search
SupportSnyk LearnAPI referenceProduct updatesSign up for free
githubEdit

View analysis results from Visual Studio Code extension

hashtag
Overview of results

Snyk analysis shows a list of security vulnerabilities and code issues in the application code. Select a security vulnerability or a code security issue to view more details and examples of how others fixed the issue. The Issue details panel appears in a tab on the right side of the screen, as shown in following screen image.

The Snyk analysis panel on the left shows the time the analysis took and a list of issues with the suggestions found for those issues.

Snyk Security extension with Snyk Code issue
Snyk Security extension with Snyk Code issue

Each issue contains a severity icon that has the following meaning:

Critical severity

May allow attackers access to sensitive data and to run code on your application.

High severity

May allow attackers access to sensitive data on your application.

Medium severity

May allow attackers under some conditions to have access to sensitive data on your application.

Low severity

The application may expose some data allowing vulnerability mapping, which can be used with other vulnerabilities to attack the application.

hashtag
Scan configuration

You can customize your scan behavior to reflect your company's security policy or to focus on certain areas.

hashtag
Severity filter

Snyk reports critical, high, medium, and low severities. This can be adjusted in the scan configuration settings.

By default, all levels are selected. You must select at least one.

hashtag
Filter by issue type

Snyk reports the following types of issues:

circle-info

The exact capabilities and available scanners depend on your Snyk plan. Be sure your Organization's admin enabled all Snyk products prior to configuring any of them in the IDE plugin.

You can set the issue types to be shown in the Scan configuration settings. By default, all issue types shown are selected.

hashtag
Net new issues versus all issues

Starting with Visual Studio Code extension version 2.19.0, it is possible to see only newly introduced issues.

This functionality reduces noise and allows you to focus only on current changes. This helps prevent issues early, thus unblocking your CI/CD pipeline and speeding up your deliveries.

The logic uses your local Git repository or any folder to compare the current findings with those in a base branch or reference folder. Net new issues scanning (delta scanning) shows you the difference between the two branches or folders, highlighting only the new issues.

In Visual Studio Code version 2.21.0 and later, you can choose any folder as your base for scanning.

To apply the filter and see only the new issues, use the total or new toggle in the summary panel.

Summary panel with a toggle that shows the total number of issues, and the number of issues in the checked out branch or current folder
Net new issues filter enabled after the user clicks on the total/new issues toggle

You can also enable the net new issues feature in the scan configuration settings for the extension.

For newly created feature branches, there will be no reported issues. That is an intended state that developers would aim for, as shown in the screen image that follows:

Successful state. No Net New issues found.
Successful state. No net new issues found.

hashtag
Changing the base branch

The base branch is usually determined automatically for each Git repository.

You can change the base branch or base folder by following these steps:

  1. Select the Snyk plugin.

  2. Toggle the total/new filter in the summary panel.

  3. Click on the top-level node in the issues tree to change the branch or directory.

  4. Use text input to specify any branch name or reference directory.

PreviousRun an analysis with Visual Studio Code extensionNextAnalysis results: Snyk Code

Last updated

Was this helpful?