NVD SCA Scanner

This VS Code extension scans common dependency manifests and queries the NIST NVD CVE API 2.0 for matching vulnerabilities.

NVD notice: this product uses data from the NVD API but is not endorsed or certified by the NVD.

Supported Manifests

• package-lock.json
• package.json
• requirements.txt
• pom.xml

Commands

• NVD SCA: Scan Workspace
• NVD SCA: Scan Current Manifest
• NVD SCA: Clear Results

Settings

• nvdSca.apiKey: optional NVD API key sent as the apiKey request header.
• nvdSca.minimumSeverity: lowest CVSS severity to report.
• nvdSca.maxVulnerabilitiesPerDependency: max CVE records per dependency.
• nvdSca.requestDelayMs: delay between NVD requests.
• nvdSca.includeDevDependencies: include development dependencies from package.json.

Development

Install dependencies, compile, then press F5 in VS Code to launch an Extension Development Host.

npm install
npm run compile