely: scans carried out while the code is still being processed during the work day, are likely to adversely affect the count of daily issues, because issues "detected" through these scans may well be resolved later on, before the code is uploaded to the source control repository at the end of the day.
If the user chooses not to make the scan results visible to other users - in other words, to make the scan private - the scan will only be visible to the following entities:
The scan's owner (the user)
Users with CxAdmin privileges
Users whose location in the hierarchy is higher than that of the user
The CxSAST Visual Studio plugin provides the user with two ways to achieve this behavior:
1. Define the scan as private from within a public project.
2. Define the project as private, namely: making all of the project's scans non-visible to other users.
Notice
The operations described in this page must be carried out by a user with the appropriate credentials in CxSAST server. To ensure you have such credentials, see Setting Up the Visual Studio Plugin.
Defining Scans as Private
The process of defining scans as private takes place within Visual Studio.
To define a scan as private in an existing (not bound) public project:
Right-click the project's name.
Click CxViewer > Scan. The Results Visibility dialog appears.
In the Results Visibility dialog, click <No> to make the scan private.
To define a scan as private in a bound project:
Bind the CxViewer project to a project to an existing project, which is by definition public:
Right-click the project's name.
Go to CxViewer > Bind.
Select the project to which the CxViewer project is to be bound.
Click Bind.
Scan the newly bound project:
Right-click the project's name.
Go to CxViewer > Scan.
In the Results Visibility dialog box that appears now, click No to make the scan private.
Defining Projects as Private
To define a project as private:
Right-click the project's name.
Go to CxViewer > Scan.
Make sure that the project is not bound. Click <No> when asked, if you want to bind the project the corresponding project on the server. A new Cx project is created and the Upload Source dialog appears.
In the Upload Source dialog, clear Make project scan results visible to other users .
Defining a project as private means that the projec's scan results are invisible to other users and are only visible to the following entities:
The scan's owner (the user)
Users with Server Manager privileges
Users whose location in the hierarchy is higher than that of the user.