loading...

Live Vulnerability spotting in VSCode

brianverm profile image Brian Vermeer 🧑🏼‍🎓🧑🏼‍💻 ・1 min read

After my Codeland talk a bunch of people asked me if I know any good tool for spotting vulnerabilities in packages you depends on.

I want to highlight one tool over here. It is an open-source, community-driven extension for VSCode called Vuln Cost.

Vuln Cost in action

Looks cool right?!

What does it do?

This extension looks at the packages you are using while you are coding. It checks if these packages have vulnerabilities and displays this inline.

To have all the information available we are using the information from Snyk. To connect to that API you need to have a Snyk account. We made it possible that a FREE account is already enough to get all the information.

It currently works for:

  • Node packages in JavaScript en TypeScript files
  • popular CDN's in HTML files
  • Node packages in your package.json

Community-driven

As mentioned, this extension is a community-driven initiative. Feel free to open an issue, or even better create a pull request! We love your contributions to make the world a little bit safer!

Links

VSCode marketplace
Github repo
Information about Vuln Cost

Posted on by:

brianverm profile

Brian Vermeer 🧑🏼‍🎓🧑🏼‍💻

@brianverm

Java Dev | DevRel | VirtualJug Co-lead | UtrechtJUG Co-lead | MyDevSecOps Co-lead | Dutch Air Reserve | Taekwondo Master | Flag Football CB/WR

Discussion

markdown guide