checkmarx-ltd / cxvscode Goto Github PK

Please provide a list of languages supported e.g. C#, Node.JS, Python etc in the README.md file.
Thanks

On Linux and macOS results of a scan are not presented. Scan completes successfully, but the result table and the attack vector are empty, showing only "Undefined".

Whenever I reopen VS Code, the Checkmarx plugin requires me to login again in order to run a scan. How can I get the plugin to remember my login so that I don't have to keep logging in whenever I want to run a scan? Is there a way to tell if there's something wrong on my end? My colleagues have the same problem, and we need to re-login each time.

Steps

Follow the VS Code setup instructions.
Install the Checkmarx plugin and set up a CxPortal server.
Click Padlock icon, login with Credentials.
Click Book icon, bind your project.
Run a scan if you want. This scan works.

Close VS Code.

Open VS Code.

Try running a scan again. This error appears:

"Access token expired. Please login again."

Checkmarx console shows:

Error: Access token expired. Please login.
Sending GET request to https://checkmarx.internal/CxRestAPI/projects
GET request failed to https://checkmarx.internal/CxRestAPI/projects
Error: unable to get local issuer certificate
Sending GET request to https://checkmarx.internal/CxRestAPI/projects
GET request failed to https://checkmarx.internal/CxRestAPI/projects
Error: unable to get local issuer certificate
Error: Access token expired. Please login.

Now in CX Portal, click the padlock and login to Checkmarx portal again. Run a scan. It works.

Note: it doesn't matter if I set up the plugin via settings.json directly or via the UI steps. We're facing the same problem each time we reopen VS Code.

Hello Team.

I hope you are doing well. I am reaching out to inform you of a critical security matter. After cloning the repository, I have identified several vulnerabilities across multiple dependencies. These issues range in severity.

Key Vulnerabilities identified:

Remote Code Execution (RCE) [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-VM2-5772823] in [email protected]

Upgrading these dependencies will not only resolve the current vulnerabilities but will also enhance the overall security posture of the project.

Sometimes when I try to rescan a project the extension throws an error because the project already exists. I'd like to incrementally scan the same project to see the vulnerabilities decrease as I address them.

What causes this error and how can I avoid it?

Thanks!