Visual Studio Code plugin

Fluid Attacks' extension facilitates the management of vulnerabilities in your code when you have your applications or infrastructure under evaluation in our all-in-one solution: Continuous Hacking.

Whether you are subscribed to our Essential or Advanced plan, you can download this plugin for free anytime and install it to complement what we offer on our platform. This extension is ideal for your developers from the beginning of the software development lifecycle as it allows them to achieve and maintain high vulnerability remediation rates.

The following are the benefits of using the Fluid Attacks Visual Studio Code plugin:

• You get a detailed list of the types of vulnerabilities and their specific cases that we have identified so far in the source code of your products.
• You see the specific lines of code in which a vulnerability detected by our tools or ethical hackers is present.
• You can automatically generate step-by-step guides for vulnerability remediation ("Custom fix").
• You can automatically generate instant solution proposals to remediate vulnerabilities ("Autofix").
• You can request reattacks or reevaluations by our tools or hacking team to verify the effectiveness of your vulnerability remediation.

Supported languages, platforms and frameworks

Remediation guides and automatic vulnerability fixes are available for the following languages, platforms and frameworks: AWS, Azure, C-Sharp, Dart, Docker, Elixir, Go, Java, PHP, Python, Ruby, Scala, Swift, Terraform, and TypeScript.

Installation and configuration

Please follow these steps:

1. Click the Install button here in the Visual Studio Marketplace or go to the Extensions section of your Visual Studio Code and search for and install the Fluid Attacks plugin there.
2. Log in to Fluid Attacks' platform.
3. Generate and copy an API token from our platform (see API Setup).
4. Go to Settings of the Fluid Attacks extension in Visual Studio Code and paste the API token in the corresponding space (you can also add it after clicking on the Fluid Attacks extension icon; see IDE Installation):

• If there is a problem loading that window to enter the API token, you can open Preferences: Open User Settings (JSON) in your editor and add the token in the following setting:

{
"fluidattacks.apiToken": "your-token-here",
}

• You can also provide the token to the editor via an environment variable:

 export FLUID_API_TOKEN="your-token-here"

5. After entering the token, close and reopen the editor to apply the changes.

6. Verify that the installation and configuration of the extension were done correctly: The Fluid Attacks icon should be displayed in the left sidebar, and red dots will appear in the Explorer, next to the folders in your repository with vulnerable files.

Support

Visit Fluid Attacks' Knowledge Base and find everything related to this IDE extension:

• Introduction
• Installation
• Platform
• Custom fix
• Autofix
• FAQ

If you have any questions, please contact us at help@fluidattacks.com. You can also schedule onboarding sessions with our team here.

Telemetry

We collect error logs to help improve the extension (see our Privacy policy). However, this plugin respects the VS Code telemetry settings, so you can opt out of the telemetry as shown here.