Installing CodeScan for Cursor
Learning Objectives:
After completing this unit, you'll be able to:
Getting Started with VS Code
The CodeScan Cursor extension provides immediate feedback to developers on bugs and quality issues; it is a fully integrated user experience in Cursor.
Prerequisites
Make sure you:
Install the latest Cursor version.
Have a CodeScan Cloud account:
Have a valid enterprise license (or a cloud trial version—trial not available with self-hosted)
For CodeScan Self Hosted:
Have a working SonarQube™ 9.9+ LTA server
Have a licensed version (no trial available) of the latest CodeScan plugin to get started (more info).
In the CodeScan UI, ensure the user has permissions to execute the analysis; otherwise, a 'license not set' error will occur.
Download the CodeScan extension from the marketplace
Download the Salesforce Extension pack from the marketplace if you are working with Salesforce code or, at a minimum, the Visualforce plugins.
Install JDK version 17 or above.
Install Java Runtime (JRE) 17 version or later.
Install the Node.js 20 LTS version.
Uninstall the Apex PMD and SonarLint™ plugins. The CodeScan and VS Code plugin will not work with SonarLint™ or Apex PMD installed.
Version 2.0.0 requires Java Runtime (JRE) / JDK versions 17 or later. Prior CS versions will still work with older JRE / JDK versions 11.
Note: CodeScan plugin is designed to work with a single VS Code window at a time. Using the CodeScan plugin while having multiple VS Code windows open may give unexpected results.
Installing the Extension
Follow the installation instructions for the CodeScan extension and bind the extension to your CodeScan server.
Step 1: Install the CodeScan Extension
Open the Extensions tab
Search for CodeScan and click on Install to install the latest CodeScan extension. You will notice the extension page mentions Visual Studio Code, this is expected. Cursor is originally forked from VS Code.
Once installed, restart or reload Cursor to ensure it's taken effect.
Step 2: Java Runtime (JRE) 17 Installation
CodeScan should automatically find the JRE installed on your computer. Or you can specify the JRE path on your Cursor's Settings page by navigating to Settings > Cursor Settings > Plugins > CodeScan.
Under CodeScan > Ls: Java Home (Not synced), enter the JRE path.
Next, confirm the JAVA_HOME variable is set properly on your system. Enter the command echo %JAVA_HOME%. This should output the path to your Java installation folder. Reach out to your IT department if the JAVA_HOME variable is not set.
Step 3: Create the Connection
Navigate to the CodeScan tab in the left Panel.
Click on ‘Add CodeScan Connection.’
Add your CodeScan URL.
Click on 'Generate Token.' This will open CodeScan in a browser.
Click 'Allow Connection' to send the newly generated token back to your IDE.
Add your organization key.
You can always find your organization key at the top right of your **organization** home page.
Enter a Unique Connection Name.
Click on 'Save Connection.' You will see your connection appear in your connected mode window.
Click on your connection (CodeScan Cloud in the example.)
Click the + symbol to the right. This will show you a list of projects from the Command palette.
Select the project you would like to connect to.
The project you connect to determines the rules for scanning your open files.
Note: If the project you have open in VS Code matches the project you connect to in CodeScan Cloud, your IDE scans will ignore any Won’t Fix or False Positive issues.
Self-Signed Certificates
If you are connecting to a server with self-signed certificates, you will need to specify them for your Java and Node installations.
For your Java installation, you can find the documentation here.
For Node installation, add the environment variable NODEEXTRACA_CERTS with the path to your certificate file as a value, e.g., /usr/local/share/ca-certificates/YOUR_CERT.crt.
Troubleshooting
PKIX Certificate error
Error Code:
Reason: This error occurs when the Java environment does not trust the certificate of the server running your SonarQube instance.
Solution: Install the server certificate to the Java key.
Steps:
In your browser, to the left of the URL, there is a lock icon (
).Click on this icon and a window will pop up. From the window, select Connection is secure.
Select the second option, i.e.,
Certificate is valid.
Go to the Details tab and click on Export.
Rename the certificate (e.g., codescan-certificate), then choose a location and save the certificate.
The next process is to install the certificate in the cacerts file of the jdk installed in the system using the command line.
Command:
keytool -import -alias {alias-name for the certificate} -keystore “{path for the cacerts file}” -file {path where we have save the certificate}
Example:
keytool -import -alias codescan-certificate -keystore "C:\Program Files\Java\jdk-11.0.9\lib\security\cacerts" -file c:/tmp/codescan-certificate.crt
When adding the certificate, password is required. The password is changeit.
