Versions Compared

Old Version 1

changes.mady.by.user Kiuwan Editor User

Saved on

compared with

New Version 2

changes.mady.by.user Kiuwan Editor User

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Kiuwan for Developers (K4D) for JetBrains is Microsoft Visual Studio Codeis a plugin that facilitates and automates compliance with security normatives, quality standards and best practices for several languages.

It provides the following benefits:

  • Security Vulnerabilities Detection - Kiuwan for Developers allows the developers to detect and fix security vulnerabilities such as Injection (SQL, XML, OS, etc), XSS, CSRF, etc. directly integrated within their development IDEs).
  • Adoption of Security and Coding Standards – Ensuring the compliance of standards (CWE, OWASP, CERT-Java/C/C++, SANS-Top25, WASC, PCI-DSS, NIST, MISRA, BIZEC, ISO/IEC 25000 and ISO/IEC 9126) by a development department can be a long and tedious task without the support of some sort of tool that will facilitate and automate this work. This plugin connects with Kiuwan and harness the power of its quality models to prevent errors and automatically standardise the code.
  • Automatic Error Prevention – Coding standards are specific rules for a programming language. By implementing and monitoring compliance with these standards at the time the code is entered you can avoid errors and reduce the time and cost of debugging and testing activities.

 

Kiuwan K4D for Developers VS Code has been succesfully tested with for JetBrains 2018.*.* version of next products :

  • Intellij IDEA (2017.1 and above)
  • PhpStorm
  • PyCharm
  • Android Studio (3.0.1 and above)

    • VS Code 1.33.1

    For different versions, please contact Kiuwan Technical support.

    CLion (2019.1)

     

     

    ...

    Installation

    ...

     

    Open File >> Settings >> Pugins 

    Image Removed

     

    Click on Browse repositories .. button 

    Image Removed

     

    Click on Manage repositories .. button 

    Image Removed
    Click on + (Add) button and add the Kiuwan Repository URL : 

    ...

    Info

    Previous to installlation, you must download k4d-vscode.vsix from https://www.kiuwan.com/pub/

    ...

    vscode/

    ...

    k4d-vscode.vsix 

     

    Click on Extensions

    Image Added


    Click on More Actions (...) >> Install from VSIX .. 

    Image Added


    Select k4d-vscode.vsix 

    Image Added


    After installing, you will see Kiuwan for Developers extension

    Image Added

    Image Removed
    Affer being added, select the Kiuwan repository just created and click OK button.
    You will see the Kiuwan plugin, select it and click on install.
    Image Removed

    ...


     

    Configuration

    After installation, you need to configure K4D to connect to Kiuwan. Please, remember that you need to have a valid Kiuwan Account.

     

    Go to File >> Preferences >>  Settings 

    Image Added

     

    and select Tools >> Kiuwan >> Connection Settings User Settings >> Extensions >> Kiuwan

    Image Added

     

    ...

     

    ...

    Connection Settings

    ...

    In case you are using a proxy, please configure Proxy configuration .

     

    Image Added

     Image Removed

    The Kiuwan server URL comes preconfigured (leave it with default value).

    • This field only needs to be modified in case you are using Kiuwan On-Premises (KOP). 
    • If you need to modify it (to set your KOP server URL, check Customize kiuan server location )

    Fill in User and Password fields with your Kiuwan account's credentials.

    Image Added

    In case your Kiuwan account is configured to use Single Sign-On (SSO), enter your Domain ID (consult your Kiuwan admin and see How to integrate Kiuwan with SAML SSO)

     Please, Save and check configuration before apply changes.

     

    Mapping your

    ...

    VS Code folder or workspace to your Kiuwan Application

    After K4D is installed, you are ready to map your Idea project VS Code workspace or folder to a Kiuwan application.

    Info

    This action will allow synchronizing defects and vulnerabilities found by Kiuwan to your source code, being ready to work on fixing the issues.

     

    All the following settings can be configured at User level (i.e. they will apply to all folders opened with the user currently logged in the machine), or at Workspace level (i.e. you can configure different values for different folders / workspaces); the later is recommended.



    To map your Idea project VS Code workspace to Kiuwan, open File >>  Settings and select Tools >> Kiuwan >> Remote Application

    A dialog will open with a combo of available applications where you can select the application that matches your project in the Kiuwan account.

     

    Image Removed

     

    Kiuwan Defects List

    Once mapped, you can open Kiuwan Defects List by selecting Tools >> Show Kiuwan Defects

    Kiuwan Defect List window will appear docked to your Idea layout. Double-clicking on a defect will open the file and select the line of the defect.

     

    Image Removed

     

    Also, right-clicking on the defect and selecting Rule information will open a browser with  the documentation of the Kiuwan rule that detected the selected vulnerability.

    Info

    To get access to Rule information, please use same credentials as those configured in Connection Properties.

     

    Refreshing Defects List

    Info

    To be sure you are working on the last list of defects found by Kiuwan, you need to manually refresh the defect list.

    Clicking on  Image Removed icon will update Kiuwan Defects List to the latest contents of Kiuwan servers.

    Configuring the Contents of  Defects List

    Clicking on  Image Removed icon will allow to configure the contents of Kiuwan Defects List.

    Image Removed

     

    Please visit K4D for Eclipse - Server defects list for a full description of available options.

    type your Kiuwan app name at Remote Application: Name

    Image Added

     

    Source of Defects

    Once mapped, you can select the source of the defects that will be shown in VS Code.

    Image Added

     

    Depending on your needs, the source of server defects could be different :
    • Last baseline analysis
      • All the defects found during last complete application analysis (i.e. the Application Baseline)
    • Action plan
      • Defects included within an Action Plan (you must type the plan name f)
    • Audit Delivery
      • Defects that must be fixed so the Audit of a delivery can be successfull (you must type the delivery name)

     

    For Action Plan and Audit Delivery , you can select a range of defects.

    Image Added

    Source of Defects

    Finally, you can define how many defects to download from Kiuwan servers (Defects Limit), as well as filter the set of defects by Characteristics, File Patterns, Language and Priority

    Image Added

     

    Viewing Kiuwan defects in VS Code

     

    Once configured, just click on the Kiuwan icon to see the defects.

     

     

    This 'tree of defects' is structured in two or three levels:

    1. Rule
      • The first level represents 'the rule' which generated the defect
      • If you select it, the bottom section Details will refresh its contents, showing important information about that rule. 
      • You can also right-click on it and select Show rule documentation in Kiuwan and K4D will open a new tab of your system web browser, pointing to Kiuwan, to show you all existing details about the rule. 
    2. Defect
      1. The second level is populated with defects found of the selected rule. 
      • The Details section will now show information that affects only selected defect, and K4D will try and find the reported file and line among your local sources, to open it in a new editor tab. 
    3. Propagation path
      • The last level will show you all the locations of the code crossed by a security vulnerability, so you can track it, and neutralize it.

     

    Image Added 

     

    Support and Troubleshooting 

    If you experience problems with the Kiuwan plugin for IntelliJ IDEA VS Code , you can read Kiuwan Documentation to find a solution, or if you prefer you can collect troubleshooting information and send it to us.

    ...

    Info
    titleSupport Information

    Important information for troubleshooting is scatered across several log and configuration files.

    To make this process easier to you, just go to Settings >> Tools >> Kiuwan >> Support and press the Extract support data button.Choose the folder where you want to save this information, and submit to our technical support team the compressed file generated therefind log file at $USER_HOME/.optimyth/k4d-vscode.log and submit to technical support team

    Visit  Contact Kiuwan Technical Support on how to contact us. We will address your problem as soon as possible.

    ...