Skip to main content

Visual Studio Code Extension Plugin Change Log

The following table lists the features and changes implemented for the plugin with the relevant version release. To obtain the plugin, go to the plugin download section.

Version

Change / Feature

Additional Description

2024.3.3

  • Added support for SAST critical severity (for versions above SAST 9.6).

  • Fixed an issue where a bad request occurred during a rescan in the VS Code plugin for a project managed with Git.

  • Supported SAST Versions: 9.5, 9.6, 9.7

  • OSA Support: Not supported

  • SCA Support: Not supported

  • Operating System: Windows. Linux. Mac

  • SAML Support: CxSAST versions 9.5, 9.6, 9.7

  • Supported Tool Version: Visual Studio Code version 1.67.2 and higher

2024.1.3

  • The following enhancements have been made in the result viewer:

    • Fetch the result state from the server according to user permissions.

    • Supported Custom-result state feature will display to the user based on permission.

    • Added the Select All option to the result state table.

    • Using Keypress [ESC], you can close the Add/Edit comment popup.

    • Support for Mandatory comments functionality based on SAST configuration for NE(Not Exploitable), PNE( Proposed Not Exploitable), and all states.

    • The following UI improvements were made:

      • Added pagination to the table.

      • The user can resize each column in the results table.

      • Display existing comments by hovering over the edit icon.

      • Added Checkmarx logo.

      • Added filter for columns to filter query results.

      • Display a busy icon while updating bulk comments, results states, or assignees.

  • The following enhancements have been made to the attack vector viewer:

    • The following UI improvements were made:

      • Dynamic coloring was added for each node.

      • Hover over the node to see the file path and line number.

      • The selected node display is in blue.

  • Added Avoid Duplicate Scan in Queue Feature.

  • Added plugin name and its version in user agent header which will display in SAST IIS logs or AWS ELB logs.

  • Fixed count mismatch bug after updating result states as not exploitable.

  • VSCode plugin only supports https SAST server when using a proxy.

  • Supported SAST Versions: 9.4, 9.5, 9.6

  • OSA Support: Not supported

  • SCA Support: Not supported

  • Operating System: Windows. Linux. Mac

  • SAML Support: CxSAST versions 9.4, 9.5, 9.6

  • Supported Tool Version: Visual Studio Code version 1.67.2 and higher

2023.2.3

The following enhancements/ bug fixes have been made in the VS Code plugin:

  • Supports Visual Studio Code latest version V1.80.2.

  • The attack vector and results table reload upon clicking a vulnerability name.

  • Removed > icon that appeared in front of the vulnerability name.

  • The results table allows manual column resizing and displays all columns without a scroll bar when the screen is at its maximum size.

  • The public documentation link for VS Code has been updated.

  • The On Bind project's latest project is displayed first.

  • Clicking Unbinding or Log Out clears the CX Scan Results tab.

  • The Result Table and Attack Vector tabs open again when you click on any vulnerability name.

  • Supported SAST Versions: 9.4, 9.5, 9.6

  • OSA Support: Not supported

  • SCA Support: Not supported

  • Operating System: Windows. Linux. Mac

  • SAML Support: CxSAST versions 9.4, 9.5, 9.6

  • Supported Tool Version: Visual Studio Code version 1.67.2 and higher

2022.3.3

  • The result viewer has been enhanced with the following:

    • Comments can now be added for one or more vulnerabilities using Add Comments. For a single vulnerability, the Edit icon in the respective row can be used.

    • If Mandatory Comments is enabled, the system now prompts for entering a comment while changing the state of a vulnerability.

  • The following libraries have been upgraded:

    • degenerator from 2.0.2 to 3.0.2

    • jQuery from 3.4.1 to 3.6.0

  • Supported SAST Versions: 9.3, 9.4, 9.5

  • OSA Support: Not supported

  • SCA Support: Not supported

  • Operating Systems: Windows, Linux, Mac

  • SAML Support: CxSAST versions, 9.3, 9.4, 9.5

  • Supported Node JS version: 12.16.2 LTS version

  • Supported Tool Version: Visual Studio Code version 1.67.2 and higher

2022.2.1

  • The CLI Node module has been excluded from the package. As a result, log4j is not deployed anymore.

