ContextQMD
Back to Gitlabhq

Secure your application in GitLab for VS Code

doc/editor_extensions/visual_studio_code/security_scanning.md

18.11.23.5 KB
Original Source

Use the GitLab for VS Code extension to check your application for security vulnerabilities. Review security findings and run static application security testing (SAST) for files directly in your IDE.

View security findings

{{< details >}}

  • Tier: Ultimate
  • Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated

{{< /details >}}

Prerequisites:

  • GitLab for VS Code 3.74.0 or later.
  • A project that includes Security Risk Management features, such as static application security testing (SAST), dynamic application security testing (DAST), container scanning, or dependency scanning.
  • Configured security risk management features.

To view security findings:

  1. In VS Code, in the left sidebar, select GitLab ({{< icon name="tanuki" >}}).
  2. In the current branch section, expand Security scanning.
  3. Select either New findings or Fixed findings.
  4. Select a severity level.
  5. Select a finding to open it in a VS Code tab.

Static application security testing (SAST)

{{< details >}}

  • Tier: Ultimate
  • Offering: GitLab.com
  • Status: Experiment

{{< /details >}}

{{< history >}}

{{< /history >}}

Static application security testing (SAST) in VS Code detects vulnerabilities in the active file. With early detection, you can remediate vulnerabilities before you merge your changes into the default branch.

When you trigger a SAST scan, the content of the active file is passed to GitLab and checked against SAST vulnerability rules. GitLab shows scan results in the GitLab ({{< icon name="tanuki" >}}) extension panel.

<i class="fa-youtube-play" aria-hidden="true"></i> To learn about setting up SAST scanning, see SAST scanning in VS Code on GitLab Unfiltered.

<!-- Video published on 2025-02-10 -->

Enable SAST scanning

To enable real-time SAST scanning:

  1. Select Extensions > GitLab.
  2. Select Manage ({{< icon name="settings" >}}), and then select Settings > Code Security.
  3. Select the Enable Real-time SAST scan checkbox.
  4. Optional. To enable SAST scanning of the active file when you save it, select the Enable scanning on file save checkbox.

Perform SAST scanning

Prerequisites:

To perform SAST scanning of a file in VS Code:

  1. Open the file.
  2. Trigger the SAST scan by either:
    • Saving the file (if you have enabled scanning on file save).
    • In the left sidebar, select GitLab ({{< icon name="tanuki" >}}) > GitLab remote scan (SAST). Then, select the Scan current file button at the top of the section.
    • Using the Command Palette:
      1. Open the Command Palette:
        • For macOS, press <kbd>Command</kbd>+<kbd>Shift</kbd>+<kbd>P</kbd>.
        • For Windows or Linux, press <kbd>Control</kbd>+<kbd>Shift</kbd>+<kbd>P</kbd>.
      2. Search for GitLab: Run Remote Scan (SAST) and press <kbd>Enter</kbd>.
  3. View the results of the SAST scan.
    1. In VS Code, in the left sidebar, select GitLab ({{< icon name="tanuki" >}}).
    2. Expand the GitLab remote scan (SAST) section. The results of the SAST scan are listed in descending order by severity.
    3. Select a finding to review the details.