How to use the VS Code Cortex Cloud extension - Cortex IDE - Cortex

Documentation
Product
Cortex IDE
Creation date
2025-06-24
Last date published
2025-09-28

The Cortex Cloud security extension allows you to conduct comprehensive scans, manage issues efficiently, and remediate issues, all within your coding environment. You can manage issues through both the Code editor and the Details panel.

Execute scans

You have two ways to scan your code for security issues:

  • Full scan: Click the Play button in the Details panel to initiate a scan of the entire project

  • Single file scan: Open or save a specific file to trigger a scan exclusively for that file

View scan history

In the Security scan panel, select Extension MonitoringOpen Scan History to view a record of past scanning activities. For each recorded scan, you can review details such as the start time and duration of the scan, the path that was scanned, the scan trigger (such as Manual or File Opened), the total number of issues detected, and the CLI command used to execute the scan. Under scan history, you can also run scans locally from the terminal for support purposes and so on.

View log files

In the Security scan panel, select Extension MonitoringOpen Cortex Cloud Log to view log files. These logs provide diagnostic information and details about the execution of your scans, which can be useful for troubleshooting.

Manage issues in the Details panel

The Security scan panel, displays issues detected in scans, and organized by security category: IaC, Secrets, Vulnerabilities, Licenses, and Package Integrity. Each category-specific tab displays the total count of issues associated with its specific type.

Use the filter icon next to a category to filter issues by severity.

  1. Under a scan category, browse through folders/subfolders to locate and click on a file containing issues.

    Note

    An icon next to a category in the Security scan panel indicates if a fix is available for issues within that category.

  2. Select an individual issue within the file to display its details in the Details panel.

    Note

    The corresponding file simultaneously opens in the Code editor, highlighting the issue within its exact code context. See below for more information.

The detailed issue view provides information including:

  • The name and description of the issue

  • The code lines (or resource for IaC misconfigurations) in which the issue has been detected

  • Contextual remediation options, provided specifically for each issue type to guide resolution. For more information about remediation options, refer to Remediation options by issue category

Manage issues in the Code editor

Select an individual issue within the Security scan panel to open the file containing the issue in the Code editor. Issues are marked by a red X next to the code line.

  • Hover over the red X for basic details about the issue: severity, finding name, and remediation options

  • For IaC resources with multiple issues, hovering over the line of code marked X displays a list of issues at the resource's starting line. Scroll to view all issues

  • Select Console to display its full details in the Details panel

Remediation options by issue category

You can mitigate issues directly through both the Code editor or the Details panel. Options include Fix, Suppress, and Documentation.

Note

Not all types of remediation are available for all issues. For example, fixes are not available for License issues.

Fixes

When selecting an issue in either the Code editor and Details panel, a suggested fix is displayed when available. Fixes are automatically applied to the code upon selection. The following list displays the type of fix available for the different categories of issues.

  • CVE vulnerabilities: The fix bumps the package version. You can directly fix the specific CVE vulnerability that has been detected during the scan by upgrading the package to the version that includes a fix

  • IaC misconfigurations: The fix modifies the configuration. The Details panel displays the code difference to be fixed

  • Secrets issues: N/A

  • License mis-compliance: N/A

  • Package Integrity: N/A

Suppression

Suppress an issue to temporarily hide or ignore an issue without fixing it, allowing you to concentrate on more important issues. The suppression is scoped to the file.

  1. Select an issue from the Security scan panelclick Suppress from either the Code editor or Details panel.

  2. Provide a justification for the suppressionpress Enter to confirm.

    The justification will be added as a commented annotation to your source code.

After suppressing an issue, the file will not be scanned for two minutes. This is to prevent the issue from being re-triggered. Saving the file during the hold period will not trigger a scan.

Documentation

If automated fixes are not available, policy documentation can provide guidance on how to address the issue: Select an issueDocumentation You are redirected to the relevant policy documentation which includes suggested guidelines on how to solve the issue.

Note

Secrets and Licenses category issues are typically mitigated by following the guidance in the Documentation.