AutoRABIT Knowledge Base
  • 👋Welcome to the Knowledge Base
  • Fundamentals
    • ⚡AutoRABIT Solutions
    • LearningHub
    • ℹ️FAQs
      • General User Definitions
        • ARM User Definitions
      • ARM-FAQs
        • Connection & Authentication
        • Common Errors and Resolutions
        • Deployment
        • Data Loader
        • CI Jobs
        • Retention Policy
        • nCino
      • CodeScan-FAQs
        • General
          • CodeScan Static IP Ranges
          • Difference b/w CodeScan Self-Hosted and CodeScan Cloud
          • Single Sign-On (SSO)
          • What is a Subscription Code?
          • What is a CodeScan License Key?
          • Can I use CodeScan with a proxy?
          • Not receiving email notifications
          • CodeScan Blocks, Lines, and Field Inquiries
          • How are Metric Definitions Defined?
          • What Is Cyclomatic Complexity?
          • Can I export my test results?
          • CodeScan requests read and update permissions while connecting to Bitbucket
          • SSL Certificates
          • Does SonarQube support test execution reports for pull requests?
        • CodeScan Self-Hosted Issues
          • Self-Hosted Errors and Solutions
          • Self-Hosted FAQs
          • License Errors
          • License Issues (IDE)
          • Setting the System Environment Variable
          • Setting Up CodeScan for Use with a Proxy
        • CodeScan Cloud Issues
          • Cloud Errors and Solutions
        • Common Issues and Solutions
      • Vault-FAQs
        • Vault-FAQs
        • Common Error Messages
        • Limitations
        • Unsupported Metadata Types
  • Release Notes
    • 🔁Release Notes
      • ARM Release Notes
        • Release Notes 25.2
        • Release Notes 25.1
          • Release Notes 25.1.4
          • Release Notes 25.1.3
          • Release Notes 25.1.2
          • Release Notes 25.1.0
        • Release Notes 24.4
          • Release Notes 24.4.5
          • Release Notes 24.4.4
          • Release Notes 24.4.3
          • Release Notes 24.4.2
          • Release Notes 24.4.1
        • Release Notes 24.3
          • Release Notes 24.3.5
          • Release Notes 24.3.4
          • Release Notes 24.3.3
          • Release Notes 24.3.2
          • Release Notes 24.3.1
        • Release Notes 24.2
        • Release Notes 24.1
        • Release Notes 23.1
        • Release Notes 22.3
        • Release Notes 22.2
        • Release Notes 22.1
        • Release Notes 21.6
        • Release Notes 21.5
      • CodeScan Release Notes
        • Cloud Releases
          • Release Notes 25.1
          • Release Notes 25.0
          • Release Notes 24.0
          • Prior Versions
            • Release Notes 23
              • Release Notes 23.2
              • Release Notes 23.1
            • Release Notes 22
              • Release Notes 22.8
              • Release Notes 22.7
              • Release Notes 22.4
              • Release Notes 22.3
              • Release Notes 22.2
              • Release Notes 22.1
            • Release Notes 21
              • Release Notes 21.5
              • Release Notes 21.4
            • Release Notes 4
              • Release Notes 4.5
              • Release Notes 4.4
              • Release Notes 4.3
              • Release Notes 4.2
        • Self Hosted Releases
          • Eagle Edition
            • Release Notes 25.1.0 Eagle 3.0
            • Release Notes 24.1.1 Eagle 2.0
            • Release Notes 24.1.0 Eagle
          • Tiger Edition
            • Release Notes 25.0.1 Tiger 3.0
            • Release Notes 24.0.13 Tiger 2.0
            • Release Notes 24.0.9 Tiger
          • Prior Editions
            • Release Notes 24
              • Release Notes 24.0.8
              • Release Notes 24.0.5
              • Release Notes 24.0.4
              • Release Notes 24.0.1
            • Release Notes 23.1
        • CodeScan for Government
      • nCino Release Notes
        • Release Notes 25.1
        • Release Notes 24.4
        • Release Notes 24.3
        • Release Notes 24.2
        • Release Notes 24.1
        • Release Notes 23.1
        • Release Notes 22.3
      • Vault Release Notes
        • Release Notes 24.0
        • Release Notes 23.0
        • Release Notes 22.0
        • Release Notes 21.0
      • Guard Release Notes
        • Release Notes 25.1
  • Product Guides
    • ARM
      • Getting Started
        • Signing Up with ARM
          • User Profile
        • Understanding ARM
          • What is ARM?
          • What can I do with ARM?
          • Who can use ARM?
          • ARM Supported Metadata Types
        • Navigating ARM
      • ARM Administration
        • User Management
          • User Types
          • Predefined Roles
          • Users, Roles & Permissions
          • Adding New Users
          • Assigning User Roles
          • Removing or Suspending Users
          • Exporting User Details
          • Managing User Account Settings
          • Resetting Account Passwords
          • Profiles
          • Permissions
          • Credential Manager
          • Delegating Approvals to Another User
          • Enforcing Single Sign-On (SSO)
          • Salesforce API Version
          • Changing Super Admin in ARM
        • Registration
          • Version Control Repository
            • GIT Integration
              • GIT Tag
            • SVN
            • TFS
            • Bitbucket
          • Version Control Branch
            • GIT Branch Creation
            • Creation of a TFS Branch
            • Creation of SVN Branch
          • Salesforce Org
            • Salesforce Authentication using OAuth
            • Salesforce Org Re-Authentication
          • Static Code Analysis in CI-CD
        • Subscription Management
        • Workspaces
        • Search and Substitute
        • ALM Management
      • Getting Set Up
        • Version Control Repository
          • GIT Integration
            • GIT Tag
          • SVN
          • TFS
          • Bitbucket
        • Version Control Branch
          • GIT Branch Creation
          • Creation of a TFS Branch
          • Creation of SVN Branch
        • Salesforce Org
          • Salesforce Org Management
          • Salesforce Authentication using OAuth
          • Salesforce Org Reauthentication
        • Branching Baseline
        • Static Code Analysis in CI/CD
        • Browser Support
      • ARM Features
        • Dashboard & Pipelines
          • Dashboards & Widgets
          • Pipelines
        • Webhooks
          • Configure a Webhook in Bitbucket
          • Configure a Webhook in Bitbucket Enterprise
          • Configure a Webhook in GitHub
