Visual Studio Code Extension Plugin Change Log

The following table lists the features and changes that have been implemented for the plugin with the relevant version release. To obtain the plugin, go to the plugin download section

VersionChange / FeatureAdditional Description
2021.3.1
  • Setting Single Sign On (SSO) login as default. The User name + Password login option can be enabled from the extension settings.
  • To enable SAML Single Sign On (SSO), QF_VSCodeSAML must be installed.
    To do so, run 9.x.0.QF_VSCodeSAML.zip.
    9.x stands for the CxSAST version, for example 9.4.
    For additional information and instructions on enabling SAML Single Sign-On, refer to the relevant knowledge base article
  • Supports the configuration of the Certificate Authority (CA) certificate chain file path in the extension settings. This must be configured, when CxSAST is using a self-signed certificate.
  • Menu items are renamed as follows:
    • From 'Scan Current Folder' to 'Checkmarx: Scan Current Folder'
    • From 'Scan Current File' to 'Checkmarx: Scan Current File'
    • From 'Scan Workspace' to 'Checkmarx:Scan Workspace'
  • Extension can be configured to allow workspace level scans only.
  • For new projects, users can define projects as public or private. If a project is defined as private, scans performed are always private.
  • The following enhancements have been made in the in result viewer:
    • Added columns to show additional vulnerability details
    • Vulnerabilities can be filtered based on different columns
    • Triaging of vulnerabilities can be performed by changing the state of vulnerabilities
    • Displaying a short description of the respective vulnerability.
  • Supported SAST Versions: 8.9, 9.0, 9.2, 9.3, 9.4
  • OSA Support: Not supported
  • SCA Support: Not supported
  • Operating Systems: Windows, Linux, MAC
  • SAML Support: CxSAST versions 9.0, 9.2, 9.3, 9.4
  • Supported Node JS version: 12.16.2 LTS version
  • Supported Tool Version: Visual Studio Code version 1.59
2020.3.1
  • First generally available release
  • Binding an existing project for scanning
  • Creating a new project for scanning
  • Executing a CxSAST scan
  • Retrieving CxSAST results of scanned source code
  • Displaying vulnerabilities in Result Table and Attack Vector views
  • Saving CxSAST scan reports to an external JSON file
  • Showing vulnerability query description
  • Retrieving last scan results of a bound project without running a scan
  • Ability to disable 'Scan Any File/Folder' buttons
  • Login - support credentials and SSO methods
  • Supporting incremental and full scans
  • Supporting private and public scans
  • Unbinding project
  • Silent mode - controls the amount of popup messages displayed to the user
  • Config as Code for selected attributes
  • Result Table and Attack Vector are supported for Linux and MacOS as well
  • Supported SAST Versions: 8.9, 9.0, 9.2, 9.3, 9.4
  • OSA Support: Not supported
  • SCA Support: Not supported
  • Operating Systems: Windows
  • Supported Node JS version: 12.16.2 LTS version
  • Supported Tool Version: Visual Studio Code version 1.44
2020.2.1-Beta
  • Executing CxSAST scans
  • Retrieving CxSAST scan results
  • Displaying vulnerabilities in Attack Vector view
  • Saving CxSAST scan reports to external files
  • Displaying vulnerability query description
  • Certified SAST Versions: 8.9, 9.0
  • OSA Support: Not supported
  • SCA Support: Not supported
  • Operating Systems: Windows
  • Supported Node JS version: 12.16.2 LTS version
  • Supported Tool Version: Visual Studio Code version 1.44

.