Installing CodeScan for VS Code
  • 02 Feb 2023
  • 3 Minutes to read
  • Contributors
  • Dark

Installing CodeScan for VS Code

  • Dark

The CodeScan VS Code plugin provides on-the-fly feedback to developers on bugs and quality issues, it is a fully-integrated user experience in VS Code.


You will need:

  • JDK 11
  • Latest available Node.js LTS version (v16 as of today)
  • For Self Hosted:
    • A working SonarQube™ (7.9+) installation
    • A licensed version of CodeScan (4.3+) plugin to get started (SEE HERE).
  • For CodeScan Cloud:
    • A CodeScan Cloud account (with valid enterprise or trial license)
  • A recent version of VS Code installed (v1.12 or above)

Codescan plugin is designed to work with a single VS Code window at a time. Using Codescan plugin with multiple VS Code windows open may give unexpected results.

  • If you are working with Salesforce code, you will need the Salesforce Extensions for VS Code or at least the Apex and Visualforce plugins.
  • The plugin is derived from SonarLint™.

Please be aware that currently the CodeScan and VS Code Plugin will not work along with the SonarLint™ installation or the Apex PMD Plugin. So you must uninstall SonarLint™ as well as Apex PMD plugins first.


  1. In VS Code, go to the Marketplace and download CodeScan.

  2. Restart the VS Code.

  3. Press Ctrl + Shift + P and search for Settings and select Open User Settings (JSON)

  4. Copy and paste the following boilerplate to get started.

"codescan.servers": [
            "serverId": "**************",
            "organizationKey": "**************",
            "serverUrl": "**************",
            "token": "**************"

    "codescan.project": {
        "serverId": "**************",
        "projectKey": "**************"
  1. Edit the following in the codescan.servers section.

  2. For CodeScan Cloud:

    1. Add your CodeScan organization key in the organizationKey parameter. If you are using CodeScan Self Hosted, please enter default-organization.
    2. Add your security token
    3. Add serverUrl as
      • for US region
      • for EU region
      • for AUS region.
    4. Add serverId with a value you will remember.
  3. For Self-Hosted CodeScan:

    1. Add token with a token generated in SonarQube™.
    2. Add serverUrl as your SonarQube™ server URL (Default is http://localhost:9000).
    3. Add serverId with a value you will remember.
  4. Edit the following in codescan.project:

    1. Add projectKey with the key of the project you would like to use the settings from.
    2. Add serverId with the server Id you used when editing your codescan.servers settings.
  5. Now hit Ctrl+Shift+P (Windows/Linux) or Shift+Command+P(Mac) to open the Command Palette.

  6. Type in CodeScan to bring up the CodeScan commands and run Update CodeScan binding to SonarQube/CodeScan Cloud. If any changes are made on the SonarQube™ server you should repeat this step.

  7. Open a file, you should see the issues in your code underlined.

VS Code behind a proxy

VS Code extensions can be difficult to use behind a proxy.

To point CodeScan at the correct proxy, all it takes is a single environment variable for your system.

The environment variable is: JAVA_TOOL_OPTIONS

The value should be:

-Dhttp.proxyHost=[YOUR_PROXY_HOST] -Dhttp.proxyPort=[YOUR_PROXY_PORT]

-Dhttps.proxyHost=[YOUR_PROXY_HOST] -Dhttps.proxyPort=[YOUR_PROXY_PORT]


If the proxy has a username and password you can provide those in the -Dhttps.proxyUser=your_username and -Dhttps.proxyPassword=your_password parameters.

Self Signed Certificates

If you are connecting to a server with self signed certificates you will need to specify them for your Java and Node installations.

For your Java installation, you can find the documentation here.

For your Node installation, please add the environment variable NODEEXTRACA_CERTS with the path to your certificate file as a value.
Example: /usr/local/share/ca-certificates/YOUR_CERT.crt


Some useful debugging information is available under the Output window under the ‘CodeScan’ tab.

CodeScan should automatically find the JRE installed on your computer. If you are having trouble you can specify the path using variable in your VS Code Settings.

If Apex PMD plugin is installed alongside Codescan plugin, one or more of the following issues may occur:

  • Codescan is not listed in the dropdown in Output Tab of VS Code terminal
  • Inconsistency in the number of issues for a file on saving the file
  • Problems for a specific file are displayed even when the file is closed

All these issues can be resolved by uninstalling Apex PMD plugin and restarting IDE, and then updating the Binding to Codescan Cloud.

You can check for any serious errors by going to Help > Toggle Developer Tools to bring up the console.

You can also contact us at the CodeScan Support Page. Feel free to ask questions, report issues, and give suggestions.

Was this article helpful?