          • Configure a Webhook in GitHub Enterprise
          • Configure a Webhook in GitLab
          • Configure a Webhook in Microsoft Azure
          • Configure a Webhook in Slack
          • Configure a Webhook in Teams
          • Configure a Webhook in Visual Studio GIT
          • Configure a webhook in Visual Studio GIT Enterprise
        • Version Control
          • Introduction to Version Control
            • Version Control Repositories Summary
            • Version Control Branch Workflow
          • Version Control Repository
          • EZ-Commits
            • How Do I Commit?
            • Commits Summary
            • Committing Individual Forms from Form Manager (RBC Metadata)
          • EZ-Merge
            • Merge Conflicts
            • Merge Requests
            • Squash and Merge
            • Git Commit History and Merge Operations Basics
          • Change Labels
            • Commit Labels
            • Release Labels
              • Selective Deployments Using Pre-Prepared Artifacts
              • Artifact Preparation and Deployment Process
            • ALM Labels
          • External Pull Request
            • Azure Cloud Authentication
            • Pull Request Support for Azure Cloud
            • External Pull Request Summary Page
          • Commit Templates
          • GIT Revert
          • Understanding Duplicate File Change Commits in Git
          • Merge Approvals
        • Data Loader
          • Single Data Loader
            • Extract Salesforce Data
            • Insert Salesforce Data
            • Update Salesforce Data
            • Upsert Salesforce Data
            • Delete Salesforce Data
            • Using Data Loader with Lookups
          • Data Loader Pro
          • Data Loader Configuration
          • Test Environment Setup
          • Validation / Workflow Rules
          • Preparing the CSV file for ARM Data Loader
        • Automation and CI
          • Create a New CI Job
            • Build a Package from Salesforce
            • Backup your project to Version Control
            • Build a package from Version Control
            • Deploy a package from a Salesforce Org
            • Deploy from Salesforce with VC backup
            • Deploy from Version Control to a Salesforce Org
            • Deploy from SFDX branch to a Salesforce Org
            • Run Test Automation Scripts
            • Install an Unlocked Package from Version Control Branch
          • Triggering Builds for your CI Job
          • CI Job History
          • CI Job List
          • Configure Callout URL
          • CI Job Rollback
          • Parallel Processor
          • Enabling GitHub Checks
          • Automate Merge When CI Builds Pass
        • Deployment
          • Monitor Deployments
          • Apex Unit Tests
          • Connecting and Syncing Salesforce Orgs
          • Creating and Deploying Changes
          • Deploying Profile and Permission Sets
          • Deployment Rollback
          • Destructive Changes
        • nCino
          • Feature Migration
            • Create a Feature Migration Template
            • Create a Feature Migration Template with Predefined nCino Objects
            • Feature Migration Summary Page
          • Feature Deployment
            • Deployment Using Feature Migration Template
            • Deployment via Template using Salesforce Org
            • Deployment Using Version Control
            • Deployment via Version Control using Salesforce Org
            • Feature Deployment Summary
          • Feature Commits
          • Feature CI Jobs
            • Running a CI Job
            • CI Job Results
            • CI Job List screen
            • nCino Webhooks
          • Post Deployment Activities
          • Specify Baseline Revision in Continuous Integration for Version Control
          • Selecting a Range of Revisions
          • nCino RBC Deployment Rollback
          • nCino Developer APIs
            • nCino API References
          • nCino Compare
          • Exclude the OwnerID from Automapping in nCino CI jobs
          • External Unique ID Validation
          • Select External Unique ID
        • Salesforce DX
          • Salesforce DX Metadata Format
          • Registering a DevHub
          • Create a Scratch Org
          • Create a Module
          • Create an Unlocked/Managed Package
          • Import an Unlocked/Managed Package
        • Reports
          • Reports Overview
          • Code Coverage Reports
          • Deployment Reports
          • Static Code Analysis
          • Audit Report
        • Environment Provisioning
          • Migration Template
            • Enable History Tracking on Objects
            • Disable History Tracking on Objects
            • Enable History Tracking on Custom Fields
            • Disable History Tracking on Custom Fields
            • Run Destructive Changes
            • Execute Anonymous Apex
            • Enable Validation Rules
            • Disable Validation Rules
            • Enable Workflow Rules
            • Disable Workflow Rules
            • Enable Flows
            • Disable Flows
            • Enable Apex Triggers
            • Disable Apex Triggers
            • Migrate Custom Settings Data
          • Unsupported Metadata Templates
            • Account Teams
              • EnableAccountTeams
              • DeleteAccount
              • DisableAccountTeams
              • NewRoleAccount
              • Reorder
              • Replace
              • SortAlphabetically
            • AddTabsinAppManager
            • ActivityButtonOverrides
            • ApexExceptionEmail
            • ComplianceBCCEmail
            • AutoNumberFields
            • Campaign Influences
              • CampaignInfluencesEnable
              • CampaignInfluencesDisable
            • Case Contact Roles
              • NewContactRoles
              • DeleteContactRoles
              • ReorderContactRoles
              • ReplaceContactRoles
            • Contact Role Templates
              • EditTeamRole
              • NewTeamRole
              • ReplaceTeamRole
            • Console Layout Assignment
              • ConsoleLayoutsAssignments
              • DeleteConsoleLayout
              • NewConsoleLayouts
            • Create Lead Mapping Rules
              • LeadMapping
            • Create Organization-Wide Email Footers
              • DeleteEmailFooters
              • EditEmailFooters
              • EmailFooters
            • Case Feed Layout
            • Create Public Groups
              • Assign Roles and Profiles to Public Groups
              • PublicGroups
            • Web to Case
            • Data Category Visibility Settings
