Skip to main content

VSCode Tutorial - Initiate Scan, View Report & Bind Unbind Project

Goals

This tutorial is designed to teach users how to do the following:

  • Initiate a new scan of a workspace.

  • Initiate a scan of a file/folder.

  • Scan a new or existing SAST project.

  • Use the detailed scan table view.

  • Use the attack vector.

  • Load a vulnerability description with a cause and recommendation to fix it.

  • Save a report to a JSON file.

Prerequisites

Procedure: Scan

To perform a scan:

  1. Open your source code.

  2. Right-click one of the files/folders.

  3. Select Scan Workspace.

    VS_51.png
  4. Enter the Project Name.

  5. Choose the Team Path.

  6. Select a Preset.

  7. Select Private or Public.

  8. As Scan Type, select Full Scan for this tutorial. The default is Incremental.

  9. Select Private or Public. For this tutorial, select Private when asked. At the bottom right, a popup message is displayed indicating the scan completion percentage.

    VS_52.png

Once the scan is completed, the following messages are displayed at the bottom right of the screen indicating the SAST scan was completed successfully and the report was generated successfully:

VS_53.png
VS_54.png

Notice

  • It is possible to scan the current folder or file; the procedure is the same.

  • Scanning another folder or file is possible, but this option is disabled by default. To enable contact technical support.

Procedure: Review Results

To review the results of a scan:

  • In the CX SCAN RESULTS filter, select the vulnerability severity and type, for example, High and SQL_Injection.

    vsresults.png

The Results Table is displayed at the bottom in the middle of the screen. The columns of the result table are manually resizable.

vsresultstable.png

The Result table can be filtered based on different columns by entering text into the search box. The filtering is done according to the column's content and the entered text in the search field.

VS_57.png

Users can select vulnerabilities from the Result table and change the Result State of the chosen vulnerability.

VS_58.png

At the top of the Result Table, a short description is available for each vulnerability.

VS_59.png

The Attack Vector is displayed on the right side of the screen.

VS_60.png

By selecting a row in the Results Table or a square in the Attack Vector, the user is directed to the specific line of code.

To view the description of a vulnerability:

  • Click the Copy icon. This icon is located to the right of the vulnerability name, for example, Reflected_XSS_All_Clients. The Vulnerability Description appears.

    VS_61.png

To unbind a project:

  • In the CX PORTAL dialog box, click the Bind icon. A message at the bottom right indicates that the project has been successfully unbound.

    VS_62.png
    VS_63.png

To bind the same project again:

  1. In the CX PORTAL dialog box, click the Open Book icon. You are asked to select the project for binding.

    VS_64.png
  2. Select the project name scanned in the previous tutorial. A message at the bottom right indicates that the scan report is being generated. Once completed, a message appears that the report has been generated.

    VS_65.png
    VS_66.png

The Results Table, Attack Vector , and Vulnerability Description are available again.

Procedure: Export Results

To save the results as a report for download:

  1. Under CX SCAN RESULTS, click the Scan icon. You are asked to enter the report's full path and file name in JSON format.

    VS_67.png
  2. Enter the JSON report's full path and file name. A message appears indicating that the export is completed.

    VS_68.png
    VS_69.png
    VS_70.png

Once completed, the report is available in the selected folder.