--- description: "Use the Fluid Attacks VS Code extension to view vulnerable code, apply treatments, request reattacks, accept vulnerabilities and fix code directly in your IDE." keywords: "Fluid Attacks platform, Fluid Attacks automatic fix, Fluid Attacks IDE extension, Fluid Attacks VS Code extension, Fluid Attacks VS Code integration, Fluid Attacks plugins, Fluid Attacks documentation" other: private: false title: View vulnerable lines, use fix options and more --- # View vulnerable lines, use fix options and more import { Image } from "@/components/image"; [Fluid Attacks](https://fluidattacks.com/)' VS Code extension offers the following functions: - [See vulnerable file and code line](https://help.fluidattacks.com/portal/en/kb/articles/view-vulnerable-lines-use-fix-options-and-more#See_vulnerable_file_and_code_line) - [Request reattacks](https://help.fluidattacks.com/portal/en/kb/articles/view-vulnerable-lines-use-fix-options-and-more#Request_reattacks) - [Go to Criteria](https://help.fluidattacks.com/portal/en/kb/articles/view-vulnerable-lines-use-fix-options-and-more#Go_to_Criteria_and_vulnerability_on_the_platform) (links to Fluid Attacks' documentation on vulnerabilities) - [Go to vulnerability on the platform](https://help.fluidattacks.com/portal/en/kb/articles/view-vulnerable-lines-use-fix-options-and-more#Go_to_Criteria_and_vulnerability_on_the_platform) - [View vulnerability description](https://help.fluidattacks.com/portal/en/kb/articles/view-vulnerable-lines-use-fix-options-and-more#View_vulnerability_description) - [Get step-by-step remediation guides with Custom fix](https://help.fluidattacks.com/portal/en/kb/articles/get-ai-generated-guides-for-remediation) - [Get automatic fixing suggestions with Autofix](https://help.fluidattacks.com/portal/en/kb/articles/fix-code-automatically-with-gen-ai) You can access the above functions by either clicking on the Fluid Attacks extension in VS Code's activity bar or clicking on repository files marked with a red dot in VS Code's explorer. This page guides you through using these functions except for the last two, for which there are dedicated, more detailed, pages. > [!TIP] > > Don't have the extension yet? [Install it](https://help.fluidattacks.com/portal/en/kb/articles/install-the-vs-code-extension). ## See vulnerable file and code line You can view vulnerabilities reported in the Fluid Attacks platform from the IDE. If starting from the Fluid Attacks extension icon, follow these steps: 1. Click on the Fluid Attacks icon in VS Code's activity bar. You are then presented with a comprehensive list of vulnerability types detected in your code. See reported vulnerability types in the Fluid Attacks VS Code extension

See reported vulnerability types in the Fluid Attacks VS Code extension

> [!TIP] > > Notice that the letters next to the names of vulnerability types inform you of their **severity** following the CVSS. 1. Click on the vulnerability type of your interest to view all affected files. See reported vulnerabilities in the Fluid Attacks VS Code extension

See reported vulnerabilities in the Fluid Attacks VS Code extension

1. Select a file of your interest to identify the line of code where the vulnerability is present, which is underlined with red. See vulnerable line of code in the Fluid Attacks VS Code extension

See vulnerable line of code in the Fluid Attacks VS Code extension

If starting from VS Code's explorer, follow these steps: 1. Open the project corresponding to the [Git repository](https://help.fluidattacks.com/portal/en/kb/articles/manage-repositories#Manage_Git_repositories) that is tested by Fluid Attacks. Files with vulnerabilities are marked with red dots. 1. You may click on the files to open them or click on the X icon to open the panel listing the problems of every file. See vulnerable files in the Fluid Attacks VS Code extension

See vulnerable files in the Fluid Attacks VS Code extension

If going with the latter, click on an item to open the file and see the vulnerable line of code. See a list of vulnerable files in the Fluid Attacks VS Code extension

See a list of vulnerable files in the Fluid Attacks VS Code extension

1. Identify the vulnerable lines of code, which have a red underline. ## Request reattacks [Reattacks](https://help.fluidattacks.com/portal/en/kb/articles/verify-fixes-with-reattacks) refer to retests where Fluid Attacks verifies the effectiveness of your code fixes. To request reattacks starting from the Fluid Attacks extension icon, follow these steps: 1. Click on the Fluid Attacks extension in VS Code's activity bar. 1. Expand the type of vulnerability you wish to explore by clicking on its name. 1. Click on a vulnerability to see some icons appear. Click on the shield icon to request a reattack. Find reattack option in the Fluid Attacks VS Code extension

