Comment on page

Installing CodeScan for VS Code

Learning Objectives:
After completing this unit, you'll be able to:
​Install the 'CodeScan for Visual Studio (VS) Code' extension​
​Integrate VS Code with CodeScan​
​Run VS Code behind a proxy​
​Troubleshooting steps if you ran with VS Code issues​
Get Started with VS Code
The CodeScan VS Code extension provides immediate feedback to developers on bugs and quality issues; it is a fully integrated user experience in Visual Studio Code (we'll refer to it as VS Code).

Prerequisites
Make sure you:
Install the latest VS Code version.
Have a CodeScan cloud account (with valid enterprise or trial license).
For CodeScan Self Hosted:
Have a working SonarQube™ (9.9+) server
Have a licensed, latest version of CodeScan plugin to get started (more info).
Download the CodeScan extension from the marketplace
Download the Salesforce Extension pack from the marketplace if you are working with Salesforce code or, at a minimum, the Visualforce plugins.
Install the JDK version 11 or above.
Install the Java Runtime (JRE) 11 version or later.
Install the latest available Node.js LTS version.
Uninstall the Apex PMD and SonarLint™ plugins. The CodeScan and VS Code plugin will not work with SonarLint™ or Apex PMD installed.
Note:
CodeScan plugin is designed to work with a single VS Code window at a time. Using CodeScan plugin with multiple VS Code windows open may give unexpected results.
Installing the 'CodeScan for VS Code' extension
Follow the installation instructions for the CodeScan extension and bind the extension to your CodeScan server.
Step 1: Install CodeScan for VS Code Extension
1.Open Visual Studio Code and go to the Activity Bar on your left. The last button on the Activity Bar is the Extensions button.
You can also press the Shortcut Key combination Ctrl + Shift + X to launch the Extensions side panel.
2.Search for CodeScan and click on Install to install the CodeScan latest extension, preferably version 1.6.8 or above.
3.Once installed, restart or reload VS Code to ensure it's taken effect.
Step 2: Java Runtime (JRE) 11 Installation
CodeScan should automatically find the JRE installed on your computer. Or you can specify the JRE path on your VS Code's Settings page by navigating to VS Code Settings > Settings > Extensions > CodeScan.
1.Under CodeScan > Ls: Java Home (Not synced), enter the JRE path.
​
2.Next, confirm the JAVA_HOME variable is set properly on your system. Enter the command echo %JAVA_HOME%. This should output the path to your Java installation folder. Reach out to your IT department if the JAVA_HOME variable is not set.
Step 3: Generate CodeScan token
You can generate new tokens at User > My Account > Security or use an existing token if you have one saved. Copy the generated token and add it to the settings.json file (discussed later).
Step 4: Obtain the Project Key
Log in to CodeScan, click on the Projects tab, and find the project you need to configure. Click on the Project Information tab to find your project key at the bottom right of your screen.
Step 5: Obtain the Organization Key
You can always find your organization key at the top right of your **organization **home page.
​
Step 6: Add CodeScan Configuration
1.Press Ctrl + Shift + P in the VS Code, and search for Settings and select Open User Settings (JSON).
​
2.On the settings.json tab, inside the curly braces ({ }), copy and paste the following text, and add the parameters shown in the table below:
​
Example:
​
PARAMETER
DESCRIPTION
serverID
Add serverId with a value you will remember. You will need to enter the same value in both of the serverId parameters.
​organizationKey​
Add your CodeScan organization key. If you are using CodeScan Self-Hosted, enter your default-organization.
serverUrl
For CodeScan Cloud, enter:
https://app.codescan.io/for U.S. region,
​
https://app-eu.codescan.io/ for EU, and
​
https://app-aus.codescan.io/for AUS.
​
For Self-Hosted CodeScan, add serverUrl as your SonarQube™ server URL (default is http://localhost:9000). |
| token | Add your security token. For Self-Hosted CodeScan, add token generated in SonarQube™. |
| cell | Add your CodeScan project key.|
| codescan.httpclient.version
(applicable for VS Code v1.6.10 or later)
| Enter the Apache HTTP client protocol version (FORCE_HTTP_1, FORCE_HTTP_2, or NEGOTIATE).
Note: If no protocol version is set, the default protocol is NEGOTIATE. |
3.Save the settings.json file.
Step 7: Configure the Project Binding
Next, you will need to update the CodeScan bindings for the workspace to ensure the rules are in sync.
Select -
Shift+Command+P or -
Shift+Command+P (Mac) to open the Command Palette. Type in CodeScan to bring up the CodeScan commands and run Update CodeScan binding to SonarQube/CodeScan Cloud.
An All CodeScan bindings successfully updated notification appears once the binding is successfully completed.
Step 8: Verifying
You can verify this by opening a file that has problems. They will now be highlighted within your code:
An underline shows a pop-up of the issue when hovering
​
Within the VS Code problems panel
​
Integrate VS Code with CodeScan extension
Once you're done installing the CodeScan extension from the marketplace,
1.Restart the Visual Studio Code.
2.Press Ctrl + Shift + P and search for Settings and select Open User Settings (JSON)
​
3.On the settings.json tab, inside the curly braces ({ }), copy and paste the following text:
"codescan.servers": [
       {
            "serverId": "**************",
            "organizationKey": "**************",
            "serverUrl": "**************",
            "token": "**************"
        },
    ],
​
    "codescan.project": {
        "serverId": "**************",
        "projectKey": "**************"
    }
    "codescan.httpclient.version": "***********",
Plain textCopy
image.png
Parameters
Description
serverId
Add serverId with a value you will remember. You will need to enter the same value in both of the serverId parameters.
​organizationKey​
Add your CodeScan organization key. If you are using CodeScan Self Hosted, please enter your default-organization.
serverUrl
For CodeScan cloud, please enter:
https://app.codescan.io/for US region,
https://app-eu.codescan.io/ for EU, and
https://app-aus.codescan.io/for AUS.

For Self-Hosted CodeScan, add serverUrl as your SonarQube™ server URL (default is http://localhost:9000)
​token​
Add your security token. For Self-Hosted CodeScan, add token generated in SonarQube™.
​projectKey​
Add your CodeScan project key.
codescan.httpclient.version
(applicable for VS Code v1.6.10 or later)
Enter the Apache HTTP client protocol version (FORCE_HTTP_1, FORCE_HTTP_2 or NEGOTIATE).
Note: If no protocol version is set, the default protocol NEGOTIATE is used.
6.Save the settings.json file.
7.Now select Ctrl+Shift+P (Windows/Linux) or Shift+Command+P(Mac) to open the Command Palette.
8.Type in CodeScan to bring up the CodeScan commands and run Update CodeScan binding to SonarQube/CodeScan Cloud.
9.Go to View > Output to view the logs details. If a problem does occur, you are able to trace it via logs.
​
Select Terminal > New Terminal or press Ctrl+Shift +`, if you are not able to view the Output section at the bottom of the screen.
10.An All CodeScan bindings successfully updated notification appears if the binding is successfully completed.
11.If any changes are made on the SonarQube™ server, then repeat this step.
​
12.Open a file, and you should see the issues in your code underlined.
​


Visual Studio Code behind a proxy
VS Code extensions can be difficult to use behind a proxy. To point CodeScan at the correct proxy, all it takes is a single environment variable for your system.
The environment variable is: JAVA_TOOL_OPTIONS
Follow the steps to set environment variables using the Windows GUI:
1.Press Windows + R to open the Windows Run prompt.
2.Type in sysdm.cpl and click OK.
3.Open the Advanced tab and click on the Environment Variables button in the System Properties window.
4.The Environment Variables window is divided into two sections. Click the New… button on the top section.
5.In the New User Variable prompt, enter the Variable Name as JAVA_TOOL_OPTIONS, enter the following Variable Value, and click OK.
Variable Value:
-Dhttp.proxyHost=[YOUR_PROXY_HOST] 
-Dhttp.proxyPort=[YOUR_PROXY_PORT]
​
-Dhttps.proxyHost=[YOUR_PROXY_HOST] 
-Dhttps.proxyPort=[YOUR_PROXY_PORT]
​
-Dhttp.nonProxyHosts="localhost|127.0.0.1"
If the proxy has a username and password, you can add/update the following parameters and add them at the end of the variable value field.
-Dhttps.proxyUser=your_username
-Dhttps.proxyPassword=your_password
Self Signed Certificates
If you are connecting to a server with a self-signed certificates, you will need to specify them for your Java and Node installations.
For your Java installation, you can find the documentation here.
For Node installation, add the environment variable NODEEXTRACA_CERTS with the path to your certificate file as a value, e.g., /usr/local/share/ca-certificates/YOUR_CERT.crt.
VS Code Troubleshooting
PKIX Certificate error
Error Code:
javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target.
Reason:
This error occurs when the Java environment does not trust the certificate of the server running your SonarQube instance.
Solution:
Install the server certificate to the Java key.
Steps:
1.In your browser, to the left of the URL, there is a lock icon (
).
2.Click on this icon and a window will pop up. From the window, select Connection is secure.
​
3.Select the second option, i.e., Certificate is valid.
​
4.Go to the Details tab and click on Export.
​
5.Rename the certificate (e.g., codescan-certificate), then choose a location and save the certificate.
​
6.The next process is to install the certificate in the cacerts file of the jdk installed in the system using the command line.
Command:
keytool -import -alias {alias-name for the certificate} -keystore “{path for the cacerts file}” -file {path where we have save the certificate}

Example:
keytool -import -alias codescan-certificate -keystore "C:\Program Files\Java\jdk-11.0.9\lib\security\cacerts" -file c:/tmp/codescan-certificate.crt
​
When adding the certificate, password is required. The password is changeit.
Point to Note:
If adding the certificate as a trusted certificate to the Java Keystore still results in the PKIX path building failed error, we suggest you delete the currently installed certificate from the Java Keystore, export a new certificate, and then attempt a new installation of the certificate.
Command to list all of the certificates from the Java Keystore:
keytool -list -v -keystore “{path for the cacerts file}” > /tmp/certs_list.txt
Example: keytool -list -v -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts” > /tmp/certs_list.txt


