Visual Studio Code
Install Plugin
-
Option 1:Install from VS Marketplace
In VS Code, open Extensions in the left sidebar -> enter "OpenSCA Xcheck" in the extension search box, click "Install"
-
Option 2:Download from OpenSCA Official Web Site
- Download "OpenSCA-Xcheck.vsix" from the OpenSCA official website;
- Open VS Code, open Extensions in the left sidebar -> more actions in the top bar of the extension -> "Install from VSIX" -> find and install "OpenSCA-Xcheck.vsix";
-
Option 3:Build from source code
-
Install vsce
npm install --global @vscode/vsce -
Package
vsce package
-
Using the Plugin
Plugin Features
- Start Scan: Click the "Run" button in the action bar to start scanning for vulnerabilities in the components of the current project.
- Stop Scan: Click the "Stop" button in the action bar to stop the ongoing scan for vulnerabilities in the current project.
- Clear Scan Results: Click the "Clean" button in the action bar to clear the scan results of the current project.
- Connection Configuration: Click the "Test" button in the action bar to configure the platform URL and Token information. Click the "Test Connection" button to verify if the connection configuration is correct. Once the connection is successful, you can start scanning.
- Settings: Click the "Setting" button in the action bar to view the settings related to OpenSCA Xcheck.
- Instructions: Click the "Instructions" button in the action bar to view the user manual for OpenSCA Xcheck.
- See More: Click the "See more" button in the action bar to visit opensca.xmirror.cn for more information about OpenSCA Xcheck.
Plugin Execution Process
Running a Scan
Click on OpenSCA Xcheck to open the OpenSCA window. First, configure the server parameters in the configuration interface (refer to: Plugin Features - Settings), then click “Run” in the OpenSCA window (refer to: Plugin Features - Start Scan).
JetBrains IDEs
Installing the Plugin
-
Method 1: Install from the JetBrains Plugin Marketplace (Recommended)
For example, in IntelliJ IDEA: go to
File | Settings | Plugins | Marketplace, search for "OpenSCA Xcheck" in the search box, and click "Install".
-
Method 2: Download the plugin from the OpenSCA Platform and install it manually
For example, in IntelliJ IDEA: drag the downloaded plugin package into the IDE.
-
Method 3: Download the source code and compile it yourself
Open the downloaded source code in IntelliJ IDEA. Configure the runtime environment:
JDK11. After Gradle imports dependencies and plugins, execute thebuildPlugintask of theintellijplugin in Gradle. The built package will be located in thebuild/distributionsdirectory of the project. Drag this package into the IDE to install it.
Using the Plugin
Plugin Features
- Configuration: Click
File | Settings | Other Settings | OpenSCA Settingor click theSettingbutton in the OpenSCA window to configure the server URL and Token in the configuration interface. - Test Connection: After configuring the server URL and Token in the OpenSCA configuration interface, click the
Test Connectionbutton to verify if the URL and Token are valid. - Run: Click the
Runbutton in the OpenSCA window to perform a code assessment on the current project. - Stop: If a code assessment is ongoing for the current project, the
Stopbutton will be enabled. Click theStopbutton to end the current assessment task. - Clear: If the Xcheck sub-window in the OpenSCA window already has assessment results, click the
Cleanbutton to clear all results in the Xcheck sub-window.
Plugin Execution Process
Running a Scan
Click View > Tool Windows > OpenSCA to open the OpenSCA window. First, configure the server parameters in the OpenSCA configuration interface (refer to: Plugin Features - Configuration), then click the "Run" button in the OpenSCA window (refer to: Plugin Features - Run).