Checkmarx VisualStudio plugin installation process.

 

 

1-      Configuration of plugin VSTudio

Prerequisite:

-Your visual studio MUST be up to date with the last release version in order to launch correctly the VSplugin

-Version Express on Visual Studio is not supported (Community is ok)

-Flow network matrix to check:

Source	IP	Destination	IP	Protocole/Port
Workstations	<Workstations IP >	Checkmarx server	<Server Checkmarx IP>	http/80 (si pas https) https/443 (préféré)

 

Plugin installation :

Plugin can be downloaded by using the folowing link :

CxSAST Visual Studio Plugin

 

The CxSAST Visual Studio plugin is installed in the Visual Studio development environment, and enables:

• Uploading a Visual Studio project's code to CxSAST directly from Visual Studio.
• An interactive interface for viewing scan results in the Visual Studio environment. This interface has several advantages over the regular CxSAST web interface:
• You can make changes to the code as you view the vulnerabilities, in the locations indicated by the scan results, without needing to switch between applications.
• The plugin displays full paths with their intersections, rather than just the first and last elements of each vulnerability instance.
• The plugin highlights the elements where fixes can be most efficiently applied.

Steps to follow

• Setting Up the CxSAST Visual Studio Plugin
• Visual Studio Project Binding
• Running a Scan from Visual Studio
• Reviewing Scan Results in Visual Studio
• Scans Triggered from Visual Studio

作者:Chuck Lu    GitHub