checkmarx-ltd / cxvscode Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
License: Apache License 2.0
Please provide a list of languages supported e.g. C#, Node.JS, Python etc in the README.md file.
Thanks
On Linux and macOS results of a scan are not presented. Scan completes successfully, but the result table and the attack vector are empty, showing only "Undefined".
Whenever I reopen VS Code, the Checkmarx plugin requires me to login again in order to run a scan. How can I get the plugin to remember my login so that I don't have to keep logging in whenever I want to run a scan? Is there a way to tell if there's something wrong on my end? My colleagues have the same problem, and we need to re-login each time.
Follow the VS Code setup instructions.
Install the Checkmarx plugin and set up a CxPortal server.
Click Padlock icon, login with Credentials.
Click Book icon, bind your project.
Run a scan if you want. This scan works.
Close VS Code.
Open VS Code.
Try running a scan again. This error appears:
"Access token expired. Please login again."
Checkmarx console shows:
Error: Access token expired. Please login.
Sending GET request to https://checkmarx.internal/CxRestAPI/projects
GET request failed to https://checkmarx.internal/CxRestAPI/projects
Error: unable to get local issuer certificate
Sending GET request to https://checkmarx.internal/CxRestAPI/projects
GET request failed to https://checkmarx.internal/CxRestAPI/projects
Error: unable to get local issuer certificate
Error: Access token expired. Please login.
Now in CX Portal, click the padlock and login to Checkmarx portal again. Run a scan. It works.
Note: it doesn't matter if I set up the plugin via settings.json directly or via the UI steps. We're facing the same problem each time we reopen VS Code.
Hello Team.
I hope you are doing well. I am reaching out to inform you of a critical security matter. After cloning the repository, I have identified several vulnerabilities across multiple dependencies. These issues range in severity.
Key Vulnerabilities identified:
Remote Code Execution (RCE) [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-VM2-5772823] in [email protected]
Upgrading these dependencies will not only resolve the current vulnerabilities but will also enhance the overall security posture of the project.
Sometimes when I try to rescan a project the extension throws an error because the project already exists. I'd like to incrementally scan the same project to see the vulnerabilities decrease as I address them.
What causes this error and how can I avoid it?
Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.