OWASP IDE-VulScanner is an open source IDE plugin tool to analyze an application’s components. It is built on top of OWASP Dependency Check, which scans your application’s component vulnerabilities during implementation phase.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
IDE-VulScanner is an IDE agnostic tool for developers to identify vulnerable code dependencies during implementation phase, which in-tern would save huge security patching and maintenance costs. This usually is caught during CI/CD build phase.
Features
Vulnerability code scan during implementation phase
Save security patch & maintenance costs
Low overall high & critical vulnerabilities counts
IDE agonistic, compatible to known IDE i.e. IntelliJ, eclipse, VS Code etc
Scan support for Java, .Net, Python, Ruby, PHP (composer), NodeJS, C, C++.
Getting started
Launch VSCode and open extension settings
Search for OWASP IDE-VulScanner and click install
Load projects implemented on Java, .Net, Python, Ruby, PHP (composer), NodeJS, C, C++
Click on OWASP IDE-VulScanner icon and wait for the html report to get loaded in your editor
NOTE
You can obtain additional logs by navigating to Help > Toggle Developer Tools, and opening the Console tab for more verbose output.