Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

This section will show you how to integrate the Kiuwan IDE Plug-In into Visual Studio Code. 

Info

The Kiuwan

...

IDE Plug-In for Visual Studio Code is

...

It provides the following benefits:

  • Security Vulnerabilities Management- Kiuwan for Developers allows developers to access and fix security vulnerabilities such as Injection (SQL, XML, OS, etc), XSS, CSRF, etc., found by Kiuwan scans, right on their development IDEs.
  • Adoption of Security and Coding Standards – Ensuring the compliance of standards (CWE, OWASP, CERT-Java/C/C++, SANS-Top25, WASC, PCI-DSS, NIST, MISRA, BIZEC, ISO/IEC 25000 and ISO/IEC 9126) by a development department can be a long and tedious task without the support of some sort of tool that will facilitate and automate this work. This plugin connects with Kiuwan and harness the power of its security models and audits to enforce security standards and policies.
  • Full vulnerabilities documentation – Developers have access, right on their IDEs, to the full Kiuwan vulnerabilities documentation of any of the displayed vulnerabilities listed for the specific projects. This includes code samples on how to fix them in the same language of the project.

 

...

only available in Viewer Mode.

It has been successfully tested with VS Code 1.33.1

For different versions, please contact Kiuwan Technical support.

 

 

Installation

 

...

Contents

Table of Contents

Excerpt Include
Kiuwan for Developers
Kiuwan for Developers
nopaneltrue

Installation

Info

Before starting the installation, you must download k4d-vscode.vsix from https://www.kiuwan.com/pub/vscode/k4d-vscode.vsix 

 

  1. Click on Extensions

...

  1. Image Added

  2. Click on More Actions (...) >> Install from VSIX

...


...

  1. Image Added

  2. Select k4d-vscode.

...

  1. vsix

...

  1. Image Added

  2. After

...

  1. the installation, you will see the Kiuwan for Developers extension.

...

  1. Image Added

 

Configuration

After installation, you need to configure

...

the Kiuwan IDE Plug-In to connect to Kiuwan. Please

...

remember that you need to have a valid Kiuwan Account.

 

  1. Go to File

...

  1. > Preferences

...

  1. Settings 

...

  1. Image Added

 


  1. and select User Settings

...

  1. > Extensions

...

  1. > Kiuwan

...

  1. Image Added

 

Connection Settings

You can find the connection settings at User Settings

...

> Extensions

...

> Kiuwan

Please

...

remember that you need to have a valid Kiuwan Account.

Image Modified

 

The Kiuwan server URL comes preconfigured (leave it with default value).

  • This field only needs to be modified in case you are using Kiuwan On-Premises (KOP). 
  • If you need to modify it (to set your KOP server URL, check Customize

...

  • Kiuwan Server location)

Fill in the User and Password fields with your Kiuwan account

...

credentials.

 

Image Removed

...

Image Added

If your Kiuwan account is configured to use Single Sign-On (SSO), enter your Domain ID (consult your Kiuwan admin and see How to integrate Kiuwan with SAML SSO)

 

To check the connection, you can use K4D: Check Connection With Current Settings to select the delivery. See Kiuwan VS Code commands 

 

Mapping your VS Code folder or workspace to your Kiuwan Application

After

...

the Kiuwan IDE Plug-In is installed, you are ready to map your VS Code workspace or folder to a Kiuwan application.

Info
This action will allow synchronizing defects and vulnerabilities found by Kiuwan

...

in your source code,

...

getting them ready for fixing.

All the following settings can be configured at User level (i.e. they will apply to all folders opened with the user currently logged in the machine), or at Workspace level (i.e. you can configure different values for different folders/workspaces); the later is recommended.


To map your VS Code workspace to Kiuwan, type your Kiuwan app name at Remote Application: Name

...

Image Added

Leaving it blank, you can use K4D: Pick Remote Application to select the app.

See Kiuwan VS Code commands 

 

Source of Defects

Once mapped, you can select the source of the defects that will be shown in VS Code.

...

Image Added

 

Depending on your needs, the source of server defects could be different:
  • Last baseline analysis
    • All the defects found during last complete application analysis (i.e. the

...

    • Application Baseline)
  • Action plan
    • Defects included within

...

    • an Action Plan (you must type the plan name)
    • Leaving it blank, you can use K4D: Pick Action Plan to select the action plan. See Kiuwan VS Code commands 
  • Audit Delivery
    • Defects that must be fixed so

...

    • the Audit of a delivery can be successfull (you must type the delivery name)
    • Leaving it blank, you can use K4D: Pick Audit Delivery to select the delivery. See Kiuwan VS Code commands 

  • Delivery
    • Defects found for the delivery analysis of the mapped application
    • Leaving it blank, you can use K4D: Pick Delivery to select the delivery. See Kiuwan VS Code commands 

For Audit Delivery and Delivery , you can select a range of defects.

...

Image Added

 

Limiting and filtering Defects

Finally, you can limit how many defects to download from Kiuwan servers (Defects Limit), as well as filter the resulting set of defects by Characteristics, File Patterns, Language and Priority

...

Image Added

 

 

VS Code commands

...

Select Command Palette..

Image Modified

 

...

to use the following list of Kiuwan VS Code commands 

Image Modified

 

For example, if you select Delivery as the source for defects, you can select the right delivery by running K4D: Pick Delivery and selecting among the available ones.

Image Removed

 

Viewing Kiuwan defects in VS Code

Once configured, just click on the Kiuwan icon to see the defects.

This 'tree of defects' is structured in two or three levels:

  1. Rule
    • The first level represents 'the rule' which generated the defect
    • If you select it, the bottom section Details will refresh its contents, showing important information about that rule. 
    • You can also right-click on it and select Show rule documentation in Kiuwan and K4D will open a new tab of your system web browser, pointing to Kiuwan, to show you all existing details about the rule. 
  2. Defect
    • The second level is populated with defects found of the selected rule. 
    • The Details section will now show information that affects only selected defect, and K4D will try and find the reported file and line among your local sources, to open it in a new editor tab. 
  3. Propagation path
    • The last level will show you all the locations of the code crossed by a security vulnerability, so you can track it, and neutralize it.

 

...

Image Added

 

Support and Troubleshooting 

If you experience problems with the Kiuwan plugin for VS Code,

...

read the Kiuwan Documentation to find a solution, or if you prefer you can collect troubleshooting information and send it to us.

 

Info
titleSupport Information

Important information for troubleshooting is located

...

in the log file.

To make this process easier find log file at $USER_HOME/.optimyth/k4d-vscode.log and submit to technical support team. 

Visit  Contact Kiuwan Technical Support on how to contact us. We will address your problem as soon as possible.