Open Issue Details : Opens rule info in a split editor.Once you hover over the highlight, you can see 2 options - Peek Probelm and Quick Fix. If your preference is Highlight When Selected, security issue will be highlighted when you click on file name in the Security Issues view.
If your code highlight preference (Manage Vulnerable Code Highlight) is Highlight All Issues, all security issues in the saved file will be highlighted.Ĭlick on the file name to navigate to the line number in the VS Code editor. The Security Issues view lists files with issues along with exact line numbers of the issue. To view the issues, click on the issue count on the status bar to open the Security Issues view. If you have enabled integration with AppScan On Cloud, any issues marked as Noise in ASoC, will be filtered by CodeSweep scans. Upon save of supported file types, AppScan scans for vulnerabilities and reports the issue count in the status bar. You can toggle between Don't Highlight and Highlight All Issues selections just by clicking AppScan Marker On/Off text in the status bar.īy default Don't highlight option will be selected. Select the Highlight When Selected option if you want to highlight the issue only when it is clicked in the Security Issues tree view. You can verify this selection in status bar with AppScan Marker On text. Select the Highlight All Issues option if you want to highlight all the security issues in the file immediately after the file save. You can verify this selection in status bar with AppScan Marker Off text.
Select the Don't Highlight option if you don't want to highlight the vulnerable code in the editor on file save. This settings enables you to choose the code highlight option for issues identified in a scan. In case you want to opt out, please uncheck this opton Manage Vulnerable Code Highlight No information about specific issues is captured or stored. We are collecting telemetry data to give you a better user experience with our future releases. To remove the connection to AppScan on Cloud, remove the keyID and keySecret credentials from the settings.json file and restart VS Code. Once connected, issues that have been set to “Noise” in AppScan on Cloud are not shown in CodeSweep. If you don’t haveĪ key ID/Secret, create one by following the steps
Once you install the HCL AppScan CodeSweep extension, an AppScan icon is visible on the VS Code side bar.
Install the HCL AppScan CodeSweep extension by clicking the Install link on this page, or install from the Extensions tab in Visual Studio Code.Īlternatively, you can perform an offline installation by following below steps: The HCL AppScan extension supports scanning files of the following types:īefore installing the extension, ensure the following pre-requisites are met: The HCL AppScan extension for Visual Studio Code provides Static Application Security Testing (SAST) functionality for detecting vulnerabilities early in the development life cycle.