Visual Studio Code

An extension for Visual Studio Code . It integrates many features of RIPS directly into the IDE, such as starting new scans and viewing analysis results. It offers additional features to navigate in the source code for a better user experience when working on security bugs.

Requirements

This extension can only be used in combination with a local RIPS installation (on-premises) or a SaaS account .

For Visual Studio Code requirements please refer to the download section.

Download

Use the table below to get the extension by hitting right-click → save link as ... on your desired version.

VersionAPI CompatibilityVisual Studio CodeLink
1.1.0>= 3.0.0>= 1.0.0RIPS

Note: On-Premises customers should update RIPS to run the latest and compatible API version.

Manual Installation

  1. Obtain the RIPS extension file from the download section above.
  2. In VSCode go to View → Extensions → Extra menu (...) → Install from VSIX.
  3. Browse to the location of the downloaded extension file (.vsix) and select it.
  4. Reload VSCode and the installation is complete.

Configuration

After installing the extension, right click on the RIPS Security Analysis extension and set your API and UI URLs. By default this will be set to the RIPS SaaS server.


OptionDescription
API

URL of the RIPS API that should be used for scanning.
Our SaaS API is available at https://api-3.ripstech.com. This API also works for trial accounts.
For on-premises, make sure to also add the port of your API, for example: http://192.168.201.1:8080

A working connection is required for this plugin to work.

Hide negatively reviewed issuesIf you opt-in to this option, issues which are flagged as Fixed, Not exploitable, Not an issue, or Duplicate will not be downloaded by the extension.
Show Marker

Highlight  issues based on their severity directly in the code editor.

Show ProblemsShow issues in the problems window.
UI

URL of the RIPS user interface that will be used to open issues for more information on found security vulnerabilities.

Commands

Using the Visual Studio Code Command Palette you can easily interact with RIPS. Commands starting with RIPS will let you login to your account, start a new scan, and fetch existing results.

Login

Before interacting with RIPS you must login to your RIPS account using your email address and password. You can login using the button in the bottom toolbar or with the Command Palette entry "RIPS: Login".

Start a New Scan

You can start a new scan using the button in the bottom toolbar or with the Command Palette entry "RIPS: Start a new scan".  The extension will ask you to input a version name for your new scan, which you can leave empty to choose the current date as a version name. After this, the extension will package your application and upload it to your RIPS installation of choice and add it the scan to the queue. You will then get the results in real time as your application is being scanned by RIPS.


Download Existing Analysis Results

You can fetch an existing scan from RIPS using the button in the bottom toolbar or with the Command Palette entry "RIPS: Fetch Scan".

Note: Source code differences between the currently opened code and the one used for the scan can lead to visualization issues.

Issues

You can double-click on the issues shown in the Problems View in order to jump to the sink in your source code.

A right click on an issue presents the following two options:

  • Review the issue: This will create a new review of the issue and it won't be annotated in the source code anymore (takes effect after fetching the scan again).
  • Open in RIPS: This will open a new browser window directly to this issue in the RIPS user interface.

You will also get an overview of your issues integrated in the Explorer view.

Here you can find more information: