Overview Version History Q & A Rating & Review
SCA Vulnerability Scanner
A Software Composition Analysis (SCA) extension for VS Code. This extension scans your project dependencies and detects security vulnerabilities using the NVD (National Vulnerability Database) API.
Features
Multi-format dependency file support:
package.json
(NPM)
requirements.txt
(Python)
pom.xml
(Maven)
go.mod
(Go)
NVD API integration
Vulnerability severity classification (Critical, High, Medium, Low)
Visual reporting with detailed statistics
Interactive vulnerability explorer
Detailed vulnerability information panel
Secure API key management
Custom filtering and sorting options
Installation
Install the "SCA Vulnerability Scanner" extension from VS Code Marketplace
Set your NVD API key (you can get one from https://nvd.nist.gov/developers/request-an-api-key )
Start using the extension!
Usage
Open a project in VS Code
Click on the SCA Scanner icon in the left sidebar
Enter your NVD API key when prompted during first use
Click "Scan Dependencies" to start scanning
Sample Test Files
The samples
directory contains example dependency files for testing:
package.json
: NPM dependencies
requirements.txt
: Python dependencies
pom.xml
: Maven dependencies
go.mod
: Go dependencies
Privacy & Security
Your API key is stored securely in VS Code's built-in secret storage
No data is sent to any servers except the official NVD API
All scanning is performed locally on your machine
Development
Clone the repository
Install dependencies: npm install
Launch VS Code in development mode: F5
License
MIT