Endor Labs provides a plug-in for Visual Studio Code that developers can install from Visual Studio's marketplace and get started with early vulnerability and dependency scanning. The Endor Labs extension for Visual Studio Code scans your repositories and highlights issues that may exist in the open-source dependencies.
The extension helps developers fix code at its origin phase and during the early stages of development without running the endorctl scan. Developers can successfully perform early security reviews and mitigate the need for expensive fixes during later stages of development. It accelerates the process of creating, delivering, and shipping secure applications. You can use the extension with Endor Labs API credentials.
The following prerequisites must be fulfilled to use the Endor Labs VS code extension:
The minimum supported version of Visual Studio Code is 1.71 and higher.
See the following table for supported languages, package managers, and file extensions. The extension reads the manifest files to fetch the list of dependencies and displays the results in both manifest and source code files.
Source code file
.js, .ts, .jsx, .tsx, .mjs, .cjs extensions
Generate Endor Labs API keys and have them handy. You must enter these details in the VS code extension. See Managing API Keys for details.
Install the Endor Labs extension
Developers can install the extension from Visual Studio's marketplace and configure it with Endor Labs API keys.