            • Delegated Administration
              • DelegatedAdministrationNew
              • DelegatedAdministrationEdit
            • Delete Outbound Messages
            • Delete Scheduled Jobs
            • Delete Time Based Workflow
            • Disable Scheduled Reports
            • Edit Queue
            • Email to Case Settings
              • Email to Case
              • Update Email to Case
            • File Upload and Download Security
            • Fiscal Year
            • Edit Lead
            • Email Admin Settings
            • Email Relay Activation
            • Manage Email Services
              • DeleteEmailServices
              • EditEmailServices
              • NewEmailServices
            • Manage Libraries
            • Page Layout Assignment
            • Manage User Records
            • Mobile Administration
              • Mobile Dashboard Settings
              • Mobile Notifications
              • Mobile Salesforce Settings
              • Salesforce Navigation
              • Salesforce Offline
            • Multiline Layout Fields For Contract Line Items
            • Multi Line Layout Fields for Opportunity Teams
            • Territory Model Options
              • New Territory Model
              • Edit Territory Model
              • Delete Territory Model
            • Offline Briefcase Configuration
              • Offline Briefcase Configuration New
              • Offline Briefcase Configuration Edit
              • Offline Briefcase Configuration Delete
            • Opportunity Deal Alerts
              • Edit Deal Alert
              • New Deal Alert
            • Opportunity Update Reminders
              • EditReminder
            • Organization Wide Email Addresses
              • Delete
              • Edit All
              • Organization All Profile
            • Predefined Case Teams
              • DelPredefined
              • NewPredefined
              • EditAdd
              • EditRemove
              • EditName
            • Product Schedule Settings
            • Public Calendar
              • Public Calendar Delete
              • Public Calendar Edit
              • Public Calendar New
            • Public Calendars and Resources Sharing
              • Public Calendar and Resources Sharing Add
              • Public Calender and Resources Sharing Edit
              • Public Calendar and Resources Sharing Delete
            • Publish Communities
            • Quote Templates
              • Active Quote
              • Deactive Quote
              • Delete Quote
              • New Quote
            • Report Dashboards Create Manage Folders
              • Create New Dashboard Folder
              • Create New Report Folder
              • Delete Folder
              • Share Settings
            • Resource Calendar
              • Resources Calendar Delete
              • Resources Calendar Edit
              • Resources Calendar New
            • Sandbox Refresh
            • Enable Salesforce to Salesforce
            • Schedule Apex Classes Monthly
            • Schedule Apex Classes Weekly
            • Search Settings
            • Self Service Public Solutions Edit
            • Site
            • Social Accounts Contacts and Lead Settings
            • SoftPhone Layouts
              • Softphone Layout New
              • SoftPhone Layout Edit
              • SoftPhone Layout Delete
            • Solution Categories
              • Solution Category Add
              • Solution Category Edit
            • Solution Settings Edit
            • Tag Settings
            • Territory View Rules
              • Delete Territory View Rules
              • Edit Territory View Rules
              • New Territory View Rules
            • User Interface Settings
            • Update Custom Label
            • Update Url for Remote Site Settings
            • Web to Lead
              • Edit Web Lead
              • Web To Lead
      • Integration and Plugins
        • SSO
          • SSO With Microsoft Entra ID
          • SSO for OKTA
          • SSO For PingFederate
          • SSO For ADFS
          • SAML SSO (Generic IdP)
        • Active Directory
        • JIRA
        • Azure DevOps
        • OmniStudio
          • Deploying OmniStudio Components
          • OmniStudio Configuration Settings
          • Committing OmniStudio Components to a Branch
        • AccelQ
        • HashiCorp Vault
        • Provar
        • SCA for Checkmarx
          • Checkmarx One Integration
        • Apex PMD
        • CodeScan Overview
        • SonarQube
        • Jenkins
        • Visual Code Extension
          • Installing VS Code Extension
          • Configuring VS Code Extension
          • Working with VS Code Extension
        • Integrate ServiceNow with ARM
        • URL Callout Integration with Tricentis
        • ARM for Salesforce Data Cloud
      • Security Information and Event Management
        • Common Event Format (CEF) Data
        • ARM Event Type
        • Retrieval APIs
      • Developer APIs
        • Authentication
        • API Access
        • Errors
        • API References
      • On-Premises / Dedicated Instances
        • Upgrade Guides
      • Troubleshooting
        • Best Practices
          • Salesforce Deployment Best Practices
          • Version Control Best Practices
          • CI Job Configurations
          • Vlocity
          • IP Whitelist
          • How to Include Network Settings in Commit or Deployment
          • Branching Strategy & CI/CD Pipeline
          • Metadata comparison between two Salesforce Orgs
          • Working with Translations in ARM
          • Revision Range & Release Label Deployment
          • Salesforce API Version Mismatch for the CI Build and Custom Deployment
          • Prerequisite while performing a commit using AutoRABIT
          • Flows in Salesforce
        • Known Issues / Limitations
          • ARM Known Issues
          • ARM Known Limitations
          • Salesforce Known Limitations
        • How-To's
          • Configure Merge Approval
          • Check Time Stamp for Commit/Merge
          • Enable SCA Apex PMD validation criteria.
          • Create API Token
          • Create Users' Credentials
          • Configure Record Types Picklist Values
          • Configure Multi-Proxy
          • Configure Mail Server Settings
          • Notifications (Mail Server Settings)
          • Enable Delta on PermissionSets
          • Default Apex Class Configuration
          • Enable Enhanced Domains
          • Provide branch access to users
        • FAQs
    • CodeScan
      • CodeScan Overview
