OWASP IDE-VulScanner is an open source IDE plugin tool to analyze an application’s components. It is built on top of OWASP Dependency Check, which scans your application’s component vulnerabilities during implementation phase.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
IDE-VulScanner is an IDE agnostic tool for developers to identify vulnerable code dependencies during implementation phase, which in-tern would save huge security patching and maintenance costs. This usually is caught during CI/CD build phase.
Features
Vulnerability code scan during implementation phase
Save security patch & maintenance costs
Low overall high & critical vulnerabilities counts
IDE agonistic, compatible to known IDE i.e. IntelliJ, eclipse, VS Code etc
Getting started
Launch VSCode and open extension settings
Search for OWASP IDE-VulScanner and click install
Open a Maven project in your IDEA
Wait for the project to load fine, and click on the pom.xml file to enable OWASP IDE-VulScanner on your navbar
Click on OWASP IDE-VulScanner icon and wait for the html report to get loaded in your editor
NOTE
First time users it takes time to download relevant NVE dependency the details can be seen on the console log. Next runs should be relatively faster.
You can obtain additional logs by navigating to Help > Toggle Developer Tools, and opening the Console tab for more verbose output.