Microsoft Visual Studio Code Integration

Visual Studio Code Extension


CodeSonar integrates with the most popular Integrated Development Environments (IDE) on the market including Microsoft Visual Studio Code. These integrations shift left security and quality improvement by bringing the power of SAST and advanced static analysis directly to the developer. 

  • CodeSonar exports its code warnings into a SARIF format as a json file that is readable by Visual Studio Code.
  • as you would any other error or warning. These errors are displayed in the code view and in the warning panels typically below the code view. Clicking on the warnings in any location brings you a new panel that provides more details on the error plus access to other parts of CodeSonar.
  • The trace of the error is navigable within the CodeSonar panel and back to the code view. This greatly simplifies the analysis to determine the veracity of the warning.

CodeSonar has a lightweight yet highly functional interface with VS Code using SARIF as the exchange format. CodeSonar exports its code warnings into SARIF format which is imported into Visual Studio Code. At this point, developers can view static analysis warnings in the Problems pane. These warnings are investigated in the same manner as compilation warnings. The root cause of a warning is determined by reviewing the CodeSonar annotations. It’s also possible to explore results via SARIF Explorer to get a larger picture of where problems reside in the code.

Download Extension

Watch how to use CodeSonar with Visual Studio Code

Watch video

Book a Demo

We’re ready to help you integrate SAST and BCA security into your DevSecOps flow. Get a personally guided tour of our solution offerings to ensure you are receiving the right solution for your development team. 

book now