Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CM-29699 - Update README and CHANGELOG files #62

Merged
merged 1 commit into from
Nov 30, 2023
Merged

CM-29699 - Update README and CHANGELOG files #62

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 15 additions & 4 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,20 @@
# Change Log

All notable changes to the "Сycode" extension will be documented in this file.
## [v1.2.0]

Check [Keep a Changelog](http://keepachangelog.com/) for recommendations on how to structure this file.
- Add Elixir support for SCA

## [Unreleased]
## [v1.0.1]

- Initial release
- Mark SCA as beta
- Remove "play" (start scan) button from filename and violation items in the tree view

## [v1.0.0]

The first stable release with the support of Secrets, SCA, TreeView, Violation Card, and more.

[v1.2.0]: https://github.com/cycodehq/vscode-extension/releases/tag/v1.2.0

[v1.0.1]: https://github.com/cycodehq/vscode-extension/releases/tag/v1.0.1

[v1.0.0]: https://github.com/cycodehq/vscode-extension/releases/tag/v1.0.0
149 changes: 102 additions & 47 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,60 +1,115 @@
# Cycode VSCode Extension

The Cycode VSCode Extension is a plugin for Microsoft's Visual Studio Code (VSCode) editor that provides a set of tools and features to enhance the development experience for users working with the Cycode platform.

# Features

Cycode VS Code Extension scans your code for exposed secrets, passwords, tokens, keys, and other credentials.

The Cycode VSCode Extension includes the following features:

- Cycode CLI: The extension includes a built-in Cycode command-line interface (CLI) that allows users to interact with the Cycode platform directly from the VSCode editor.
- Error Highlighting: The extension provides syntax highlighting for Cycode-specific code and configuration files, making it easy for users to identify and work with these files in their projects.

# Installation

To install the Cycode VSCode Extension, follow these steps:

1. Open the VSCode editor.

2. Click on the "Extensions" icon on the left-hand sidebar.

3. Search for "Cycode" in the search bar.

4. Click on the "Install" button next to the Cycode extension.

# Cycode VS Code Extension

The Cycode VS Code Extension is a plugin for Microsoft's Visual Studio Code (VS Code) that helps users to adopt a
shift-left strategy, by enabling code scanning early in the development lifecycle, which could significantly help
businesses avoid costly repairs and potential complications down the line.

## Features

Cycode VS Code Extension scans your code for exposed secrets, passwords, tokens, keys, and other credentials, as well as
open-source packages' vulnerabilities. The extension provides functionalities such as:

- A tree view, breakdown by:
- Scanning categories: Hardcoded Secrets, Open-source Threats (SCA), Code Security (SAST), and Infrastructure as
Code.
- Files
- Cycode console features a "View Problem" card that enables in-depth violation analysis with remediation
recommendations.
- Running a new scan from your IDE even before committing the code.
- Triggering a scan automatically whenever a file is saved.
- Highlighting vulnerable code in the editor - syntax highlighting for Cycode-specific code and configuration files,
making it easy for users to identify and work with these files in their projects.
- Removing a detected secret or ignoring it by secret value, rule (type) or by path.
- Upgrading and fixing vulnerable packages following Cycode's remediation guidelines.

## Installation

To install the Cycode VS Code Extension, follow these steps:

1. Open the editor.
2. Navigate to the Extensions Section:
3. Search for "Cycode" in the search bar:
4. Click on the "Install" button next to the Cycode plugin.
5. Wait for the installation to complete.
6. Restart the editor.

