Visual Studio Code Extension¶
ShiftLeft Scan is full integrated with Visual Studio Code IDE via its own native extension. Use this extension to perform security scans and visualize the scan results without leaving your IDE. You can also navigate to the source code and remediate the results by interacting with the scan results.
- One-click security scanning (SAST based scanning)
- Navigation to the source location of the result
- Scan Results shows details about the result:
- Result info
- Run info
- Code flow steps
- macOS touch bar support
- Automatically launches after performing a scan or when the workspace contains .sarif files in reports directory
- Updates the Result Details Panel with the currently selected result in the Results List, Problems Panel, or in source code
- Manually open it by typing "ShiftLeft: View Results" in the Command Palette(Ctrl+P or ⌘+P) or using the hotkey (Ctrl+L then Ctrl+E)
- Install or upgrade Visual Studio Code. Requires version 1.41.0 or higher.
- Open up the extensions tab (Ctrl + Shift + X) and search for "ShiftLeft Scan". Click "Install"
- Alternatively, Quick Open (Ctrl + P)m paste the follwing command
ext install shiftleftsecurity.shiftleft-scanand press enter.
- Reload VS Code
- Install Docker Desktop for performing ShiftLeft Scan
- Perform a ShiftLeft Scan by using the
Perform Security Scanoption in the results window. Or in the Command Palette (Ctrl+Shift+p or ⌘+⇧+p) type "ShiftLeft: Security Scan" or use the hotkey (Ctrl+l then Ctrl+p)
- Results will show up on the Scan Findings panel
- Click the result you're investigating. The editor will navigate to the location
While working with large monorepo based repositories, configure the application root to limit the scanning to specific application directories. To do this, go to Preferences and search for "ShiftLeft". Specify the
App Root as shown below:
This configuration can be specified for either the user or for the workspace. To set it for a particular workspace, choose the
Workspace tab in the above settings screen.
- VS Code version should be 1.41.0 or higher for the extension to install and work
- The user should be part of the
dockergroup on Linux and Mac. Please refer to the post install steps for your platform. Example below for linux.
sudo groupadd docker sudo usermod -aG docker $USER
Internet connectivity is required while loading the results for the first time. You might see the below error otherwise.
Unable to load schema from 'https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json': getaddrinfo ENOTFOUND raw.githubusercontent.com.