Point to Note:
If adding the certificate as a trusted certificate to the Java Keystore still results in the PKIX path building failed error, we suggest you delete the currently installed certificate from the Java Keystore, export a new certificate, and then attempt a new installation of the certificate.
Command to list all of the certificates from the Java Keystore: keytool -list -v -keystore “{path for the cacerts file}” > /tmp/certs_list.txt
Example: keytool -list -v -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts” > /tmp/certs_list.txt
Command to delete the certificate: keytool -delete -noprompt -alias {alias-name for the certificate} -keystore “{path for the cacerts file}”
Example: keytool -delete -noprompt -alias codescan-certificate -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts”
CodeScan Update Binding Failed
If the CodeScan update binding is getting failed, try disabling the VPN and antivirus, then try updating the binding again.
If the binding successfully updates, the error occurred due to antivirus blocking CodeScan. Add CodeScan to the list of allowed sites for the antivirus in use.
If the binding still fails, check the HTTP client protocol version. Enter the Apache HTTP client protocol version (FORCE_HTP_1, FORCE_HTTP_2, or NEGOTIATE). Save and Update Bindings. Further documentation is available here in the 'Parameters' section.
If the binding still fails, raise a Support Ticket, including the analyzer logs and verbose logs in the attachment.
Issue when ApexPMD plugin installed along with the CodeScan plugin
If Apex PMD plugin is installed alongside the CodeScan plugin, one or more of the following issues may occur:
CodeScan is not listed in the dropdown in
Output Tabof VS Code terminal.Inconsistency in the number of issues for a file on saving the file.
Problems for a specific file are displayed even when the file is closed.
All these issues can be resolved by uninstalling Apex PMD plugin and restarting IDE, then updating the Binding to CodeScan Cloud.
CodeScan and Java Runtime Environment (JRE) sync issue
CodeScan should automatically find the JRE installed on your computer. If you have trouble, then you can specify the JRE path on your VS Code's Settings page.
Navigation: Settings > Cursor Settings > Plugins > CodeScan.
Under CodeScan > Ls: Java Home (Not synced), enter the JRE path.
How do I see warnings and errors in Cursor?
You can click on the summary or press Ctrl+Shift+M to display the PROBLEMS panel with a list of all current errors. If you open a file that has errors or warnings, they will be rendered inline with the text and in the overview ruler.
Note: The VS Code displays the code issues related to bugs, vulnerabilities, and code smells inside the PROBLEMS tab. No code duplications are shown in the IDE.
Other useful debugging information
Some useful debugging information is available under the
Outputwindow under the ‘CodeScan’ tab.Also, you can check for any serious errors by going to
Help > Toggle Developer Toolsto bring up the console.
Changelogs
27 June 2024
v. 2.0.3
Changes were required to support fixes and enhancements of the VS Code CodeScan Plugin (v2.0.3) to VS Code Extension Marketplace; specifically, we fixed a plugin issue that caused non-recognition of CodeScan-specific JS and VF rules.
13 June 2024
v. 2.0.2
New CodeScan Issue Filter: Quickly sort and filter issues by type and severity for efficient code review. You can click on the specific Type or Severity to only see issues of that type.
The released plugin can be updated directly from VSCode and also can be found in this link: https://marketplace.visualstudio.com/items?itemName=codescansf.codescan-vscode
Raising a support ticket
Before raising a support ticket, perform the following checks in VS Code:
Is the Sonarlint or ApexPMD plugin installed alongside CodeScan? If so, uninstall it.
Is the Salesforce extension pack installed in VS Code? If not, install, as this is mandatory.
What version of Java is installed? Version 2.0.0 onward requires Java Runtime (JRE) / JDK versions 17 or later. Prior CS versions will still work with older JRE / JDK versions 11.
Is the Java path passed to CodeScan (codescan.ls.javaHome)? Verify by going to
VS Code Settings > Settings > Extensions > CodeScanand underCodescan › Ls: Java Home (Not synced),you should see theJAVA_HOMEpath mentioned. If not present, please enter theJAVA_HOMEpath.You can also add the
JAVA_HOMEpath in the settings.json file inside thecodescan.ls.javaHomeproperty.
Perform the CodeScan Update Binding and check if the issue is resolved.
NOTE: Duplicate lines of code and Security Hotspot issues do not show up in IDE.
What's Next? If you're still having an issue with VS Code, raise a support ticket on the CodeScan Support Page and share with us the following information:
In settings.json file, please add the below properties inside the curly braces ({ }) to get debug level logs:
Update the CodeScan binding and share the logs with us.
Last updated
Was this helpful?