      • System Requirements and Installation Self-Hosted
        • Installing CodeScan Self-Hosted
      • Getting Started
        • Users, Roles and Permissions
          • User Account
          • Reset the Password
          • Adding Users to a CodeScan Cloud Organization
            • Accepting invitations to add a user to a CodeScan Organization
          • Deleting User from a CodeScan Organization
          • Member Permissions
          • IDP Group Mapping
        • Setting up a CodeScan Cloud Organization
          • About CodeScan Cloud Organizations
          • Deleting Projects and Organizations
          • Generate a Security Token
          • Finding your Organization Key
          • Finding your Project Key
          • Setting up Payment
          • Understanding branches in CodeScan Cloud
          • Understanding branches for Salesforce project
          • Understanding the New Code Tab
        • Adding Projects to CodeScan
          • Add a project to CodeScan from Salesforce
          • Add a project to CodeScan from GitHub
          • Add a Project to CodeScan from Bitbucket
          • Add a Project to CodeScan from Git
          • Add a project to CodeScan from GitLab
      • Quality Profiles
        • Setting a Default Quality Profile
        • Customizing Quality Profiles
        • Exporting CodeScan Quality Profiles
      • Quality Gates
        • Understanding Quality Gates
        • Assigning Specific Quality Gates to a Project
        • Customizing Quality Gates
      • CodeScan Rules
        • CodeScan Rule List
        • Security-Related Rules
        • Creating Custom Rules with XPath
        • Configuration for Polyfill.io Vulnerability Rules
        • Configuration for Salesforce Metadata Rules
        • Metadata Rules on CodeScan Self-Hosted
      • Issues
        • Filtering Issues in CodeScan
        • Export issues to CSV in CodeScan Cloud
        • Exporting Issues using CodeScan-Export Tool
        • About Issue Status
        • Security Hotspots
      • Report and Analysis
        • Scheduled Reports
        • Analysis Scope on CodeScan Cloud
        • Ignoring Violations
        • Importing Salesforce CLI Code Coverage
        • Housekeeping
      • CodeScan Support
        • Raise a Service Request
      • CodeScan Integration
        • Integration Requirements
        • Project Naming Conventions
        • Single Sign-On (SSO)
          • Single Sign-On with OKTA
          • Single Sign-On with Entra ID
          • Single Sign-On with ADFS
          • Single Sign-On with PingOne
        • ARM
          • CodeScan Integration with ARM
        • CodeScan SFDX Plugin
          • Run analysis locally using SFDX
          • Importing Code Coverage from SFDX projects
        • IDE Plugins
          • Installing CodeScan for VS Code
          • Installing CodeScan for IntelliJ
        • Copado
          • Copado SFDX Integration
          • Copado MDAPI Integration
        • Flosum
          • CodeScan and Flosum Integration
        • Azure DevOps
          • Scan CodeScan Cloud projects in Azure DevOps
        • GitLab
          • Integrating CodeScan in GitLab
        • Bitbucket Pipelines
          • Integrating CodeScan in Bitbucket Pipelines
          • Reattaching Bitbucket Projects
        • GitHub Actions
          • CodeScan in Github Actions using the SFDX Plugin
          • Integrating CodeScan with GitHub Actions
        • Jenkins
          • CodeScan with Windows Agents
          • CodeScan with Linux/Unix Agents
          • Use Jenkins with CodeScan Salesforce project
        • Webhooks
          • Slack integration with Zapier
    • Vault
      • Vault™ Overview
      • Getting Started
        • Registering for an Account
        • Signing In
        • Resetting your Password
        • Managing Users and Roles
        • Setting Up Multifactor Authentication in Vault
        • Managing User Sessions
        • User Profile and Permission Access for Salesforce Users
        • Transferring Admin Ownership
        • Controlling Access to the Salesforce Org
      • Configuring Vault
        • Configure Backup Environment
          • Amazon AWS S3 Storage Environment
            • Bring your own Key (BYOK) with Vault
            • IAM Role Support
          • Google Cloud Platform
          • Create an Azure Storage Account
          • Azure Blob Storage Environment
          • Microsoft Azure Blob Retention Policy
          • NFS
          • SAN (Storage Area Network) Environment
        • Licenses
        • SSO Configuration
          • SSO for OKTA
          • SSO with Microsoft Entra ID for Vault
        • Registering Salesforce Org
          • Setup backup configuration for Salesforce Org
          • Archival Configuration
          • Unique Identifier (UID)
        • Scheduled Backup List
        • Alerts & Notifications
        • Workflow/Validation Rules
        • TLS Supported
        • Creating and Configuring Proxy Servers
      • Vault Features
        • Archive
          • Archiving Your Salesforce Data
          • Parent-Child Record Archival
        • Backup
          • Start the Backup
          • Schedule a Vault Backup
          • Understanding Backup Behavior
        • Compare
          • Comparing Two Backups
        • Compliance
          • GDPR - Secure and Comply
            • Right to Be Forgotten Request
          • PCI DSS
        • Replicate
          • Job Configuration
          • Job History
          • Masking Rules
        • Reporting
          • Archive Reports
          • Stale Jobs
        • Restore
          • Restoring the Metadata/Data to the Salesforce Org
        • SIEM Logs
        • Vault Connect
      • Vault Best Practices
      • Vault-FAQs
      • Knowledge Articles
        • Backup Support for Knowledge Articles
        • Restoring Knowledge Articles with Vault
        • nCino
          • Registering nCino configured Salesforce Org
          • Backup Configuration for your Salesforce Org
          • Archival Configuration for your Salesforce Org
          • Restoring nCino Features
    • Guard
      • Risk Assessment
      • Permissions Explorer
      • Change Monitoring
      • Policies
      • Integration User License
  • Resources
    • 🖥️AutoRABIT Support
    • 💬Community Forum
    • 📙Glossary
Powered by GitBook
On this page
  • Learning Objectives:
  • Installing the CodeScan IDE Plugin version 2.0.0
  • Getting Started with VS Code
  • Installing the 'CodeScan for VS Code' extension
  • Integrating VS Code with the CodeScan extension
  • Visual Studio Code Behind a Proxy
  • Self-Signed Certificates
  • Compatibility with Agentforce
  • VS Code Troubleshooting
  • Changelogs
  • Raising a support ticket