Command to delete the certificate:
keytool -delete -noprompt -alias {alias-name for the certificate} -keystore “{path for the cacerts file}”
Example: keytool -delete -noprompt -alias codescan-certificate -keystore “c:\Program Files\Java\jdk-11.0.13\lib\security\cacerts”
CodeScan Update Binding Failed
If the CodeScan update binding is getting failed, try disabling the VPN and antivirus, then try updating the binding again.
If the binding successfully updates, the error occurred due to antivirus blocking CodeScan. Add CodeScan to the list of allowed sites for the antivirus in use.
If the binding still fails, check the HTTP client protocol version. Enter the Apache HTTP client protocol version (FORCE_HTP_1, FORCE_HTTP_2, or NEGOTIATE). Save and Update Bindings. Further documentation is available here in the 'Parameters' section.
If the binding still fails, raise a Support Ticket, including the analyzer logs and verbose logs in the attachment.
Issue when ApexPMD plugin installed along with the CodeScan plugin
If Apex PMD plugin is installed alongside the Codescan plugin, one or more of the following issues may occur:
Codescan is not listed in the dropdown in Output Tab of VS Code terminal.
Inconsistency in the number of issues for a file on saving the file.
Problems for a specific file are displayed even when the file is closed.
All these issues can be resolved by uninstalling Apex PMD plugin and restarting IDE, then updating the Binding to Codescan Cloud.
CodeScan and Java Runtime Environment (JRE) sync issue
CodeScan should automatically find the JRE installed on your computer. If you have trouble, then you can specify the JRE path on your VS Code's Settings page.
Navigation: VS Code Settings > Settings > Extensions > CodeScan.
Under Codescan > Ls: Java Home (Not synced), enter the JRE path.
​
How do I see warnings and errors in VS Code?
You can click on the summary or press Ctrl+Shift+M to display the PROBLEMS panel with a list of all current errors. If you open a file that has errors or warnings, they will be rendered inline with the text and in the overview ruler.
Note:
The VS Code displays the code issues related to bugs, vulnerabilities and code smells inside the PROBLEMS tab. No code-duplications are shown in the IDE.
Other useful debugging information
Some useful debugging information is available under the Output window under the ‘CodeScan’ tab.
Also, you can check for any serious errors by going to Help > Toggle Developer Tools to bring up the console.
Raising a support ticket
Before raising a support ticket, perform the following checks in VS Code:
Are Sonarlint or ApexPmd plugin installed alongside CodeScan?- If so, uninstall it.
Is the Salesforce extension pack installed in VS Code ?- If not, install as this is mandatory.
What version of Java is installed?- Java 11 version is required
Is the Java path passed to CodeScan (codescan.ls.javaHome)?- Verify by going to VS Code Settings > Settings > Extensions > CodeScan and under Codescan › Ls: Java Home (Not synced), you should see the JAVA_HOME path mentioned. If not present, please enter the JAVA_HOME path.
You can also add the JAVA_HOME path in the settings.json file inside codescan.ls.javaHome property.
​
Perform the CodeScan Update Binding and check if the issue is resolved.
What's Next?
If you're still having issue with VS Code, raise a support ticket on the CodeScan Support Page and share with us the following informations:
In settings.json file, please add the below properties inside the curly braces ({ }) to get debug level logs:
"codescan.output.showVerboseLogs": true, 
"codescan.output.showAnalyzerLogs": true,
Update the CodeScan binding and share the logs with us.

PARAMETER	DESCRIPTION
serverID	Add serverId with a value you will remember. You will need to enter the same value in both of the serverId parameters.
organizationKey	Add your CodeScan organization key. If you are using CodeScan Self-Hosted, enter your default-organization.
serverUrl	For CodeScan Cloud, enter:
https://app.codescan.io/for U.S. region,
https://app-eu.codescan.io/ for EU, and
https://app-aus.codescan.io/for AUS.

Parameters	Description
serverId	Add serverId with a value you will remember. You will need to enter the same value in both of the serverId parameters.
organizationKey	Add your CodeScan organization key. If you are using CodeScan Self Hosted, please enter your default-organization.
serverUrl	For CodeScan cloud, please enter: `https://app.codescan.io/`for US region, `https://app-eu.codescan.io/` for EU, and `https://app-aus.codescan.io/`for AUS. For Self-Hosted CodeScan, add serverUrl as your SonarQube™ server URL (default is `http://localhost:9000`)
token	Add your security token. For Self-Hosted CodeScan, add token generated in SonarQube™.
projectKey	Add your CodeScan project key.
codescan.httpclient.version (applicable for VS Code *v1.6.10* or later)	Enter the Apache HTTP client protocol version (`FORCE_HTTP_1`, `FORCE_HTTP_2` or `NEGOTIATE`). Note: If no protocol version is set, the default protocol `NEGOTIATE` is used.

IDE Plugins

Installing CodeScan for IntelliJ

Last modified 3mo ago