Versions Compared

Old Version 6

changes.mady.by.user Kiuwan Editor User

Saved on

compared with

New Version 7

changes.mady.by.user Kiuwan Editor User

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Kiuwan for Developers (K4D) for Microsoft Visual Studio Code is a plugin that facilitates and automates compliance with security normatives, quality standards and best practices for several languages.

It provides the following benefits:

  • Security Vulnerabilities Detection - Kiuwan for Developers allows the developers to detect and fix security vulnerabilities such as Injection (SQL, XML, OS, etc), XSS, CSRF, etc. directly integrated within their development IDEs).
  • Adoption of Security and Coding Standards – Ensuring the compliance of standards (CWE, OWASP, CERT-Java/C/C++, SANS-Top25, WASC, PCI-DSS, NIST, MISRA, BIZEC, ISO/IEC 25000 and ISO/IEC 9126) by a development department can be a long and tedious task without the support of some sort of tool that will facilitate and automate this work. This plugin connects with Kiuwan and harness the power of its quality models to prevent errors and automatically standardise the code.
  • Automatic Error Prevention – Coding standards are specific rules for a programming language. By implementing and monitoring compliance with these standards at the time the code is entered you can avoid errors and reduce the time and cost of debugging and testing activities.

 

K4D for VS Code has been succesfully tested with for VS Code 1.33.1

For different versions, please contact Kiuwan Technical support.

 

...


To map your VS Code workspace to Kiuwan, type your Kiuwan app name at Remote Application: Name

Leaving it blank, you can use K4D: Pick Remote Application to select the app.

See  

Source of Defects

Once mapped, you can select the source of the defects that will be shown in VS Code.

...

  • Last baseline analysis
    • All the defects found during last complete application analysis (i.e. the Application Baseline)
  • Action plan
    • Defects included within an Action Plan (you must type the plan name f)
  • Audit Delivery
    • Defects that must be fixed so the Audit of a delivery can be successfull (you must type the delivery name)
  • Delivery
    • Defects found for the delivery analysis of the mapped application

For Action Plan Audit Delivery and Audit Delivery , you can select a range of defects.

...

Finally, you can limit how many defects to download from Kiuwan servers (Defects Limit), as well as filter the resulting set of defects by Characteristics, File Patterns, Language and Priority

 

 

VS Code commands

Folows a list of Kiuwan VS Code commands you can use

Image Added

 

 

Viewing Kiuwan defects in VS Code

...

  1. Rule
    • The first level represents 'the rule' which generated the defect
    • If you select it, the bottom section Details will refresh its contents, showing important information about that rule. 
    • You can also right-click on it and select Show rule documentation in Kiuwan and K4D will open a new tab of your system web browser, pointing to Kiuwan, to show you all existing details about the rule. 
  2. Defect
    • The second level is populated with defects found of the selected rule. 
    • The Details section will now show information that affects only selected defect, and K4D will try and find the reported file and line among your local sources, to open it in a new editor tab. 
  3. Propagation path
    • The last level will show you all the locations of the code crossed by a security vulnerability, so you can track it, and neutralize it.

...

Info
titleSupport Information

Important information for troubleshooting is scatered across several log and configuration fileslocated at log file.

To make this process easier find log file at $USER_HOME/.optimyth/k4d-vscode.log and submit to technical support team. 

Visit  Contact Kiuwan Technical Support on how to contact us. We will address your problem as soon as possible.

...