preZero extension for VS Code
The Qwiet preZero extension for Visual Studio Code allows you to run a pre-commit check to identify secrets in your code and analyze your application for security vulnerabilities.
Language support and requirements
Qwiet preZero for VS Code currently:
- Supports the analysis of C#, Java, JavaScript/TypeScript, and Python applications;
- Requires the use of a workstation running Linux, macOS (with non-M1 processors), or Windows.
Dependencies
Before proceeding with this extension, ensure that your workstation meets the prerequisites for using Qwiet preZero.
The extension will automatically download and install the latest version of the Qwiet CLI for you. This will not affect the system version of the Qwiet CLI (if you have it installed); these two versions will be maintained in parallel.
Ensure that you've added
slandnodeorpythonto your systemPATHvariable.
Installation
To install Qwiet preZero for VS Code, obtain the extension by downloading it from the VS Code Marketplace.
Alternatively, you can download it from VS Code by opening the Extensions pane, searching for Qwiet preZero, and clicking Install.
Usage
Step 1: Authenticate your machine
The Qwiet preZero for VS Code extension will leverage the information contained in your local Qwiet configuration file (created when you installed the Qwiet CLI) to authenticate your machine.
To authenticate your newly installed extension:
-
Click the Connect to Qwiet preZero icon in your left-hand navigation bar to begin the process of authenticating with Qwiet.
-
Log into Qwiet AI when prompted (if necessary, create an account first).
-
Return to VS Code and verify that your organization and user information are displayed in the topmost window of the left navigation bar.
Step 2: Open your project
-
In VS Code, open the project you want scanned by Qwiet.
-
Click the Qwiet preZero icon in the left-hand navigation bar to launch the extension.
-
If prompted, authenticate with Qwiet (if you're already authenticated, you'll see your User Profile information displayed instead).
Step 3: Access the extension's functionality via the command palette
You can find all of the Qwiet extension's functionality under the Command Palette (open using Command + Shift + P for macOS or Control + Shift + P for Linux/Windows):
| Option | Description |
|---|---|
| Analyze | Analyze your project |
| Connect | Connect your extension with your Qwiet account and organization |
| Contact Support | Launch your email client to contact Qwiet Support |
| Fetch Latest Scan Results | Get latest scan results |
| Focus on Assigned to Me View | Bring the Assigned to Me view into focus |
| Focus on Help & Support View | Bring the Help & Support view into focus |
| Focus on OSS Vulnerabilities View | Bring the OSS Vulnerabilities view into focus |
| Focus on Project Configuration View | Bring the Focus on Project Configuration view into focus |
| Focus on Secrets View | Bring the Secrets view into focus |
| Focus on User Profile View | Bring the User Profile view into focus |
| Focus on Vulnerabilities View | Bring the Vulnerabilities view into focus |
| Open Documentation | Open the documentation for the extension in a new browser window |
| Open Project Configuration | Open the project configuration/settings page |
| Pre Commit Check | Identify secrets present in your project |
| View: Show Qwiet preZero | Brings the extension-related windows into focus |
Example: Run the pre-commit check for secrets
To run the pre-commit check that scans your project for secrets (passwords, API access keys, and other credentials that should not be publically exposed) that you may inadvertently commit to your repository:
-
Open the project you're interested in scanning.
-
Open the Command Palette (use Command + Shift + P for macOS or Control + Shift + P for Linux/Windows), search for Qwiet preZero: Pre Commit Check, and select this option to begin the analysis.
-
Your results will appear under Problems. If you don't see this, open it with either Command + Shift + M (macOS) or Control + Shift + M (Linux/Windows).
-
To see where the secret appears, click on the result to go to the specific code location.
Example: Analyze your application
To scan your application for security vulnerabilities:
-
Open the project that you're interested in scanning.
-
Open the Command Palette (use Command + Shift + P for macOS or Control + Shift + P for Linux/Windows), search for Qwiet preZero: Analyze, and select this option to begin the analysis. You can see the scan status by launching Output and selecting Qwiet preZero: Server Output Channel in the drop-down menu to the right. If you don't see the Output window, launch it using either Command + Shift + U (macOS) or Control + Shift + U (Linux/Windows).
-
View your results under Problems when the scan is complete. If you don't see this, open it with either Command + Shift + M (macOS) or Control + Shift + M (Linux/Windows).
-
To see where a specific issue is in your code, click the item in your results; Qwiet will open the file and highlight where the issue you selected is located.
Configuration
You can configure your extension and update your settings by going to Preferences > Settings > Extensions > Qwiet preZero.
Help
Contact the Qwiet Customer Success Team for assistance.