CodeNova-MVRE

Advanced Cybersecurity Vulnerabilities and Compliance Violations Detection System

Also known as: Advanced Cybersecurity Vulnerabilities Detection with Mathematical Proofs

🎯 Overview

CodeNova-MVRE is a comprehensive security analysis tool that detects cybersecurity vulnerabilities and compliance violations in your code using advanced mathematical verification techniques.

Key Features

• 🔍 Vulnerability Detection: Identifies SQL injection, XSS, command injection, and 50+ vulnerability types
• 📋 Compliance Validation: Checks GDPR, SOC2, PCI-DSS, HIPAA, ISO27001, SOX, and CCPA compliance
• 🧮 Mathematical Proofs: Provides formal verification of security properties
• 🎯 EPSS Integration: Risk prioritization using Exploit Prediction Scoring System
• ⚡ Real-time Analysis: Instant feedback on security issues

🚀 Quick Start

Installation

1. Open VSCode
2. Search for "CodeNova-MVRE" in the Extensions marketplace
3. Click Install

That's it! CodeNova-MVRE is now ready to use.

💻 Usage

For Coding Agents (Claude Code, Cline, etc.)

CodeNova-MVRE can be used directly from your coding agent's terminal or chat interface.

Installation for Coding Agents

Option 1: From VSCode Marketplace

# In your agent's terminal
code --install-extension avivalabs.codenova-mvre

Option 2: Download and Install

1. Download the .vsix file from VSCode Marketplace
2. In your agent's terminal:

code --install-extension codenova-mvre-2.0.0.vsix

Using CodeNova-MVRE from Agent Terminal/Chat

Once installed, use these three simple commands:

1. Start CodeNova MCP Server

# Start the CodeNova MCP Server in the background
codenova start

2. Scan for Cybersecurity Vulnerabilities

# Scan a single file
codenova scan <file-path>

# Scan all files in a directory
codenova scan <directory-path>

# Examples:
codenova scan ./src/app.js
codenova scan ./src

3. Check for Compliance Violations

# Check a single file
codenova check <file-path>

# Check all files in a directory
codenova check <directory-path>

# Examples:
codenova check ./src/user-data.py
codenova check ./src

From VSCode IDE

Command Palette

Press Ctrl+Shift+P (or Cmd+Shift+P on Mac) and type:

• CodeNova: Start CodeNova MCP Server
• CodeNova: Scan File for Vulnerabilities
• CodeNova: Scan Directory for Vulnerabilities
• CodeNova: Check Compliance Violations
• CodeNova: Check Directory for Compliance Violations

Keyboard Shortcuts

• Ctrl+Shift+V (or Cmd+Shift+V on Mac) - Scan current file for vulnerabilities
• Ctrl+Shift+C (or Cmd+Shift+C on Mac) - Check current file for compliance violations

Context Menu

Right-click on any file or folder in the Explorer:

• Scan File for Vulnerabilities - Analyze a single file
• Scan Directory for Vulnerabilities - Analyze all files in a directory
• Check Compliance Violations - Check compliance for a file
• Check Directory for Compliance Violations - Check compliance for all files

From IDE Chat Box

You can also use natural language commands in your IDE's chat interface:

"Use CodeNova to scan my code for vulnerabilities"
"Check this file for GDPR compliance violations"
"Scan the entire src directory for security issues"
"Generate mathematical proofs for the authentication logic"

🛡️ Supported Vulnerability Types

• SQL Injection (CWE-89)
• Cross-Site Scripting (XSS) (CWE-79)
• Command Injection (CWE-78)
• Path Traversal (CWE-22)
• Weak Cryptography (CWE-327)
• Hardcoded Credentials (CWE-798)
• Unsafe Deserialization (CWE-502)
• Broken Authentication (CWE-287)
• Missing Access Control (CWE-639)
• Server-Side Request Forgery (SSRF) (CWE-918)
• And 40+ more...

📋 Supported Compliance Frameworks

• GDPR - General Data Protection Regulation
• SOC2 - Service Organization Control 2
• PCI-DSS - Payment Card Industry Data Security Standard
• HIPAA - Health Insurance Portability and Accountability Act
• ISO27001 - Information Security Management
• SOX - Sarbanes-Oxley Act
• CCPA - California Consumer Privacy Act

🧮 Mathematical Verification

CodeNova-MVRE uses formal mathematical methods to verify security properties:

• Theorem Proving: Generates formal proofs using Lean 4
• SMT Solving: Uses Z3 solver for constraint verification
• EPSS Scoring: Exploit Prediction Scoring System for risk prioritization
• Formal Verification: Mathematical guarantees of security properties

⚙️ Configuration

Access settings via File > Preferences > Settings and search for "CodeNova":

• Auto Scan: Automatically scan files on save (default: off)
• Compliance Frameworks: Select which frameworks to check
• Server Path: Custom path to CodeNova MCP Server (optional)

📊 Output Examples

Vulnerability Scan Results

🔍 CodeNova Vulnerability Scan Results
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Total Vulnerabilities: 17
Vulnerability Types: 10

Priority Breakdown:
  CRITICAL  17 vulnerabilities - Patch immediately (< 24h)
  HIGH      0 vulnerabilities - Patch urgent (< 72h)
  MEDIUM    0 vulnerabilities - Schedule patching (1-2 weeks)
  LOW       0 vulnerabilities - Monitor

🔴 CWE-78: Command Injection
   CVSS: 9.8  EPSS: 94.36% (very_high)
   Risk: 93/100  Priority: CRITICAL
   Action: PATCH IMMEDIATELY

Compliance Check Results

📋 CodeNova Compliance Check Results
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Total Violations: 110
Frameworks Affected: 7

Violations by Framework:
   GDPR: 17 violations
      🔴 Critical: 6
      🟠 High: 11
   SOC2: 16 violations
      🔴 Critical: 8
      🟠 High: 8
   PCI-DSS: 13 violations
      🔴 Critical: 10
      🟠 High: 3

🔧 Troubleshooting

Server Not Starting

If the CodeNova MCP Server doesn't start automatically:

1. Check that Node.js is installed: node --version
2. Manually start the server: codenova start
3. Check the Output panel in VSCode for error messages

No Results Showing

1. Ensure the file is saved before scanning
2. Check that the file type is supported (Python, JavaScript, TypeScript, Java, etc.)
3. Verify the server is running: Check the status bar

📝 License

Copyright © 2024 Aviva Labs. All rights reserved.

🆘 Support

For support, please contact: support@avivalabs.com

🔄 Updates

CodeNova-MVRE is regularly updated with:

• New vulnerability detection patterns
• Additional compliance frameworks
• Enhanced mathematical verification
• Performance improvements

Check the VSCode Extensions marketplace for the latest version.

CodeNova-MVRE - Advanced Cybersecurity Vulnerabilities and Compliance Violations Detection System