Was this helpful?

Edit on GitHub
Export as PDF
  1. Product Guides
  2. CodeScan
  3. CodeScan Integration
  4. IDE Plugins

Installing CodeScan for VS Code

PreviousIDE PluginsNextInstalling CodeScan for IntelliJ

Last updated 8 days ago

Was this helpful?

Learning Objectives:

After completing this unit, you'll be able to:

Installing the CodeScan IDE Plugin version 2.0.0

These step-by-step instructions will show you how to install the CodeScan plugin.

  1. Click the CodeScan icon on the left panel.

  1. Click on ‘Add CodeScan Connection.’

  1. Add your CodeScan URL.

  2. Click on 'Generate Token.' This will open CodeScan in a browser.

  3. Click 'Allow Connection' to send the newly generated token back to your IDE.

  4. Add your organization key.

  5. Enter a Unique Connection Name.

  6. Click on 'Save Connection.' You will see your connection appear in your connected mode window.

  1. Click on your connection (CodeScan Cloud in the example.)

  1. Click the + symbol to the right. This will show you a list of projects from the Command palette.

  2. Select the project you would like to connect to.

  3. The project you connect to determines the rules for scanning your open files.

Note: If the project you have open in VS Code matches the project you connect to in CodeScan Cloud, your IDE scans will ignore any Won’t Fix or False Positive issues.

