Gardera Security

Find vulnerabilities, leaked secrets, and risky dependencies in the comfort of your IDE.

Features

Dependency Scanning

Scan your lockfiles for known vulnerabilities. Gardera automatically downloads and runs the scan. No extra setup needed.

Secrets Scanning

Detect hardcoded secrets and credentials in your source files. Runs automatically every time you save, so leaked keys are caught immediately.

GardWatch — Dependency Health Scoring

Protect yourself from supply chain attacks. Get a health score for your dependencies when you open or modify a lockfile. Understand which packages are well-maintained and which ones are a risk.

Platform Findings

Connect to the Gardera platform to browse security findings across your organization's repositories.

Asset Label Management

View and manage repository labels directly from the IDE.

AI Agent Integration

Protect your AI coding assistant from installing risky dependencies. See gardwatch.dev for setup instructions.

Getting Started

1. Install the extension from the VS Code Marketplace
2. Click the Gardera icon in the Activity Bar

Local Scans

Dependency and secrets scanning work out of the box. No account or API key required. Click "Scan Workspace" in the Scanners tab to get started.

Platform

To access platform features (findings, labels), add your API key:

1. Open the Command Palette (Cmd+Shift+P / Ctrl+Shift+P) and run Gardera: Set API Key
2. Enter your API key (generate one here)

GardWatch for AI Agents

GardWatch can run as an MCP server so your AI coding assistant checks dependencies before installing them. Set up via Claude Code OAuth or add the MCP server manually. See gardwatch.dev/docs/setup for instructions.