Averlon for VS Code

Features
Getting Started
Supported Files
Key Commands
How It Works
Requirements
Support
Troubleshooting & Debugging
MCP Server Setup Guide

Averlon brings advanced vulnerability detection and actionable remediation for Dockerfiles directly into your VS Code workflow. Instantly find, prioritize, and fix security issues as you code.

Features

Container Security Scanning: Instantly scan Dockerfiles and container images for known vulnerabilities and security misconfigurations
Layer-by-Layer Analysis: Vulnerabilities are detected and reported on a per-layer basis for precise identification and targeted fixes
Severity Prioritization: Color-coded vulnerability classification (Critical, High, Medium, Low) to focus on what matters most
Flexible Remediation Options: Fix issues layer by layer for granular control, or remediate all Dockerfile vulnerabilities at once
AI-Powered Remediation: Get specific, actionable suggestions to fix detected vulnerabilities with code examples
Color-coded problem markers in the editor and Problems Panel (VS Code)
Dedicated Averlon Results View for scan results, file status, and recommendations
GitHub and Averlon authentication support
Badge shows count of recommendations

Getting Started

Note: When signing up with GitHub, your GitHub account must have a publicly visible email address and a name set. These are required for registration and authentication to work properly.

Install: Averlon on the VS Code Marketplace
Authenticate: Sign-in to your Averlon Organization or for personal projects using Github authentication from the extension view.
Onboard Image Repository: You must have an image repository onboarded. The extension will prompt you if needed, or you can run the onboard command.
Scan: Averlon automatically scans all Dockerfiles in your workspace and fetches recommendations by scanning the associated image repository.
Review & Fix: See all recommendations in the Problems Panel and Averlon Results View. Use Copilot and Averlon MCP to fix issues, including "Fix All" for a Dockerfile.

Supported Files

Dockerfile (any name/case, including files with .docker extension)

Key Commands

Command	Description
`averlon.logout`	Logout from Averlon
`averlon.selectCloud`	Select Account/Cloud
`averlon.getRecommendations`	Get Recommendations
`averlon.stopMcpServer`	Stop Averlon MCP Server
`averlon.startMcpServer`	Start Averlon MCP Server
`averlon.selectImageRepo`	Select Image Repository
`averlon.onboardImageRepo`	Onboard Image Repository
`averlon.rescanWorkspace`	Rescan Workspace

How It Works

Authenticate using Averlon Organization or GitHub (from the extension view)
You must have an image repository onboarded; the extension will prompt you if you don't have any
Averlon scans all Dockerfiles in your workspace and tries to map them to onboarded image repositories
Recommendations are fetched by scanning the associated image repository, not the file itself
You can fetch recommendations manually using the Get Recommendations command
If the association of image repository is incorrect for your Dockerfile, change it in the Averlon Results View; new recommendations are fetched automatically
Averlon Results View shows all scanned Dockerfiles, with warnings for files with recommendations
Problems Panel (VS Code) lists all recommendations for all Dockerfiles in the workspace
Click a problem to see remediation steps and fix with Copilot and Averlon MCP (including "Fix All" for a Dockerfile)
See the count of recommendations as a badge on the Averlon extension
Rescan the workspace at any time (auto-rescans on changes)
Configure Averlon MCP (port, etc.) in settings; monitor status in the status bar
Start/stop the MCP server with commands (not recommended to stop, but possible)
If a scan is in progress, recommendations will appear once complete (status shown in status bar and extension view)

Requirements

Visual Studio Code v1.99.0 or later
Node.js v20.18 or later

Support

For support and more information, please contact our team.

Troubleshooting & Debugging

Averlon includes comprehensive tools to help diagnose and resolve issues:

Help & Support Commands

Show Logs: View detailed logs of extension activity
- Command Palette: Averlon: Show Logs
Get Support: Generate a support package with logs and system information
- Command Palette: Averlon: Get Support

Log File Locations

If you need to access the log files directly, they are automatically stored in:

macOS: ~/.vscode/extensions/averlon.averlon-x.x.x/logs
Windows: %USERPROFILE%\.vscode\extensions\averlon.averlon-x.x.x\logs
Linux: ~/.vscode/extensions/averlon.averlon-x.x.x/logs

Note: Using the Get Support command will automatically include all logs in the support package.

Common Issues

Login Problems: Try the Logout command and login again
Scanning Issues: Verify MCP server is running (check status bar)
Slow Performance: Check network connectivity and scan filters

Reporting Problems

If you encounter issues with the extension, please follow these steps to help us diagnose and fix the problem:

Get a support package:
- Open the Command Palette (⇧⌘P or Ctrl+Shift+P)
- Run Averlon: Get Support
- Save the support package ZIP file when prompted
Send your report:
- Email the debug information and support package to support@averlon.io
- Include detailed steps to reproduce the issue
- Describe what you expected to happen vs. what actually happened
- Mention your operating system and VS Code version

The support package is designed to provide comprehensive diagnostics without including any source code, secrets, or sensitive information. It collects only:

Extension logs
Environment details (VS Code version, OS)
Extension configuration (with sensitive values redacted)
Module loading information

For urgent issues, you can also reach our support team via the contact form on our website.

MCP Server Setup Guide

1. MCP Server Management in VS Code

Open the Extensions view (⇧⌘X or Ctrl+Shift+X).
Find the new MCP SERVERS section in the sidebar. <>Averlon would be shown there</>
If not you can add a new server by refer the 3. Configure the MCP Server step
Installed servers appear under MCP SERVERS - INSTALLED. Right-click for actions: Start, Stop, Restart, Show Output, Configure, Disconnect, or Uninstall.

2. Start/Stop the MCP Server

Use the context menu in the MCP Servers view to start or stop your server.
The status bar will show the MCP server status (e.g., “Averlon MCP Server: Running”).

3. Configure the MCP Server

MCP server configuration is now stored in a dedicated mcp.json file per profile (not in settings.json).
To edit configuration:
- Open the command palette (⇧⌘P or Ctrl+Shift+P).
- Run MCP: Open User Configuration to access your mcp.json.
- Edit or add your server config as needed. Example:
```
{
    "servers": {
        "averlon": {
            "url": "http://localhost:37878/mcp",
            "type": "http"
        }
    }
}
```
Save the file. You will now see this MCP server in Extensions Tab too. The Averlon extension will use your configured Averlon MCP server.

Important Note on Organization Policy (VS Code 1.102+)

With the latest VS Code update, organizations can now control whether developers are allowed to use MCP servers via a GitHub Copilot policy. If you do not see the option to "Start" the MCP server—even when configuration is present—your organization may have disabled MCP server access.

If you are unable to start the MCP server, check with your organization administrator to ensure MCP is enabled for your account.
Once the policy is enabled, the "Start" option will appear and the MCP server can be started as expected.

This is important for customers: MCP server access may be restricted by your organization's policy. Always verify with your admin if you encounter issues starting the server.

Need Help?

For help, contact support@averlon.io.

Averlon