You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

 

Kiuwan for Developers (K4D) for Microsoft Visual Studio Codeis a plugin that facilitates and automates compliance with security normatives, quality standards and best practices for several languages.

It provides the following benefits:

  • Security Vulnerabilities Detection - Kiuwan for Developers allows the developers to detect and fix security vulnerabilities such as Injection (SQL, XML, OS, etc), XSS, CSRF, etc. directly integrated within their development IDEs).
  • Adoption of Security and Coding Standards – Ensuring the compliance of standards (CWE, OWASP, CERT-Java/C/C++, SANS-Top25, WASC, PCI-DSS, NIST, MISRA, BIZEC, ISO/IEC 25000 and ISO/IEC 9126) by a development department can be a long and tedious task without the support of some sort of tool that will facilitate and automate this work. This plugin connects with Kiuwan and harness the power of its quality models to prevent errors and automatically standardise the code.
  • Automatic Error Prevention – Coding standards are specific rules for a programming language. By implementing and monitoring compliance with these standards at the time the code is entered you can avoid errors and reduce the time and cost of debugging and testing activities.

 

K4D for VS Code has been succesfully tested with for VS Code 1.33.1

For different versions, please contact Kiuwan Technical support.

 

 

Installation

 

Previous to installlation, you must download k4d-vscode.vsix from https://www.kiuwan.com/pub/vscode/k4d-vscode.vsix 

 

Click on Extensions


Click on More Actions (...) >> Install from VSIX .. 


Select k4d-vscode.vsix 


After installing, you will see Kiuwan for Developers extension

 

Configuration

After installation, you need to configure K4D to connect to Kiuwan. Please, remember that you need to have a valid Kiuwan Account.

 

Go to File >> Preferences >>  Settings 

 

and select User Settings >> Extensions >> Kiuwan

 

Connection Settings

You can find connection settings at  User Settings >> Extensions >> Kiuwan

Please, remember that you need to have a valid Kiuwan Account.

 

The Kiuwan server URL comes preconfigured (leave it with default value).

  • This field only needs to be modified in case you are using Kiuwan On-Premises (KOP). 
  • If you need to modify it (to set your KOP server URL, check Customize kiuan server location )

Fill in User and Password fields with your Kiuwan account's credentials.

 

In case your Kiuwan account is configured to use Single Sign-On (SSO), enter your Domain ID (consult your Kiuwan admin and see How to integrate Kiuwan with SAML SSO)

 

Mapping your VS Code folder or workspace to your Kiuwan Application

After K4D is installed, you are ready to map your VS Code workspace or folder to a Kiuwan application.

This action will allow synchronizing defects and vulnerabilities found by Kiuwan to your source code, being ready to work on fixing the issues.

All the following settings can be configured at User level (i.e. they will apply to all folders opened with the user currently logged in the machine), or at Workspace level (i.e. you can configure different values for different folders / workspaces); the later is recommended.


To map your VS Code workspace to Kiuwan, type your Kiuwan app name at Remote Application: Name

 

Source of Defects

Once mapped, you can select the source of the defects that will be shown in VS Code.

 

Depending on your needs, the source of server defects could be different :
  • Last baseline analysis
    • All the defects found during last complete application analysis (i.e. the Application Baseline)
  • Action plan
    • Defects included within an Action Plan (you must type the plan name f)
  • Audit Delivery
    • Defects that must be fixed so the Audit of a delivery can be successfull (you must type the delivery name)

For Action Plan and Audit Delivery , you can select a range of defects.

Source of Defects

Finally, you can define how many defects to download from Kiuwan servers (Defects Limit), as well as filter the set of defects by Characteristics, File Patterns, Language and Priority

 

Viewing Kiuwan defects in VS Code

 

Once configured, just click on the Kiuwan icon to see the defects.

This 'tree of defects' is structured in two or three levels:

  1. Rule
    • The first level represents 'the rule' which generated the defect
    • If you select it, the bottom section Details will refresh its contents, showing important information about that rule. 
    • You can also right-click on it and select Show rule documentation in Kiuwan and K4D will open a new tab of your system web browser, pointing to Kiuwan, to show you all existing details about the rule. 
  2. Defect
    1. The second level is populated with defects found of the selected rule. 
    • The Details section will now show information that affects only selected defect, and K4D will try and find the reported file and line among your local sources, to open it in a new editor tab. 
  3. Propagation path
    • The last level will show you all the locations of the code crossed by a security vulnerability, so you can track it, and neutralize it.

 

 

Support and Troubleshooting 

If you experience problems with the Kiuwan plugin for VS Code , you can read Kiuwan Documentation to find a solution, or if you prefer you can collect troubleshooting information and send it to us.

 

Support Information

Important information for troubleshooting is scatered across several log and configuration files.

To make this process easier find log file at $USER_HOME/.optimyth/k4d-vscode.log and submit to technical support team. 

Visit  Contact Kiuwan Technical Support on how to contact us. We will address your problem as soon as possible.

 

 

  • No labels