RedRays ABAP Security Scanner

RedRays ABAP Security Scanner is a powerful Visual Studio Code extension that enables real-time security analysis of ABAP code. Detect vulnerabilities, understand attack vectors, and improve code security directly in your development environment.

🔍 Features

• 🛡️ Instant Security Analysis: Scan your ABAP code for security vulnerabilities with a single click
• 🔎 Detailed Vulnerability Reports: View comprehensive reports with severity ratings, descriptions, and data flow analysis
• 📊 Interactive Results Panel: Explore scan results in a dedicated VS Code panel with expandable details
• 💾 Export Reports: Download HTML reports for sharing or documentation
• 🔑 API Key Management: Simple configuration of your RedRays API credentials
• ⚡ Context-Aware Scanning: Analyze selected code blocks or entire files

🚀 Getting Started

Installation

1. VS Code Marketplace (Recommended):

   • Open the Extensions view in VS Code (Ctrl+Shift+X or Cmd+Shift+X)
   • Search for "RedRays ABAP Security"
   • Click "Install" and then "Reload"

2. Manual VSIX Installation:

   • Download the latest .vsix file from our GitHub Releases
   • In VS Code, open Extensions view
   • Click the "..." menu (More Actions) > "Install from VSIX..."
   • Select the downloaded file

Configuration

To use the extension, you'll need to configure your RedRays API credentials:

1. Open the Command Palette (Ctrl+Shift+P / Cmd+Shift+P)
2. Type "RedRays: Set API Key" and press Enter
3. Enter your 32-character API key

Alternatively, set your API key in the settings:

1. Open Settings (Ctrl+, or Cmd+,)
2. Search for "redraysAbapSecurity"
3. Enter your API key in the provided field

💡 Don't have an API key? Visit RedRays.io to get started.

📖 Usage

Scanning Code

1. Open an ABAP file
2. Select the code you want to analyze
3. Right-click and select "Scan with RedRays" from the context menu (or use the Command Palette)
4. View the scan results in the panel that opens

Working with Results

• View Details: Click on any vulnerability card to expand and view a detailed explanation
• See Data Flow: Expand the "Data Flow" section to understand how vulnerabilities propagate
• Export Results: Click the "Download Scan Results" button to save an HTML report

⚙️ Extension Settings

This extension contributes the following settings:

📊 Vulnerability Severity Levels

The scanner detects vulnerabilities with different severity levels:

• 🔴 Critical: Immediate attention required; could lead to system compromise
• 🟠 High: Serious vulnerabilities that should be addressed quickly
• 🟡 Medium: Important issues that pose moderate risk
• 🟢 Low: Minor issues with limited security impact

🔌 Supported Environments

• SAP NetWeaver ABAP
• SAP BTP ABAP Environment
• SAP S/4HANA (On-Premise)
• SAP S/4HANA Cloud

📣 Feedback & Support

• Email Support: Contact us at support@redrays.io

🔒 Privacy & Security

The extension sends only the selected ABAP code for analysis. No personal or workspace data is collected or transmitted. All communication with the RedRays API is secured with TLS encryption.

📜 License

This extension is provided under a commercial license. See the LICENSE file for details.

Developed by RedRays - Securing ABAP Environments Since 2020