Getting Started with VS Code

The CodeScan VS Code extension provides immediate feedback to developers on bugs and quality issues; it is a fully integrated user experience in Visual Studio Code (we'll refer to it as VS Code).

Prerequisites

Make sure you:

  1. Install the latest VS Code version.

  2. Have a CodeScan cloud account:

    • Have a valid enterprise license (or a cloud trial version—trial not available with self-hosted)

  3. For CodeScan Self Hosted:

    • Have a working SonarQube™ 9.9+ LTA server

  4. In the CodeScan UI, ensure the user has permissions to execute the analysis; otherwise, a 'license not set' error will occur.

  5. Download the CodeScan extension from the marketplace

  6. Download the Salesforce Extension pack from the marketplace if you are working with Salesforce code or, at a minimum, the Visualforce plugins.

  7. Install JDK version 17 or above.

  8. Install Java Runtime (JRE) 17 version or later.

  9. Install the latest available Node.js LTS version.

  10. Uninstall the Apex PMD and SonarLint™ plugins. The CodeScan and VS Code plugin will not work with SonarLint™ or Apex PMD installed.

Version 2.0.0 requires Java Runtime (JRE) / JDK versions 17 or later. Prior CS versions will still work with older JRE / JDK versions 11.

Note: CodeScan plugin is designed to work with a single VS Code window at a time. Using the CodeScan plugin while having multiple VS Code windows open may give unexpected results.

Installing the 'CodeScan for VS Code' extension

Follow the installation instructions for the CodeScan extension and bind the extension to your CodeScan server.

Step 1: Install CodeScan for VS Code Extension

  1. Open Visual Studio Code and go to the Activity Bar on your left. The last button on the Activity Bar is the Extensions button.

Note: You can also press the Shortcut Key combination Ctrl + Shift + X to launch the Extensions side panel.

  1. Search for CodeScan and click on Install to install the CodeScan latest extension, preferably version 1.6.8 or above.

  2. Once installed, restart or reload VS Code to ensure it's taken effect.

Step 2: Java Runtime (JRE) 11 Installation

CodeScan should automatically find the JRE installed on your computer. Or you can specify the JRE path on your VS Code's Settings page by navigating to VS Code Settings > Settings > Extensions > CodeScan.

  1. Under CodeScan > Ls: Java Home (Not synced), enter the JRE path.

  1. Next, confirm the JAVA_HOME variable is set properly on your system. Enter the command echo %JAVA_HOME%. This should output the path to your Java installation folder. Reach out to your IT department if the JAVA_HOME variable is not set.

Step 3: Generate CodeScan token

You can generate new tokens at User > My Account > Security or use an existing token if you have one saved. Copy the generated token and add it to the settings.json file (discussed later).

Step 4: Obtain the Project Key

Log in to CodeScan, click on the Projects tab, and find the project you need to configure. Click on the Project Information tab to find your project key at the bottom right of your screen.

Step 5: Obtain the Organization Key

You can always find your organization key at the top right of your **organization **home page.

Step 6: Add CodeScan Configuration

  1. Press Ctrl + Shift + P in the VS Code, and search for Settings and select Open User Settings (JSON).

  1. On the settings.json tab, inside the curly braces ({ }), copy and paste the following text, and add the parameters shown in the table below:

Example:

PARAMETER
DESCRIPTION

serverID

Add serverId with a value you will remember. You will need to enter the same value in both of the serverId parameters.

Add your CodeScan organization key. If you are using CodeScan Self-Hosted, enter your default-organization.

serverUrl

For CodeScan Cloud, enter: https://app.codescan.io/for U.S. region, https://app-eu.codescan.io/ for EU, and https://app-aus.codescan.io/for AUS.

Note: If no protocol version is set, the default protocol is NEGOTIATE.

  1. Save the settings.json file.

Step 7: Configure the Project Binding

Next, you will need to update the CodeScan bindings for the workspace to ensure the rules are in sync.

Select - Shift+Command+P or - Shift+Command+P (Mac) to open the Command Palette. Type in CodeScan to bring up the CodeScan commands and run Update CodeScan binding to SonarQube/CodeScan Cloud.

An All CodeScan bindings successfully updated notification appears once the binding is completed successfully.

Step 8: Verifying

You can verify this by opening a file that has problems. They will now be highlighted within your code:

  • An underline shows a pop-up of the issue when hovering

  • Within the VS Code problems panel

Integrating VS Code with the CodeScan extension

Once you're done installing the CodeScan extension from the marketplace,

  1. Restart the Visual Studio Code.

  2. Press Ctrl + Shift + P and search for Settings and select Open User Settings (JSON).

  1. On the settings.json tab, inside the curly braces ({ }), copy and paste the following text:

"codescan.servers": [
       {
            "serverId": "**************",
            "organizationKey": "**************",
            "serverUrl": "**************",
            "token": "**************"
        },
    ],

    "codescan.project": {
        "serverId": "**************",
        "projectKey": "**************"
    }
    "codescan.httpclient.version": "***********",

Plain text Copy

Parameters
Description

serverId

Add serverId with a value you will remember. You will need to enter the same value in both of the serverId parameters.

