Page tree
Skip to end of metadata
Go to start of metadata

 

Icon

Kiuwan for Developers (K4D) for Microsoft Visual Studio Code is a plugin that facilitates and automates compliance with security normative, quality standards and best practices for several languages.

It provides the following benefits:

  • Security Vulnerabilities Management- Kiuwan for Developers allows developers to access and fix security vulnerabilities such as Injection (SQL, XML, OS, etc), XSS, CSRF, etc., found by Kiuwan scans, right on their development IDEs.
  • Adoption of Security and Coding Standards – Ensuring the compliance of standards (CWE, OWASP, CERT-Java/C/C++, SANS-Top25, WASC, PCI-DSS, NIST, MISRA, BIZEC, ISO/IEC 25000 and ISO/IEC 9126) by a development department can be a long and tedious task without the support of some sort of tool that will facilitate and automate this work. This plugin connects with Kiuwan and harness the power of its security models and audits to enforce security standards and policies.
  • Full vulnerabilities documentation – Developers have access, right on their IDEs, to the full Kiuwan vulnerabilities documentation of any of the displayed vulnerabilities listed for the specific projects. This includes code samples on how to fix them in the same language of the project.

 

K4D for VS Code has been succesfully tested with VS Code 1.33.1

For different versions, please contact Kiuwan Technical support.

 

 

Installation

 

Icon

Previous to installlation, you must download k4d-vscode.vsix from https://www.kiuwan.com/pub/vscode/k4d-vscode.vsix 

 

Click on Extensions


Click on More Actions (...) >> Install from VSIX .. 


Select k4d-vscode.vsix 


After installing, you will see Kiuwan for Developers extension

 

Configuration

After installation, you need to configure K4D to connect to Kiuwan. Please, remember that you need to have a valid Kiuwan Account.

 

Go to File >> Preferences >>  Settings 

 

and select User Settings >> Extensions >> Kiuwan

 

Connection Settings

You can find connection settings at  User Settings >> Extensions >> Kiuwan

Please, remember that you need to have a valid Kiuwan Account.

 

The Kiuwan server URL comes preconfigured (leave it with default value).

  • This field only needs to be modified in case you are using Kiuwan On-Premises (KOP). 
  • If you need to modify it (to set your KOP server URL, check Customize kiuan server location )

Fill in User and Password fields with your Kiuwan account's credentials.

 

In case your Kiuwan account is configured to use Single Sign-On (SSO), enter your Domain ID (consult your Kiuwan admin and see How to integrate Kiuwan with SAML SSO)

 

To check connection, you can use K4D: Check Connection With Current Settings to select the delivery. See Kiuwan VS Code commands 

 

Mapping your VS Code folder or workspace to your Kiuwan Application

After K4D is installed, you are ready to map your VS Code workspace or folder to a Kiuwan application.

Icon

This action will allow synchronizing defects and vulnerabilities found by Kiuwan to your source code, being ready to work on fixing the issues.

All the following settings can be configured at User level (i.e. they will apply to all folders opened with the user currently logged in the machine), or at Workspace level (i.e. you can configure different values for different folders / workspaces); the later is recommended.


To map your VS Code workspace to Kiuwan, type your Kiuwan app name at Remote Application: Name

Leaving it blank, you can use K4D: Pick Remote Application to select the app.

See Kiuwan VS Code commands 

 

Source of Defects

Once mapped, you can select the source of the defects that will be shown in VS Code.

 

Depending on your needs, the source of server defects could be different:
  • Last baseline analysis
    • All the defects found during last complete application analysis (i.e. the Application Baseline)
  • Action plan
    • Defects included within an Action Plan (you must type the plan name)
    • Leaving it blank, you can use K4D: Pick Action Plan to select the action plan. See Kiuwan VS Code commands 
  • Audit Delivery
    • Defects that must be fixed so the Audit of a delivery can be successfull (you must type the delivery name)
    • Leaving it blank, you can use K4D: Pick Audit Delivery to select the delivery. See Kiuwan VS Code commands 

  • Delivery
    • Defects found for the delivery analysis of the mapped application
    • Leaving it blank, you can use K4D: Pick Delivery to select the delivery. See Kiuwan VS Code commands 

For Audit Delivery and Delivery , you can select a range of defects.

 


Limiting and filtering Defects

Finally, you can limit how many defects to download from Kiuwan servers (Defects Limit), as well as filter the resulting set of defects by Characteristics, File Patterns, Language and Priority

 

 

VS Code commands

By selecting Command Palette..

 

you can use the following list of Kiuwan VS Code commands 

 

For example, if you select Delivery as the source for defects, you can select the right delivery by running K4D: Pick Delivery and selecting among the available ones.

 

Viewing Kiuwan defects in VS Code

Once configured, just click on the Kiuwan icon to see the defects.

This 'tree of defects' is structured in two or three levels:

  1. Rule
    • The first level represents 'the rule' which generated the defect
    • If you select it, the bottom section Details will refresh its contents, showing important information about that rule. 
    • You can also right-click on it and select Show rule documentation in Kiuwan and K4D will open a new tab of your system web browser, pointing to Kiuwan, to show you all existing details about the rule. 
  2. Defect
    • The second level is populated with defects found of the selected rule. 
    • The Details section will now show information that affects only selected defect, and K4D will try and find the reported file and line among your local sources, to open it in a new editor tab. 
  3. Propagation path
    • The last level will show you all the locations of the code crossed by a security vulnerability, so you can track it, and neutralize it.

 

 

Support and Troubleshooting 

If you experience problems with the Kiuwan plugin for VS Code , you can read Kiuwan Documentation to find a solution, or if you prefer you can collect troubleshooting information and send it to us.

 

Support Information

Icon

Important information for troubleshooting is located at log file.

To make this process easier find log file at $USER_HOME/.optimyth/k4d-vscode.log and submit to technical support team. 

Visit  Contact Kiuwan Technical Support on how to contact us. We will address your problem as soon as possible.

 

 

  • No labels