SCA Vulnerability Scanner

A Software Composition Analysis (SCA) extension for VS Code. This extension scans your project dependencies and detects security vulnerabilities using the NVD (National Vulnerability Database) API.

Features

• Multi-format dependency file support:
  • package.json (NPM)
  • requirements.txt (Python)
  • pom.xml (Maven)
  • go.mod (Go)
• NVD API integration
• Vulnerability severity classification (Critical, High, Medium, Low)
• Visual reporting with detailed statistics
• Interactive vulnerability explorer
• Detailed vulnerability information panel
• Secure API key management
• Custom filtering and sorting options

Installation

1. Install the "SCA Vulnerability Scanner" extension from VS Code Marketplace
2. Set your NVD API key (you can get one from https://nvd.nist.gov/developers/request-an-api-key)
3. Start using the extension!

Usage

1. Open a project in VS Code
2. Click on the SCA Scanner icon in the left sidebar
3. Enter your NVD API key when prompted during first use
4. Click "Scan Dependencies" to start scanning

Sample Test Files

The samples directory contains example dependency files for testing:

• package.json: NPM dependencies
• requirements.txt: Python dependencies
• pom.xml: Maven dependencies
• go.mod: Go dependencies

Privacy & Security

• Your API key is stored securely in VS Code's built-in secret storage
• No data is sent to any servers except the official NVD API
• All scanning is performed locally on your machine

Development

1. Clone the repository
2. Install dependencies: npm install
3. Launch VS Code in development mode: F5

License

MIT