Aegis Policy Scanner
Aegis Policy Scanner is a VS Code extension that scans your workspace files for policy violations using the Aegis policy engine by Pegasys.ai.
Features
- Workspace Scanning: Automatically scan JSON and YAML files against Aegis policies
- Policy Configuration: Configure scanning policies via
.aegis.yaml file
- Real-time Diagnostics: View policy violations directly in the Problems panel
- Secure API Integration: Securely store API tokens using VS Code's Secret Storage
- SSL Configuration: Support for self-signed certificates in development environments
Requirements
- An Aegis API token from Pegasys.ai
- A
.aegis.yaml configuration file in your workspace root
.aegis.yaml Configuration
Create a .aegis.yaml file in your workspace root:
aegis_host: platform.aegis.pegasys.cloud
policies:
- name: security_policy
file_patterns:
- "**/*.json"
- "**/*.yaml"
- "**/*.tf"
api_config:
# DO NOT CHANGE THIS LINE - it is required for proper functioning
endpoint: "https://{{aegis_host}}/api/eval/policies/{{policy_name}}"
labels:
environment: production
team: platform-security
project: your-project-name
region: us-west-2
compliance_level: high
proxy:
http_proxy: http://proxy.company.com:8080
https_proxy: http://proxy.company.com:8080
no_proxy: localhost,127.0.0.1,.local
Proxy Configuration
The extension supports HTTP and HTTPS proxy configuration through the .aegis.yaml file:
http_proxy: URL for HTTP proxy (e.g., http://proxy.company.com:8080)https_proxy: URL for HTTPS proxy (e.g., http://proxy.company.com:8080)no_proxy: Comma-separated list of hosts to bypass proxy (e.g., localhost,127.0.0.1,.local)
Proxy URLs can include authentication credentials:
proxy:
http_proxy: http://username:password@proxy.company.com:8080
https_proxy: http://username:password@proxy.company.com:8080
Labels Configuration
The labels field allows you to add custom key-value pairs that will be included in API calls for enhanced metadata and filtering:
labels:
environment: production
team: platform-security
project: my-project
region: us-west-2
compliance_level: high
Labels are optional and can contain any string values. Label keys must contain only alphanumeric characters, hyphens, and underscores.
Extension Settings
This extension contributes the following settings:
aegisScanner.allowSelfSignedCerts: Allow self-signed SSL certificates (NOT RECOMMENDED for production, default: false)
Usage
- Set your API token: Run command
Aegis: Set API Token
- Create a
.aegis.yaml configuration file in your workspace
- Run command
Aegis: Scan Workspace or click the Aegis icon in the status bar
- View results in the Output panel and Problems panel
Known Issues
None at this time. Please report issues on the GitHub repository.
Release Notes
0.3.1
- Enhanced YAML Processing: Improved payload generation using js-yaml library for better robustness
- Custom Labels Support: Add custom key-value pairs in
.aegis.yaml for enhanced metadata in API calls
- Security Improvements: Enhanced input validation for label keys to prevent injection attacks
- Removed Hardcoded Labels: Payloads now only include custom labels from configuration
0.3.0
- Labels Configuration: Support for custom labels in
.aegis.yaml configuration file
- Enhanced Validation: Comprehensive validation for all configuration parameters
- Security Enhancements: Input validation and safe character restrictions
0.2.0
- Advanced Configuration: Support for localhost configurations and enhanced host validation
- Policy Name Validation: Safe character restrictions for policy names
- HTTPS Enforcement: Mandatory HTTPS for all API communications
- Proxy Support: Optional proxy configuration with URL validation
0.1.0
- Modular Architecture: Separated concerns with dedicated modules
- SSL Configuration: Support for self-signed certificates in development
- Security Features: Input validation and SSRF protection
- Unit Test Coverage: Comprehensive test suite for core functionality
0.0.2
- Initial Security Features: SSL certificate configuration and input validation
- Error Handling: Enhanced error handling and user feedback
0.0.1
Initial release with basic workspace scanning functionality
Enjoy scanning with Aegis!
Following extension guidelines
Ensure that you've read through the extensions guidelines and follow the best practices for creating your extension.
Working with Markdown
You can author your README using Visual Studio Code. Here are some useful editor keyboard shortcuts:
- Split the editor (
Cmd+\ on macOS or Ctrl+\ on Windows and Linux).
- Toggle preview (
Shift+Cmd+V on macOS or Shift+Ctrl+V on Windows and Linux).
- Press
Ctrl+Space (Windows, Linux, macOS) to see a list of Markdown snippets.
Enjoy!