Add your CodeScan organization key. If you are using CodeScan Self Hosted, please enter your default-organization.

serverUrl

For CodeScan cloud, please enter: https://app.codescan.io/for US region, https://app-eu.codescan.io/ for EU, and https://app-aus.codescan.io/for AUS. For Self-Hosted CodeScan, add serverUrl as your SonarQube™ server URL (default is http://localhost:9000)

Add your security token. For Self-Hosted CodeScan, add token generated in SonarQube™.

Add your CodeScan project key.

codescan.httpclient.version (applicable for VS Code v1.6.10 or later)

Enter the Apache HTTP client protocol version (FORCE_HTTP_1, FORCE_HTTP_2 or NEGOTIATE). Note: If no protocol version is set, the default protocol NEGOTIATE is used.

  1. Save the settings.json file.

  2. Now select Ctrl+Shift+P (Windows/Linux) or Shift+Command+P(Mac) to open the Command Palette.

  3. Type in CodeScan to bring up the CodeScan commands and run Update CodeScan binding to SonarQube/CodeScan Cloud.

  4. Go to View > Output to view the logs details. If a problem does occur, you are able to trace it via logs.

  1. Select Terminal > New Terminal or press Ctrl+Shift +`, if you are not able to view the Output section at the bottom of the screen.

  2. An All CodeScan bindings successfully updated notification appears if the binding is successfully completed.

  3. If any changes are made on the SonarQube™ server, then repeat this step.

  1. Open a file, and you should see the issues in your code underlined.

Visual Studio Code Behind a Proxy

VS Code extensions can be difficult to use behind a proxy. To point CodeScan at the correct proxy, all it takes is a single environment variable for your system.

The environment variable is: JAVA_TOOL_OPTIONS

Follow the steps to set environment variables using the Windows GUI:

  1. Press Windows + R to open the Windows Run prompt.

  2. Type in sysdm.cpl and click OK.

  3. Open the Advanced tab and click on the Environment Variables button in the System Properties window.

  4. The Environment Variables window is divided into two sections. Click the New… button on the top section.

  5. In the New User Variable prompt, enter the Variable Name as JAVA_TOOL_OPTIONS, enter the following Variable Value, and click OK.

Variable Value:

-Dhttp.proxyHost=[YOUR_PROXY_HOST] 
-Dhttp.proxyPort=[YOUR_PROXY_PORT]

-Dhttps.proxyHost=[YOUR_PROXY_HOST] 
-Dhttps.proxyPort=[YOUR_PROXY_PORT]

-Dhttp.nonProxyHosts="localhost|127.0.0.1"

If the proxy has a username and password, you can add/update the following parameters and add them at the end of the variable value field.

-Dhttps.proxyUser=your_username
-Dhttps.proxyPassword=your_password

Self-Signed Certificates

If you are connecting to a server with self-signed certificates, you will need to specify them for your Java and Node installations.

For Node installation, add the environment variable NODEEXTRACA_CERTS with the path to your certificate file as a value, e.g., /usr/local/share/ca-certificates/YOUR_CERT.crt.

Compatibility with Agentforce

This plugin is compatible with Agentforce version 2.2.0 and up.

To allow CodeScan to run correctly there are 2 steps:

  1. Turn off Retrieval Augmented Generation in the settings for Agentforce

  2. Add the following lines to your settings.json file:

  "salesforce.einsteinForDevelopers.advanced": {
    "workspaceStatistics": false
  }

After these changes have been made, restart Visual Studio Code.

VS Code Troubleshooting

PKIX Certificate error

Error Code:

javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target.

Reason: This error occurs when the Java environment does not trust the certificate of the server running your SonarQube instance.

Solution: Install the server certificate to the Java key.

Steps:

  1. Click on this icon and a window will pop up. From the window, select Connection is secure.

  1. Select the second option, i.e., Certificate is valid.

  1. Go to the Details tab and click on Export.

  1. Rename the certificate (e.g., codescan-certificate), then choose a location and save the certificate.

  1. The next process is to install the certificate in the cacerts file of the jdk installed in the system using the command line.

Command:

keytool -import -alias {alias-name for the certificate} -keystore “{path for the cacerts file}” -file {path where we have save the certificate}

Example:

keytool -import -alias codescan-certificate -keystore "C:\Program Files\Java\jdk-11.0.9\lib\security\cacerts" -file c:/tmp/codescan-certificate.crt

When adding the certificate, password is required. The password is changeit.

Point to Note:

If adding the certificate as a trusted certificate to the Java Keystore still results in the PKIX path building failed error, we suggest you delete the currently installed certificate from the Java Keystore, export a new certificate, and then attempt a new installation of the certificate.

Command to list all of the certificates from the Java Keystore: keytool -list -v -keystore “{path for the cacerts file}” > /tmp/certs_list.txt

Example: keytool -list -v -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts” > /tmp/certs_list.txt

Command to delete the certificate: keytool -delete -noprompt -alias {alias-name for the certificate} -keystore “{path for the cacerts file}”

Example: keytool -delete -noprompt -alias codescan-certificate -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts”

CodeScan Update Binding Failed

If the CodeScan update binding is getting failed, try disabling the VPN and antivirus, then try updating the binding again.

