ShiftLeft CORE for Visual Studio Code (Beta)

Fix vulnerabilities before they ever exist as a backlog ticket. ShiftLeft CORE for VS Code is a free extension that lets you shift even further left by allowing you to identify and fix security vulnerabilities as you write code.

This extension currently supports JavaScript, Typescript and Python. It runs Next-Gen SAST and local pre-commit secrets detection.

Note: This extension fully supports CLI scanning, which initiates our ShiftLeft CORE platform: Next-Gen SAST, Intelligent SCA, and secrets detection.

Getting started

How to add the extension:

• Install directly from the VS Code marketplace.

• Open up the extensions tab and search for "ShiftLeft". Click "Install"

Authorize with ShiftLeft.io

1. If you already have a local config file for ShiftLeft tools (e.g. you’ve used SL CLI before), you will be authorized automatically and could start using extension.
2. If local config file is missing or invalid, you will see “Connect to ShiftLeft” button after click on the ShiftLeft icon in the left navigation bar:

3. The extension relies on ShiftLeft’s API, so you will be asked to authenticate via ShiftLeft’s Web App.
4. You will be asked to login or create an account.
5. Once you’ve successfully logged in and authenticated, you will see a confirmation message.
6. Reload VS Code.

Configuration

You can configure your extension by going to Preferences > Settings > ShiftLeft.

Scanning your application for security vulnerabilities

You will need to have a ShiftLeft account before you are able to scan. Open your VS Code problems panel or ShiftLeft extension tab for details.

ShiftLeft CORE Secrets VS. local pre-commit Secrets Detection

Our CORE platform and the IDE extension operate differently and may present you with different results. Our CORE secrets feature scans your entire application and you can customize it in your config file.

On the other hand, the VS Code extension can only be used locally and is a pre-commit secrets detection. The goal is for you to do local scans and prevent secrets from ever reaching your repositories.

This VS Code extension is intended to prevent you from committing new secrets at all.

Dependencies

The following dependencies are required before you are able to use ShiftLeft CORE for VS Code.

ShiftLeft CLI

• Follow installation instructions: https://docs.shiftleft.io/cli/install
• Make sure the path to sl was added to system environment variable PATH

Node.js (for JavaScript/TypeScript projects)

• Follow installation instructions: https://nodejs.org/en/download
• Make sure the path to node was added to system environment variable PATH

Python (for Python projects)

• Follow installation instructions: https://www.python.org/downloads
• Make sure the path to python was added to system environment variable PATH