Averlon for VS Code

Table of Contents

• Features
• Getting Started
• Supported Files
• Key Commands
• How It Works
• Settings
• Requirements
• Support
• Troubleshooting & Debugging
• MCP Server Setup Guide

Averlon brings advanced vulnerability detection and actionable remediation for Dockerfiles directly into your VS Code workflow. Instantly find, prioritize, and fix security issues as you code.

Features

• Container Security Scanning: Instantly scan Dockerfiles and container images for known vulnerabilities and security misconfigurations
• Layer-by-Layer Analysis: Vulnerabilities are detected and reported on a per-layer basis for precise identification and targeted fixes
• Severity Prioritization: Color-coded vulnerability classification (Critical, High, Medium, Low) to focus on what matters most
• Flexible Remediation Options: Fix issues layer by layer for granular control, or remediate all Dockerfile vulnerabilities at once
• AI-Powered Remediation: Get specific, actionable suggestions to fix detected vulnerabilities with code examples
• Color-coded problem markers in the editor and Problems Panel (VS Code)
• Dedicated Averlon Results View for scan results, file status, and recommendations
• GitHub and Averlon authentication support
• Badge shows count of recommendations

Getting Started

Note: When signing up with GitHub, your GitHub account must have a publicly visible email address and a name set. These are required for registration and authentication to work properly.

1. Install: Averlon on the VS Code Marketplace
2. Authenticate: Sign-in to your Averlon Organization or for personal projects using Github authentication from the extension view.
3. Onboard Image Repository: You must have an image repository onboarded. The extension will prompt you if needed, or you can run the onboard command.
4. Scan: Averlon automatically scans all Dockerfiles in your workspace and fetches recommendations by scanning the associated image repository.
5. Review & Fix: See all recommendations in the Problems Panel and Averlon Results View. Use Copilot and Averlon MCP to fix issues, including "Fix All" for a Dockerfile.

Supported Files

• Dockerfile (any name/case, including files with .docker extension)

Key Commands

How It Works

• Authenticate using Averlon Organization or GitHub (from the extension view)
• You must have an image repository onboarded; the extension will prompt you if you don't have any
• Averlon scans all Dockerfiles in your workspace and tries to map them to onboarded image repositories
• Recommendations are fetched by scanning the associated image repository, not the file itself
• You can fetch recommendations manually using the Get Recommendations command
• If the association of image repository is incorrect for your Dockerfile, change it in the Averlon Results View; new recommendations are fetched automatically
• Averlon Results View shows all scanned Dockerfiles, with warnings for files with recommendations
• Problems Panel (VS Code) lists all recommendations for all Dockerfiles in the workspace
• Click a problem to see remediation steps and fix with Copilot and Averlon MCP (including "Fix All" for a Dockerfile)
• See the count of recommendations as a badge on the Averlon extension
• Rescan the workspace at any time (auto-rescans on changes)
• If a scan is in progress, recommendations will appear once complete (status shown in status bar and extension view)

Telemetry

Averlon collects anonymous usage data to help improve the extension. This data includes:

• Extension activation events
• Feature usage statistics
• Error reports (without personal information)

The extension respects your VS Code telemetry settings. To disable telemetry collection:

1. Open VS Code settings (Ctrl+, or Cmd+,)
2. Search for "telemetry"
3. Set "Telemetry: Telemetry Level" to "off"

Settings

The Averlon extension provides several configuration options to customize its behavior:

Recommendation Filter Levels

• Setting: averlon.recommendationFilters
• Type: Array of strings
• Default: ["RecommendedOrExploited"]
• Description: Controls which severity levels and classification categories of recommendations are shown
• Options:
  • RecommendedOrExploited: Issues that are marked as recommended or exploited
  • Critical: All critical severity issues
  • High: All high severity issues
  • HighRCE: Only high severity issues with RCE classification
• Example:

  "averlon.recommendationFilters": [
    "RecommendedOrExploited",
    "Critical"
  ]
  

MCP Server Configuration

• Setting: averlon.mcpPort
• Type: Number
• Description: Port to run the MCP proxy server on

Requirements

• Visual Studio Code v1.99.0 or later
• Node.js v20.18 or later

Support

For support and more information, please contact our team.

