Offensive 360 does deep source code analysis with one click. (We spent years building virtual compilers that understand the code, not only catching low hanging fruits vulnerabilities. We also claim that O360 can find security flaws that are even difficult for skilled application security testing consultants to find)
This section explains how to install and configure the Offensive 360 Visual Studio Code Extension Plugin and how to scan files, folder and workspace.
Installing the Plugin
Open the Microsoft Visual Studio Code application, navigate to the Extensions.
Search for Offensive 360 and click on install
Configuring Offensive 360 Settings
Click on File menu => Preferences => Settings to configure Offensive 360 settings if you are installing for first time or if you want to make any change to existing Offensive 360 settings.
Then expend Extensions node and click on Offensive 360 Settings
Enter Offensive 360 scan endpoint and access token information and close the Settins window
How it works
Simply open any source file or project and right click on file or folder you will see respective context menu
Note
When scanning the entire project, please select the "Scan Workspace" option for the best results instead of selecting "Scan Folder" on the root folder.
Click on respective context menu to scan a file or folder. You will see queued status on status bar that indicates your scan request got queued.
After some time message on status bar will be updated to let you know whether your scan request is still in queued state or it turned into in-progress state. if it is still in queued, you will see queue position.
As soon as scanning is done, you will see vulnerabilities in IDE
By clicking on a vulnerability, you will be redirected to respective code file, line and column.
Mouse over on a vulnerability can help you in providing tooltip view to read the message easily.
Clear all Errors on right click on a vulnerability will be appeared and help you in clearing all the errors from IDE
Get Help on right click on a vulnerability will be appeared and help you in getting more details about a vulnerability
