Java Vulnerability Scanner for VS Code

A VS Code extension that detects security vulnerabilities in Java code using pattern matching and static analysis.

Features

• Detects common Java security vulnerabilities:
  • SQL Injection
  • Command Injection
  • XSS vulnerabilities
  • Insecure deserialization
  • Weak cryptographic algorithms
• Integrates with SpotBugs for advanced analysis
• Real-time scanning on file save
• Detailed vulnerability explanations

Installation

1. Open VS Code
2. Go to Extensions view (Ctrl+Shift+X)
3. Search for "Java Vulnerability Scanner"
4. Click Install

Usage

1. Open a Java file
2. Use the command palette (Ctrl+Shift+P) and run "Scan for Java Vulnerabilities"
3. Or let it automatically scan when you save files

Configuration

Add these settings to your settings.json:

{
  "javaVulnerabilityScanner.scanOnSave": true,
  "javaVulnerabilityScanner.spotBugsPath": "/path/to/spotbugs"
}