Troubleshooting & Debugging

Averlon includes comprehensive tools to help diagnose and resolve issues:

Help & Support Commands

• Show Logs: View detailed logs of extension activity
  • Command Palette: Averlon: Show Logs
• Get Support: Generate a support package with logs and system information
  • Command Palette: Averlon: Get Support

Log File Locations

If you need to access the log files directly, they are automatically stored in:

• macOS: ~/.vscode/extensions/averlon.averlon-x.x.x/logs
• Windows: %USERPROFILE%\.vscode\extensions\averlon.averlon-x.x.x\logs
• Linux: ~/.vscode/extensions/averlon.averlon-x.x.x/logs

Note: Using the Get Support command will automatically include all logs in the support package.

Common Issues

• Login Problems: Try the Logout command and login again
• Scanning Issues: Verify if Scan is running (check status bar)
• Slow Performance: Check network connectivity and scan filters

Reporting Problems

If you encounter issues with the extension, please follow these steps to help us diagnose and fix the problem:

1. Get a support package:
   • Open the Command Palette (⇧⌘P or Ctrl+Shift+P)
   • Run Averlon: Get Support
   • Save the support package ZIP file when prompted
2. Send your report:
   • Email the debug information and support package to support@averlon.io
   • Include detailed steps to reproduce the issue
   • Describe what you expected to happen vs. what actually happened
   • Mention your operating system and VS Code version

The support package is designed to provide comprehensive diagnostics without including any source code, secrets, or sensitive information. It collects only:

• Extension logs
• Environment details (VS Code version, OS)
• Extension configuration (with sensitive values redacted)
• Module loading information

For urgent issues, you can also reach our support team via the contact form on our website.

MCP Server Setup Guide

Note: You do need to do setup in case of Visual Studio Code (VS Code) < 1.102 or Cursor IDE

1. MCP Server Management

• Open the Extensions view (⇧⌘X or Ctrl+Shift+X).
• Find the new MCP SERVERS section in the sidebar. <>Averlon would be shown there</>
• If not you can add a new server by refer the 3. Configure the MCP Server step
• Installed servers appear under MCP SERVERS - INSTALLED. Right-click for actions: Start, Stop, Restart, Show Output, Configure, Disconnect, or Uninstall.

2. Start/Stop the MCP Server

• Use the context menu in the MCP Servers view to start or stop your server.
• The status bar will show the MCP server status (e.g., “Averlon MCP Server: Running”).

3. Configure the MCP Server

• MCP server configuration is now stored in a dedicated mcp.json file per profile (not in settings.json).
• To edit configuration:
  • Open the command palette (⇧⌘P or Ctrl+Shift+P).
  • Run MCP: Open User Configuration to access your mcp.json.
  • Edit or add your server config as needed. Example:

    {
        "servers": {
            "averlon": {
                "url": "http://localhost:37878/mcp",
                "type": "http"
            }
        }
    }
    

• Save the file. You will now see this MCP server in Extensions Tab too. The Averlon extension will use your configured Averlon MCP server.

Important Note on Organization Policy (VS Code 1.102+)

With the latest VS Code update, organizations can now control whether developers are allowed to use MCP servers via a GitHub Copilot policy. If you do not see the option to "Start" the MCP server—even when configuration is present—your organization may have disabled MCP server access.

• If you are unable to start the MCP server, check with your organization administrator to ensure MCP is enabled for your account.
• Once the policy is enabled, the "Start" option will appear and the MCP server can be started as expected.

This is important for customers: MCP server access may be restricted by your organization's policy. Always verify with your admin if you encounter issues starting the server.

Need Help?

For help, contact support@averlon.io.

Telemetry

The Averlon extension collects anonymous usage data to help improve the product. This telemetry respects VS Code's telemetry settings and can be disabled through VS Code preferences.

What We Collect

• Authentication events (login, logout)
• Scanning activity (start, complete, errors)
• Feature usage (recommendations, MCP server operations)
• Error information (for troubleshooting)

No personal data or sensitive information is collected.

Disabling Telemetry

To disable telemetry:

1. Open VS Code settings (Cmd+, or Ctrl+,)
2. Search for "telemetry"
3. Set "Telemetry: Telemetry Level" to "off"