6. Reload the VSCode editor.
## Authentication

# Authentication

To install the Cycode VSCode Extension, follow these steps:

1. Open the VSCode editor.
To install the Cycode VS Code Extension, follow these steps:

1. Open the editor.
2. Click on the Cycode icon in the left-hand sidebar.

3. Click on the "Authenticate" button.

# Usage
## Configuring the Plugin

To use the Cycode VSCode Extension, follow these steps:
To configure the plugin go to the extension settings to change the default settings:

1. Open the VSCode editor.
1. In the Additional Parameters field, you can submit additional CLI parameters, such as `--verbose` mode for debugging
purposes.
2. Use the API URL field to change the base URL (on-premises Cycode customers see this explanation).
3. Use the APP URL if the web URL needs to be changed.
4. Use CLI PATH to set the path to the Cycode CLI executable. In cases where the CLI can't be downloaded due to your
network configuration (for example, due to firewall rules), use this option.
5. Clear the Scan on Save option to prevent Cycode from scanning your code every time you save your work. Instead, use
the Scan on-Demand option.
6. In the SCA Scan On Open field, specify whether to perform a scan when a project opened.

2. Open a project that uses the Cycode platform.

3. Open a file to scan.
Note: If the "Scan on Save File" option is enabled in the extension settings, Cycode will scan the file in focus (
including manifest files, such as `package.json` and `dockerfile`) for hardcoded secrets. Package vulnerabilities (SCA)
will only be scanned by Cycode if the file in focus is a manifest file (then the different scan types will run
simultaneously).

4. Press `Ctrl+S` or `Cmd+S` on Mac to save a file.
## Usage

A scan will automatically be triggered.
To use the Cycode VS Code extension, follow these steps:

# Support

If you encounter any issues or have any questions about the Cycode VSCode Extension, please reach out to the Cycode support team at [email protected].

# License

The Cycode VSCode Extension is released under the MIT license. See the LICENSE file for more details.
1. Open the editor.
2. Open a project that uses the Cycode platform.
3. Open a file to scan.
4. Press Ctrl+S or Cmd+S on Mac to save a file → A scan will automatically be triggered.
- If the "Scan on Save File" option is enabled in the plugin settings, Cycode will scan the file in focus (including
manifest files, such as package.json and dockerfile) for hardcoded secrets. Package vulnerabilities (SCA) will
only be scanned by Cycode if the file in focus is a manifest file.
- Also applies for auto-save.
5. Wait for the scan to complete and to display a success message.
6. Run on-demand scans: In the tree view, locate the desired file and click the Play button to run the scan.

## Viewing Scan Results

1. The scan displays a list of security vulnerabilities and code issues found in the application code. The results are
displayed in a tree view that's broken down according to the type scan: Hardcoded Secrets, Open-source Threats (SCA),
Code Security (SAST), and Infrastructure as Code.
2. Under each category you'll see vulnerabilities grouped by file (per category).
3. You can also see the summary of the total number of vulnerabilities found in each file as well as a breakdown by
severity.
4. Expanding the file displays the vulnerabilities sorted by vulnerability severity (with critical at the top).
5. Selecting a line in the results displays the line in the code file (see middle pane).

## Handling SCA Vulnerabilities

1. For SCA only, selecting a line also opens a Cycode console in the right pane that details the SCA vulnerability in
depth.
2. The console includes details such as the package name, version, and a remediation recommendation, such as the first
patched version with the vulnerability fixed.

## Handling Detected Secrets

1. Once the scan completes (either on save or on-demand), you’ll then see the violation(s) highlighted in your main
window.
2. Hover over the violation to see the violation summary.
3. To view the details of the violation, select it in the list.
4. Next, choose how to address the detected violation(s) by selecting the Quick Fix button.
5. If the violation is a secret, you can choose to ignore it - either by secret value, secret rule (i.e. secret type) or
the specific file. Note that Ignore occurs locally on the developer’s machine.
6. Go back to viewing the problem in the main window by clicking View problem.
7. You can also view a summary of all the problems by selecting the Problems tab.

## Support

If you encounter any issues or have any questions about the Cycode VS Code Extension, please reach out to the Cycode
support team at [email protected].

## License

The Cycode VS Code Extension is released under the MIT license. See the LICENSE file for more details.