Gardera SecurityFind vulnerabilities, leaked secrets, and risky dependencies in the comfort of your IDE. Gardera brings Application Security Posture Management (ASPM) directly into your IDE so you can catch security issues as you code, not after you ship. FeaturesDependency ScanningScan your lockfiles for known vulnerabilities. Gardera automatically downloads and runs the scan. No extra setup needed. Secrets ScanningDetect hardcoded secrets and credentials in your source files. Runs automatically every time you save, so leaked keys are caught immediately. GardWatch — Dependency Health ScoringGet a health score for your dependencies when you open or modify a lockfile. Understand which packages are well-maintained and which ones are a risk. Platform FindingsConnect to the Gardera platform to browse security findings across your organization's repositories. Asset Label ManagementView and manage repository labels directly from the IDE. AI Agent IntegrationSet up GardWatch as an MCP tool to alert against potential malicious dependencies. Getting Started
Local ScansDependency and secrets scanning work out of the box. No account or API key required. Click "Scan Workspace" in the Scanners tab to get started. PlatformTo access platform features (findings, labels), add your API key:
GardWatch MCP ServerGardWatch can run as an MCP server so that AI coding agents can check dependencies for security risks while they work. Automatic setup (recommended): Open the Command Palette ( Manual setup: Add the following to your MCP configuration file: |