The Cycode Visual Studio Extension is an extension for versions 2015, 2017, 2019, and 2022 that helps users to adopt a shift-left strategy, by enabling code scanning early in the development lifecycle, which could significantly help businesses avoid costly repairs and potential complications down the line.
Cycode Visual Studio Extension scans your code for the following:
- Exposed secrets, passwords, tokens, keys, and other credentials.
- More Cycode platform features coming soon!
You can install the extension directly from the IDE. Go to:
Extensions > Manage Extensions
In the search enter "Cycode" and click Install.
Alternatively, you can install the extension from the extension page: Visual Studio 2015-2019, Visual Studio 2022.
After installation, you can go to Extensions > Cycode > Open Tool Window or View > Other Windows > Cycode.
Note: On older versions this might be on the top menu bar.
The extension will then download the latest version of the Cycode CLI and installation will be complete.
To authenticate the Cycode Visual Studio Extension, follow these steps:
- Open the editor.
- Open the extension window Extensions > Cycode > Open Tool Window
- Click on the "Authenticate" button.
- The scan displays a list of hardcoded secrets found in the application code.
- Once the scan completes (either on-save or on-demand), you’ll then see the violation(s) presented in the "Error List" window.
- To view the details of the violation, double click it in the list.
- Next, choose how to address the detected violation(s).
To configure the extension, go to the extension settings to change the default settings:
- In the Additional Parameters field, you can submit additional CLI parameters, such as
--verbosemode for debugging purposes. - Use the API URL and APP URL fields to change the base URLs:
- On-premises Cycode customers should ask their admin for the relevant base URLs.
- For EU tenants, you'll need to adjust the API and APP URLs to include the EU tag:
- API URL:
https://api.eu.cycode.com - APP URL:
https://app.eu.cycode.com
- API URL:
- Use CLI PATH to set the path to the Cycode CLI executable. In cases where the CLI can't be downloaded due to your network configuration (for example, due to firewall rules), use this option.
- Uncheck the Scan-on-Save option to prevent Cycode from scanning your code every time you save your work. Instead, use the Scan-on-Demand option.
Note: If the "Scan on Save" option is enabled in the extension settings, Cycode will scan the file in focus (including manifest files, such as package.json and dockerfile) for hardcoded secrets.
To use the Cycode Visual Studio Extension, follow these steps:
- Open the editor.
- Open a project that uses the Cycode platform.
- Open a file to scan.
- Press Ctrl+S to save a file → A scan will automatically be triggered.
- If the "Scan on Save" option is enabled in the extension settings, Cycode will scan the file in focus (including manifest files, such as package.json and dockerfile) for hardcoded secrets.
- Also applies for auto-save.
- Wait for the scan to complete and to display a success message.
If you encounter any issues or have any questions about the Cycode Visual Studio Extension, please reach out to the Cycode support team at [email protected].
The Cycode Visual Studio Extension is released under the MIT license. See the LICENSE file for more details.