Installation instructions for the CAST Highlight SCA extension for Visual Studio Code
Download & Install Visual Studio Code
If Visual Studio Code is already installed, please skip to the next step. If not, you can download and install Visual Studio code here: https://code.visualstudio.com
Download & Install the extension
You can download and install the extension from the Visual Studio Code marketplace.
In order to use the Visual Studio Code extension for SCA, you will need to have an active CAST Highlight subscription and a valid CAST Highlight user account, as well as the User Tokens feature enabled and active for the portfolio.
Note that in its current version, the CAST Highlight SCA extension supports Maven (pom.xml) only. More package managers will be added soon.
How to use the Visual Studio Code extension
Using our extension is as easy as 123.
1. Log in with your CAST Highlight credentials by clicking on the “Login” button. You can whether use your CAST Highlight credentials or a user token.
2. Select the workspace you want the CAST Highlight SCA extension to analyze by clicking on “Add project folder to workspace”.
3. Consume the results. For each detected dependency, CAST Highlight displays the possible vulnerabilities (CVEs) of the current version as well as license and other component information (version timeline, origin, etc.).
Note: the current version (1.0.0) of the extension works with Maven-based dependencies (pom.xml) only. More package managers will be added soon!