DVD-R Tools Extension

VS Code extension for installing and managing the DVD-R Tools MCP Server - an automated security vulnerability scanning and remediation toolkit for containerized applications.

Features

• One-Click Installation: Automatically installs the DVD-R Tools MCP Server
• Cross-Platform Support: Works on Windows, WSL, Linux, and macOS
• Version Management: Detects outdated installations and offers automatic updates
• Status Bar Integration: Shows current server version and update status

DVD-R Tools Capabilities

Once installed, the MCP server provides the following tools for GitHub Copilot:

Vulnerability Scanning

• scan_image_vulnerabilities - Scan Docker/container images for CVE vulnerabilities using Trivy
• scan_project_vulnerabilities - Scan project directories (Go, Node.js, Python, Rust, .NET, Java) for vulnerabilities

Comprehensive CVE Remediation

• plan_comprehensive_cve_fix - Analyze images/projects and create complete remediation strategies
• analyze_dependency_chain - Analyze vulnerable package dependencies and fix options
• generate_dependency_analysis_prompt - Generate LLM prompts for dependency analysis
• generate_binary_dependency_analysis_prompt - Generate prompts for binary dependency analysis (kubectl, helm, etc.)
• process_dependency_llm_response - Process LLM analysis responses for fixes
• process_binary_dependency_llm_response - Process binary dependency analysis responses

Third-Party (3P) Image Analysis

• check_if_image_is_third_party - Determine if a Docker image is third-party/OSS
• get_3p_container_image_versions - Get available versions for third-party images
• check_image_upgrade_impact - Analyze breaking changes when upgrading images
• analyze_breaking_changes - Detailed breaking changes analysis for image upgrades
• process_breaking_changes_llm_response - Process breaking changes analysis from LLM

Azure DevOps Integration

• critical_complete_security_fix - Create Azure DevOps pull requests with CVE fixes, post-fix scanning, and comparison reports

Requirements

• VS Code: 1.85.0 or higher
• GitHub Copilot: Active subscription required to use MCP tools

Installation

1. Install the extension from the VSIX package or VS Code marketplace
2. Open Command Palette (Ctrl+Shift+P / Cmd+Shift+P)
3. Run: DVD-R Tools: Install/Update MCP Server
4. Wait for installation to complete
5. Restart VS Code when prompted

The MCP server will be automatically registered and available for GitHub Copilot.

Platforms Supported

• Windows: Windows 10/11 with PowerShell
• Linux: Ubuntu, Debian, RHEL, Fedora, and other major distributions
• macOS: macOS 10.15 (Catalina) and later
• WSL: Windows Subsystem for Linux with Ubuntu

Commands

Access these commands via Command Palette (Ctrl+Shift+P / Cmd+Shift+P):

• DVD-R Tools: Install/Update MCP Server - Install or update the MCP server
• DVD-R Tools: Check Server Version - Check installed version and available updates
• DVD-R Tools: Uninstall MCP Server - Remove the MCP server installation

Configuration

Settings available in VS Code settings (File > Preferences > Settings):

• dvdRTools.autoUpdate: Automatically update MCP server when new version is available (default: false)
• dvdRTools.checkUpdatesOnStartup: Check for updates when VS Code starts (default: true)

Using DVD-R Tools with Copilot

After installation, simply ask GitHub Copilot to:

• "Scan this Docker image for vulnerabilities"
• "Find and fix all CVEs in this project"
• "Check if nginx:latest has any breaking changes"
• "Create an Azure DevOps PR with CVE fixes"
• "What versions of redis are available?"

Copilot will automatically use the appropriate DVD-R Tools to complete your request.

Status Bar

The status bar item shows the current state:

• $(tools) DVD-R Tools v1.0.0 - Installed and up to date
• $(warning) DVD-R Tools: Not Installed - Needs installation (click to install)

Click the status bar item to check version and manage installation.

Troubleshooting

Installation Fails

1. Check the Output panel: View → Output → Select "DVD-R Tools Installation"
2. Ensure you have sufficient disk space and permissions
3. Try running: DVD-R Tools: Uninstall MCP Server, then reinstall

MCP Server Not Available in Copilot

1. Restart VS Code after installation
2. Verify installation via Command Palette: DVD-R Tools: Check Server Version
3. Ensure GitHub Copilot extension is installed and active
4. Check that mcp.json configuration exists:
   • Windows: %APPDATA%\Code\User\mcp.json
   • Linux: ~/.config/Code/User/mcp.json
   • macOS: ~/Library/Application Support/Code/User/mcp.json

Version Not Detected

1. Run: DVD-R Tools: Check Server Version
2. Check installation directory:
   • Windows: C:\Program Files\DVD-R-Tools or %LOCALAPPDATA%\DVD-R-Tools
   • Linux/macOS: /usr/local/bin or ~/.local/bin
3. Verify binary has execute permissions (Linux/macOS): chmod +x <binary-path>

Tools Not Working

Some tools require external dependencies:

• Trivy scanner: Use check_trivy_installation and install_trivy tools
• COPA patching: Use check_copa_installation and install_copa tools
• Skopeo: Use check_skopeo_installation and install_skopeo tools
• Azure CLI: Required for critical_complete_security_fix - install via https://aka.ms/azure-cli

License

MIT License

Support

For issues, questions, or feature requests, please contact your organization's DVD-R Tools support team.