This section will show you how to integrate the Kiuwan Visual Studio Extension (Kiuwan IDE Plug-In) into Microsoft Visual Studio.
Kiuwan IDE Plug-In
Kiuwan allows for a true shift-left approach by integrating with all the main IDEs.
Kiuwan for Developers is a plug-in for development IDEs that facilitates and automates compliance with security normatives, quality standards and best practices for several languages.
It provides the following benefits:
- Security Vulnerabilities Detection - The plug-in allows developers to detect and fix security vulnerabilities, such as Injection (SQL, XML, OS, etc), XSS, CSRF, etc., directly within their development IDEs.
- Adoption of Security and Coding Standards - The plug-in helps to ensure compliance to standards (CWE, OWASP, CERT-Java/C/C++, SANS-Top25, WASC, PCI-DSS, NIST, MISRA, BIZEC, ISO/IEC 25000 and ISO/IEC 9126) by automating the work. This plug-in connects with Kiuwan and harnesses the power of its quality models to prevent errors and automatically standardize the code.
- Automatic Error Prevention - The plug-in implements and monitors compliance to coding standards at the time the code is entered. Thus you can avoid errors and reduce the time and cost of debugging and testing activities.
The Kiuwan IDE Plug-in monitors and reports on the security, quality, and efficiency of your code at the point that it is written. This immediate feedback provides you with the opportunity to improve your code before it is delivered.
First, configure the Kiuwan Gallery to download the Kiuwan VS Extension from Kiuwan.
- In Visual Studio, go to Tools > Options
- Open Environment >> Extension and Updates and Add a new one with URL: https://www.kiuwan.com/pub/vsgallery/atom.xml
- After Apply and OK, go to Tools > Extensions and Updates..
- Select Online > Kiuwan Gallery
- Click Download. Then, you need to close Visual Studio to finish the installation.
- Click Modify and the Kiuwan Extension is downloaded and installed.
Connect to Kiuwan
After installation, you need to configure the Kiuwan Extension to connect to Kiuwan. Please, remember that you need to have a valid Kiuwan Account.
Go to Tools > Options and select Kiuwan for Visual Studio > Connection properties
If you are using a proxy, please configure Proxy Settings.
Map your VS Project to Kiuwan Application
After the installation, you are ready to map your VS project to a Kiuwan application.
To map your VS project to Kiuwan, right-click on your project and select Kiuwan Project Properties.
A dialog will open with a combination of available applications where you can select the application that matches your project in the Kiuwan account.
Kiuwan Defects List
Once mapped, go to View > Other Windows > Kiuwan Defects Window to open the Kiuwan Defects List.
You can also open the Kiuwan Defects List by clicking on the Kiuwan icon in the Solution Explorer toolbar
The Kiuwan Defect List window will appear docked to your VS layout. Double-clicking on a defect will open the file and highlight the line of the defect.
In case the selected defect is a injection vulnerability, you can see the Propagation Path at the Properties tab
Right-click on a defect for two options:
- Mark the defect as reviewed
- Open a browser window to see information about the rule (please use the same credentials as those configured in Connection Properties).
Refreshing Defects List
To be sure you are working on the latest list of defects found by Kiuwan, you need to manually refresh the defect list.Click the icon to update the Kiuwan Defects List to the latest content of the Kiuwan servers.
Configuring the Contents of Defects List
Click the icon to configure the Contents of Kiuwan Defects List.
Configuring the Filters of Defects List
Click the icon to configure Filters in the Kiuwan Defect List.
Support and Troubleshooting
If you experience problems with the Kiuwan extension for Visual Studio, you can read the Kiuwan Documentation to find a solution, or if you prefer you can collect troubleshooting information and send it to us. Visit Contact Kiuwan Technical Support to learn how to contact us. We will address your problem as soon as possible.
- No labels