Find reattack option in the Fluid Attacks VS Code extension

1. Write a description of the fix you applied and press **Enter**. Wait to receive a notification confirming the successful delivery of the request. 1. You can refresh the view and observe that the vulnerability's underline changes from red to blue, indicating that the reattack was successfully requested. If starting from VS Code's explorer, follow these steps: 1. Click on the file to open it. 1. Right-click on the underlined code and locate the **Request reattack** option. Request a reattack from the Fluid Attacks VS Code extension

Request a reattack from the Fluid Attacks VS Code extension

1. Write a description of the fix you applied and press Enter. Wait to receive a notification confirming the successful delivery of the request. > [!TIP] > > **Note:** Remember to push your code to the tests/security/integration branch. ## Go to Criteria and vulnerability on the platform Fluid Attacks' VS Code extension provides you with external links to [Fluid Attacks' Database](https://db.fluidattacks.com/) (DB) and, separately, to the report of the vulnerability on the platform. Fluid Attacks' DB is documentation that mainly presents the standards, requirements and vulnerability types that determine the results of security testing. If starting from the Fluid Attacks extension icon to access those external links, click on the extension in VS Code's activity bar and then right-click on the type of vulnerability of your interest. This way, you can see the options **Go to Criteria** and **Go to Finding**. Follow external links in the Fluid Attacks VS Code extension

Follow external links in the Fluid Attacks VS Code extension

If starting from VS Code's explorer, follow these steps to access the link to the [DB](https://db.fluidattacks.com/): 1. Click on the file to open it. 1. Right-click on the vulnerable line and select **Go to criteria**. Open vulnerability documentation from the Fluid Attacks VS Code extension

Open vulnerability documentation from the Fluid Attacks VS Code extension

To access the link to the vulnerability on the platform, starting from VS Code's explorer, do the following: 1. Click on the file to open it. 1. Locate the vulnerable line and hover your mouse cursor over it. A pop-up window appears, showing the definition and the external link. Open link to the platform from the Fluid Attacks VS Code extension

Open link to the platform from the Fluid Attacks VS Code extension

1. Click on the link to the [vulnerability URL](https://help.fluidattacks.com/portal/en/kb/articles/see-where-vulnerabilities-are-and-more-details#Get_the_link_to_share_the_details_of_a_vulnerability) on the platform. ## View vulnerability description [Fluid Attacks](https://fluidattacks.com/) offers comprehensive documentation on their [classification of vulnerabilities](https://db.fluidattacks.com/wek/). To see Fluid Attacks' description of a type of vulnerability, starting from the Fluid Attacks extension icon: 1. Click on the Fluid Attacks extension in VS Code's activity bar. 1. Right-click on the type of vulnerability of your interest. 1. Select **See Finding description**. This causes the current editor view to split to show you selected information from Fluid Attacks' documentation without leaving VS Code. This includes attack vector, threat, severity score and average remediation time information. See vulnerability description from the Fluid Attacks VS Code extension

See vulnerability description from the Fluid Attacks VS Code extension

If starting from VS Code's explorer, follow these steps to view the vulnerability description: 1. Click on the file to open it. 1. Right-click on the vulnerable line and select **See Finding description**. See vulnerable line description from the Fluid Attacks VS Code extension

See vulnerable line description from the Fluid Attacks VS Code extension

See the vulnerability description and other details at the right side of the editor. View finding description in the Fluid Attacks VS Code extension

View finding description in the Fluid Attacks VS Code extension

## Use fix options > [!CAUTION] > > Always review the accuracy of remediation suggestions generated with AI. Fluid Attacks' VS Code extension uses artificial intelligence to generate fix suggestions. You have two features at your disposal: - [**Custom fix**](https://help.fluidattacks.com/portal/en/kb/articles/get-ai-generated-guides-for-remediation)**:** Generate step-by-step guides telling you how to fix your code - [**Autofix**](https://help.fluidattacks.com/portal/en/kb/articles/fix-code-automatically-with-gen-ai)**:** Automatically generate a **suggested** pull request fixing the code (special caution is advised when using this function, as it intends to make changes directly to your codebase) > [!TIP] > > For more information on these features, refer to [Fix code with gen AI](https://help.fluidattacks.com/portal/en/kb/find-security-vulnerabilities/fix-code-with-gen-ai). ## Refresh button To ensure actions such as reattack requests and treatment assignment are reflected in the extension, click the refresh button. Refresh the Fluid Attacks VS Code extension

Refresh the Fluid Attacks VS Code extension

Upon refreshing, vulnerability underlines update to reflect their status: - **Blue:** Reattack requested - **Yellow:** 'Temporarily accepted' treatment applied