  • Supported SAST Versions: 9.2, 9.3, 9.4

  • OSA Support: Not supported

  • SCA Support: Not supported

  • Operating Systems: Windows, Linux, Mac

  • SAML Support: CxSAST versions 9.2, 9.3, 9.4

  • Supported Node JS version: 12.16.2 LTS version

  • Supported Tool Version: Visual Studio Code version 1.67.2

2022.1.2

  • The following enhancements have been made in the in-result viewer:

    • Users are now able to add or edit comments.

    • Triaging of vulnerabilities can be performed by assigning users to vulnerabilities.

  • Fixed the issue that caused the performance to decrease while binding a project.

  • Supported SAST Versions: 9.2, 9.3, 9.4

  • OSA Support: Not supported

  • SCA Support: Not supported

  • Operating Systems: Windows, Linux, Mac

  • SAML Support: CxSAST versions 9.2, 9.3, 9.4

  • Supported Node JS version: 12.16.2 LTS version

  • Supported Tool Version: Visual Studio Code version 1.60.2

2021.3.1

  • Setting Single Sign On (SSO) login as default. The User name + Password login option can be enabled from the extension settings.

  • To enable SAML Single Sign On (SSO), QF_VSCodeSAML must be installed.

    To do so, run 9.x.0.QF_VSCodeSAML.zip.

    9.x stands for the CxSAST version, for example, 9.4.

    For additional information and instructions on enabling SAML Single Sign-On, refer to the relevant knowledge base article.

  • Supports the configuration of the Certificate Authority (CA) certificate chain file path in the extension settings. This must be configured, when CxSAST is using a self-signed certificate.

  • Menu items are renamed as follows:

    • From 'Scan Current Folder' to 'Checkmarx: Scan Current Folder'

    • From 'Scan Current File' to 'Checkmarx: Scan Current File'

    • From 'Scan Workspace' to 'Checkmarx: Scan Workspace'

  • The extension can be configured to allow workspace-level scans only.

  • For new projects, users can define projects as public or private. If a project is defined as private, scans performed are always private.

  • The following enhancements have been made in the in result viewer:

    • Added columns to show additional vulnerability details

    • Vulnerabilities can be filtered based on different columns

    • Triaging of vulnerabilities can be performed by changing the state of vulnerabilities

    • Displaying a short description of the respective vulnerability.

  • Supported SAST Versions: 8.9, 9.0, 9.2, 9.3, 9.4

  • OSA Support: Not supported

  • SCA Support: Not supported

  • Operating Systems: Windows, Linux, MAC

  • SAML Support: CxSAST versions 9.0, 9.2, 9.3, 9.4

  • Supported Node JS version: 12.16.2 LTS version

  • Supported Tool Version: Visual Studio Code version 1.60.2

2020.3.1

  • First generally available release

  • Binding an existing project for scanning

  • Creating a new project for scanning

  • Executing a CxSAST scan

  • Retrieving CxSAST results of scanned source code

  • Displaying vulnerabilities in Result Table and Attack Vector views

  • Saving CxSAST scan reports to an external JSON file

  • Showing vulnerability query description

  • Retrieving the last scan results of a bound project without running a scan

  • Ability to disable 'Scan Any File/Folder' buttons

  • Login - support credentials and SSO methods

  • Supporting incremental and full scans

  • Supporting private and public scans

  • Unbinding project

  • Silent mode - controls the number of popup messages displayed to the user

  • Config as Code for selected attributes

  • Result Table and Attack Vector are supported for Linux and MacOS as well

  • Supported SAST Versions: 8.9, 9.0, 9.2, 9.3, 9.4

  • OSA Support: Not supported

  • SCA Support: Not supported

  • Operating Systems: Windows

  • Supported Node JS version: 12.16.2 LTS version

  • Supported Tool Version: Visual Studio Code version 1.44

2020.2.1-Beta

  • Executing CxSAST scans

  • Retrieving CxSAST scan results

  • Displaying vulnerabilities in the Attack Vector view

  • Saving CxSAST scan reports to external files

  • Displaying vulnerability query description

  • Certified SAST Versions: 8.9, 9.0

  • OSA Support: Not supported

  • SCA Support: Not supported

  • Operating Systems: Windows

  • Supported Node JS version: 12.16.2 LTS version

  • Supported Tool Version: Visual Studio Code version 1.44