HoundDog Scanner is a source code scanner which helps organizations prevent PII leaks, third parties leaks mitigation and mantain an inventory of sensitive data elements.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
This extension integrates with the HoundDog.ai Static Code Scanner, a robust and ultra-fast source code analysis tool that helps organizations prevent unintentional developer errors, such as oversharing or overlogging of sensitive data (including Personally Identifiable Information (PII), Protected Health Information (PHI), Cardholder Data (CHD), and Personally Identifiable Financial Information (PIFI)), before the code reaches production.
Features
Workspace-wide scanning: Scans your entire open workspace to detect vulnerabilities where sensitive data (e.g., PII/PHI) is exposed in plaintext within logs, files, cookies, tokens, and third-party integrations (e.g., Datadog, Sentry, Segment, etc.). Here is a sample of the vulnerability types covered by HoundDog.ai:
CWE-315: Cleartext Storage of Sensitive Information in a Cookie
CWE-532: Insertion of Sensitive Information into Log File
CWE-539: Use of Persistent Cookies Containing Sensitive Information
Problem integration: Displays the detected vulnerabilities directly in the "Problems" panel, making it easier to track and address issues.
Remediation strategies: Provides recommendations on how to fix PII leaks, including omitting the exposed data or sanitizing it before exposure (e.g., masking, encryption, obfuscation, etc.).
Extension showcase
Requirements
To use this extension, you need the following:
HoundDog Scanner CLI: Ensure the HoundDog Scanner CLI is installed and accessible in your system's PATH. Please follow these guidelines to install the scanner: https://docs.hounddog.ai/scanner/installation
API Key: A valid API key must be configured in the extension's settings. If your organization has purchased one of the paid plans, you can log into the HoundDog.ai Cloud Platform to generate the API key needed—see the documentation for more details. Without an API key, you will not be able to use this extension.
Extension Settings
The extension adds the following configurable settings:
houndDogScanner.apiKey: Set your API Key to enable the scanner.
houndDogScanner.enableDataElements: Toggle the inventory of sensitive data elements found in your workspace. Enabled by default for comprehensive scans but can be disabled for faster performance.