GitHub Advisories Explorer

Downloads Rating License

A VS Code extension that provides an integrated webview UI for exploring GitHub Security Advisories powered by a Model Context Protocol (MCP) server.

Features

🔒 Integrated Webview: Browse GitHub Security Advisories directly in VS Code
🚀 MCP-Powered: Uses Model Context Protocol for efficient data retrieval
🔍 Advanced Filtering: Filter by ecosystem, severity, CVE/GHSA ID, and more
📊 Activity Bar Integration: Quick access from the VS Code sidebar
⚙️ Auto-Start Server: Automatically launches the MCP server when activated

Installation

From VSIX

Download the .vsix file
Open VS Code
Run: Extensions: Install from VSIX...
Select the downloaded file

From Source

cd extension
npm install
npm run build
npm run package
code --install-extension github-advisories-explorer-1.0.0.vsix

Usage

Opening the Explorer

Click the shield icon in the Activity Bar
Or run command: GitHub Advisories: Open GitHub Advisories Explorer

Setting Up GitHub Token (Optional)

For higher rate limits (5000 requests/hour vs 60):

Run command: GitHub Advisories: Setup GitHub Token
Follow the prompts to use gh CLI or manually create a token
Token is saved to .vscode/.env.github (not committed)

Searching Advisories

Select ecosystem (npm, pip, maven, etc.)
Select severity level (critical, high, medium, low)
Click "Search Advisories"
Browse results with severity badges and publication dates

Configuration

Settings available in VS Code preferences:

githubAdvisories.serverPort: Port for the MCP HTTP server (default: 3000)
githubAdvisories.autoStartServer: Auto-start server on activation (default: true)

Commands

Command	Description
`GitHub Advisories: Open GitHub Advisories Explorer`	Open the advisories webview
`GitHub Advisories: Refresh Advisories`	Refresh the current view
`GitHub Advisories: Setup GitHub Token`	Configure optional GitHub authentication

Architecture

┌─────────────────┐
│   VS Code UI    │
│   (Webview)     │
└────────┬────────┘
         │ HTTP
┌────────▼────────┐
│   MCP Server    │
│ (HTTP Streaming)│
└────────┬────────┘
         │ REST API
┌────────▼────────┐
│ GitHub Advisory │
│      API        │
└─────────────────┘

Development

Building

npm run build

Watching for Changes

npm run watch

Packaging

npm run package

Testing

Integration Tests with @vscode/test-electron:

# Run tests locally (with UI)
npm test

# Run tests headless (CI/CD)
xvfb-run -a npm test  # Linux/Mac
npm test              # Windows

Documentation:

../docs/TESTING_QUICKSTART.md - Quick start guide
../docs/TESTING_EXTENSION.md - Complete testing guide
../docs/EXTENSION_TESTING_SUMMARY.md - Implementation details

Manual Testing: Press F5 in VS Code to launch the Extension Development Host.

Requirements

VS Code 1.85.0 or higher
Node.js (for the MCP server)
The main MCP server project built in the parent directory

Known Issues

MCP server must be built (npm run build in parent directory) before extension activation
If the server doesn't start automatically, check that port 3000 is available

Contributing

This extension is part of the GitHub Advisories MCP Server project. See the main README for contribution guidelines.

License

MIT

GitHub Advisory Explorer

Max Golovanov