Oryon Security Extension

Oryon is an enterprise-grade security extension for Visual Studio Code providing real-time vulnerability detection and AI-powered remediation suggestions. It integrates a powerful static analysis engine (OpenGrep) directly into your IDE, ensuring that your source code is analyzed locally without leaving your machine.

Privacy Note: Code analysis is performed strictly locally. Only specific code snippets are transmitted when requesting AI-driven remediation or explicitly uploading reports to the Oryon Dashboard.

Capabilities

Local Static Analysis

Leveraging the bundled OpenGrep engine, Oryon scans your codebase for security vulnerabilities, hardcoded secrets, and configuration issues across multiple languages and frameworks including:

JavaScript / TypeScript
Python
Java
Go
PHP
C# / .NET
Ruby
Infrastructure as Code (Terraform, Dockerfile, YAML)

Intelligent Remediation (Oryon AI)

Oryon transforms static analysis findings into actionable insights using advanced LLMs. Instead of generic error messages, you receive:

Contextual Analysis: A detailed explanation of the vulnerability within your specific code.
Impact Assessment: Why the issue poses a security risk.
Automated Fixes: Syntactically correct code patches ready to be applied.

Real-Time Diagnostics

Security issues are highlighted in the editor as you type, providing immediate feedback similar to syntax errors. This allows developers to address vulnerabilities at the earliest stage of the development lifecycle.

Dashboard Synchronization

Findings can be synchronized with the centralized Oryon Dashboard, enabling team-wide visibility, trend tracking, and compliance management.

Getting Started

1. Installation

Install the extension from the VS Code Marketplace. All necessary dependencies, including the analysis engine, are bundled within the extension.

2. Authentication

To enable AI enrichment and dashboard synchronization features, authenticate with your Oryon account:

Open the Command Palette (Ctrl+Shift+P / Cmd+Shift+P).
Execute Oryon: Login.
Follow the prompts to complete authentication.

3. Execution

You can perform security scans using several methods:

On-Edit: Files are automatically analyzed in the background as you work.
Workspace Scan: Execute Oryon: Scan Workspace from the Command Palette to analyze the entire project.
Sidebar Interface: Use the Oryon view in the activity bar to initiate scans and manage findings.

User Interface

The primary interface provides an overview of security status, including:

Total count of detected vulnerabilities.
Authentication status.
Quick access to core functions (Login, Scan, Results).

Results View

A unified view of findings in the sidebar, allowing you to:

Filter by severity (Critical, High, Medium, Low).
Drill down into specific issues.
Review AI explanations, snippets and proposed fixes.
Export reports in JSON or CSV formats.

Configuration

Customization is available via Settings > Extensions > Oryon.

Setting	Default	Description
`oryon.live.enabled`	`true`	Toggles real-time analysis during editing.
`oryon.severityThreshold`	`LOW`	Minimum severity level for reported issues. Increase to focused on higher risks.
`oryon.backend.baseUrl`	(Cloud)	API endpoint for Oryon services. Modify only for On-Premise deployments.
`oryon.scan.excludeGlobs`	Standard Excludes	Comma-separated list of glob patterns to exclude from analysis (e.g., `node_modules`, `dist`).

FAQ

Does Oryon upload my source code? No. Analysis is performed locally on your machine. Code snippets are only transmitted when you explicitly request AI remediation or upload findings to the dashboard.

Are external dependencies required? No. The extension includes standalone binaries for Windows, macOS, and Linux. No separate Python or Docker installation is needed.

Does it function offline? Yes. Core static analysis capabilities are fully functional without an internet connection. AI features and dashboard synchronization require network access.

Support

For issues or feature requests:

Check the Output panel in VS Code and select "Oryon" to view execution logs.
Contact support or submit an issue via the official repository.

Secure Code, Delivered.

Oryon

Oryon Technology