CodeSonar – Microsoft Visual Studio Code Integration
CodeSecure CodeSonar Integration with Microsoft Visual Studio Code.
Direct to Your Desktop
CodeSonar integrates with the most popular Integrated Development Environments (IDE) on the market including Microsoft Visual Studio Code. These integrations shift left security and quality improvement by bringing the power of SAST and advanced static analysis directly to the developer.
- CodeSonar exports its code warnings into a SARIF format as a json file that is readable by Visual Studio Code.
- as you would any other error or warning. These errors are displayed in the code view and in the warning panels typically below the code view. Clicking on the warnings in any location brings you a new panel that provides more details on the error plus access to other parts of CodeSonar.
- The trace of the error is navigable within the CodeSonar panel and back to the code view. This greatly simplifies the analysis to determine the veracity of the warning.
CodeSonar Integration with Microsoft Visual Studio Code
CodeSonar has a lightweight yet highly functional interface with VS Code using SARIF as the exchange format. CodeSonar exports its code warnings into SARIF format which is imported into Visual Studio Code. At this point, developers can view static analysis warnings in the Problems pane. These warnings are investigated in the same manner as compilation warnings. The root cause of a warning is determined by reviewing the CodeSonar annotations. It’s also possible to explore results via SARIF Explorer to get a larger picture of where problems reside in the code.