If the binding successfully updates, the error occurred due to antivirus blocking CodeScan. Add CodeScan to the list of allowed sites for the antivirus in use.

Issue when ApexPMD plugin installed along with the CodeScan plugin

If Apex PMD plugin is installed alongside the CodeScan plugin, one or more of the following issues may occur:

  • CodeScan is not listed in the dropdown in Output Tab of VS Code terminal.

  • Inconsistency in the number of issues for a file on saving the file.

  • Problems for a specific file are displayed even when the file is closed.

All these issues can be resolved by uninstalling Apex PMD plugin and restarting IDE, then updating the Binding to CodeScan Cloud.

CodeScan and Java Runtime Environment (JRE) sync issue

CodeScan should automatically find the JRE installed on your computer. If you have trouble, then you can specify the JRE path on your VS Code's Settings page.

Navigation: VS Code Settings > Settings > Extensions > CodeScan.

Under CodeScan > Ls: Java Home (Not synced), enter the JRE path.

How do I see warnings and errors in VS Code?

You can click on the summary or press Ctrl+Shift+M to display the PROBLEMS panel with a list of all current errors. If you open a file that has errors or warnings, they will be rendered inline with the text and in the overview ruler.

Note: The VS Code displays the code issues related to bugs, vulnerabilities and code smells inside the PROBLEMS tab. No code-duplications are shown in the IDE.

Other useful debugging information

  • Some useful debugging information is available under the Output window under the ‘CodeScan’ tab.

  • Also, you can check for any serious errors by going to Help > Toggle Developer Tools to bring up the console.


Changelogs

27 June 2024

v. 2.0.3

Changes were required to support fixes and enhancements of the VS Code CodeScan Plugin (v2.0.3) to VS Code Extension Marketplace; specifically, we fixed a plugin issue that caused non-recognition of CodeScan-specific JS and VF rules.

13 June 2024

v. 2.0.2

New CodeScan Issue Filter: Quickly sort and filter issues by type and severity for efficient code review. You can click on the specific Type or Severity to only see issues of that type.


Raising a support ticket

Before raising a support ticket, perform the following checks in VS Code:

  • Is the Sonarlint or ApexPMD plugin installed alongside CodeScan? If so, uninstall it.

  • Is the Salesforce extension pack installed in VS Code? If not, install, as this is mandatory.

  • What version of Java is installed? Version 2.0.0 onward requires Java Runtime (JRE) / JDK versions 17 or later. Prior CS versions will still work with older JRE / JDK versions 11.

  • Is the Java path passed to CodeScan (codescan.ls.javaHome)? Verify by going to VS Code Settings > Settings > Extensions > CodeScan and under Codescan › Ls: Java Home (Not synced), you should see the JAVA_HOME path mentioned. If not present, please enter the JAVA_HOME path.

  • You can also add the JAVA_HOME path in the settings.json file inside the codescan.ls.javaHome property.

  • Perform the CodeScan Update Binding and check if the issue is resolved.

NOTE: Duplicate lines of code and Security Hotspot issues do not show up in IDE.


  • In settings.json file, please add the below properties inside the curly braces ({ }) to get debug level logs:

    "codescan.output.showVerboseLogs": true, 
    "codescan.output.showAnalyzerLogs": true,
  • Update the CodeScan binding and share the logs with us.

Have a licensed version (no trial available) of the latest CodeScan plugin to get started ().

For Self-Hosted CodeScan, add serverUrl as your SonarQube™ server URL (default is http://localhost:9000). | | | Add your security token. For Self-Hosted CodeScan, add token generated in SonarQube™. | | | Add your CodeScan project key.| | codescan.httpclient.version | (applicable for VS Code v1.6.10 or later) | Enter the Apache HTTP client protocol version (FORCE_HTTP_1, FORCE_HTTP_2, or NEGOTIATE). |

For your Java installation, you can find the documentation .

In your browser, to the left of the URL, there is a lock icon ().

If the binding still fails, check the HTTP client protocol version. Enter the Apache HTTP client protocol version (FORCE_HTP_1, FORCE_HTTP_2, or NEGOTIATE). Save and Update Bindings. Further documentation is available .

If the binding still fails, raise a , including the analyzer logs and verbose logs in the attachment.

The released plugin can be updated directly from VSCode and also can be found in this link:

What's Next? If you're still having an issue with VS Code, raise a support ticket on the and share with us the following information:

more info
token
cell
here
here in the 'Parameters' section
Support Ticket
https://marketplace.visualstudio.com/items?itemName=codescansf.codescan-vscode
CodeScan Support Page
organizationKey
organizationKey
token
projectKey
Install the 'CodeScan for Visual Studio (VS) Code' extension
Integrate VS Code with CodeScan
Run VS Code behind a proxy
Troubleshooting steps if you experienced VS Code issues
Compatibility with Agentforce