An extension for Visual Studio Code . It integrates many features of RIPS directly into the IDE, such as starting new scans and viewing analysis results. It offers additional features to navigate in the source code for a better user experience when working on security bugs.
This extension can only be used in combination with a local RIPS installation (on-premises) or a SaaS account .
For Visual Studio Code requirements please refer to the download section.
Use the table below to get the extension by hitting right-click → save link as ... on your desired version.
|Version||API Compatibility||Visual Studio Code||Link|
|1.0||>= 3.0.0||>= 1.0.0||RIPS|
Note: On-Premises customers should update RIPS to run the latest and compatible API version.
- Obtain the RIPS extension file from the download section above.
- In VSCode go to View → Extensions → Extra menu (...) → Install from VSIX.
- Browse to the location of the downloaded extension file (.vsix) and select it.
- Reload VSCode and the installation is complete.
After installing the extension, right click on the RIPS Security Analysis extension and set your API and UI URLs. By default this will be set to the RIPS SaaS server.
URL of the RIPS API that should be used for scanning.
|Hide negatively reviewed issues||If you opt-in to this option, issues which are flagged as Fixed, Not exploitable, Not an issue, or Duplicate will not be downloaded by the extension.|
Highlight issues based on their severity directly in the code editor.
|Show Problems||Show issues in the problems window.|
URL of the RIPS user interface that will be used to open issues for more information on found security vulnerabilities.
Using the Visual Studio Code Command Palette you can easily interact with RIPS. Commands starting with RIPS will let you login to your account, start a new scan, and fetch existing results.
Before interacting with RIPS you must login to your RIPS account using your email address and password. You can login using the button in the bottom toolbar or with the Command Palette entry "RIPS: Login".
Start a New Scan
You can start a new scan using the button in the bottom toolbar or with the Command Palette entry "RIPS: Start a new scan". The extension will ask you to input a version name for your new scan, which you can leave empty to choose the current date as a version name. After this, the extension will package your application and upload it to your RIPS installation of choice and add it the scan to the queue. You will then get the results in real time as your application is being scanned by RIPS.
Download Existing Analysis Results
You can fetch an existing scan from RIPS using the button in the bottom toolbar or with the Command Palette entry "RIPS: Fetch Scan".
Note: Source code differences between the currently opened code and the one used for the scan can lead to visualization issues.
You can double-click on the issues shown in the Problems View in order to jump to the sink in your source code.
A right click on an issue presents the following two options:
- Review the issue: This will create a new review of the issue and it won't be annotated in the source code anymore (takes effect after fetching the scan again).
- Open in RIPS: This will open a new browser window directly to this issue in the RIPS user interface.
You will also get an overview of your issues integrated in the Explorer view.
Here you can find more information: