Overview
Write safe code right away by getting instant detection of opensource software vulnerabilities.
Remediate your code vulnerabilities by picking one of the suggested secure versions.
Meterian Security is a completely FREE tool which gives you information about vulnerabilities affecting your projects, by running a surface analysis of your main manifest files.
By setting a Meterian API token Meterian Security will run an in-depth analysis. Get one from your Meterian Account.
How does it work?
Meterian Security will analyze your project every time you open it and every time there is a change in the manifest files.
You would be able to fix the vulnerabilities by using the remediation suggestions or snooze them for a while.
The Analyze with Meterian command is also available on the command palette to start a new analysis.
Set/Unset a Meterian API token
Using a Meterian API token will give you a more comprehensive analysis of your project.
You can set a Meterian API token from the command palette by using the Set Meterian API Token command.
To go back to the Free mode, you can use the Unset Meterian API Token command.
You can create one from the Meterian dashboard
Configuration
A configuration panel is available for a more tailored experience.
The configuration can be accessed from the File > Preferences > Settings menu or
by using the Configure Meterian Security command from the command palette.
It's possible to set the thresholds used to flag vulnerabilities:
| Label |
Default value |
Description |
| Severity Threshold |
LOW |
Vulnerabilities below this level won't be flagged |
| CVSS Threshold |
3.5 |
Vulnerabilities with a CVSS score below this value won't be flagged |
| EPSS Threshold |
0.01 |
Vulnerabilities with a EPSS score below this value won't be flagged |
There are also few other more general configuration settings:
| Label |
Default value |
Description |
| CVEs only |
false |
Only flag vulnerabilities with a CVE id |
| Max Files |
100000 |
Set the maximum amount of files to consider during an analysis |
| Grace Time in seconds |
60 |
Define the grace time in seconds to be considered between the last change in the manifest and the start of the analysis |
| Enabled |
true |
Enables/Disables the plugin for the current workspace |
| Language |
Manifest |
Support |
Remediation |
| Dotnet |
*.csproj |
V |
V |
|
|
|
|
| NodeJS |
package.json |
V |
V |
|
package-lock.json |
V |
|
|
|
|
|
| Java |
pom.xml |
V |
V |
|
build.gradle |
V |
|
|
|
|
|
| Php |
composer.json |
V |
V |
|
composer.lock |
V |
|
|
|
|
|
| Ruby |
Gemfile |
V |
|
|
Gemfile.lock |
V |
|
|
|
|
|
| Python |
requirements.txt |
V |
V |
|
Pipfile |
V |
V |
|
Pipfile.lock |
V |
|
|
pyproject.toml |
V |
V |
|
poetry.lock |
V |
|
|
uv.lock |
V |
|
|
|
|
|
| Rust |
Cargo.toml |
V |
V |
|
Cargo.lock |
V |
V |
|
|
|
|
| Golang |
go.mod |
V |
|
|
go.sum |
V |
|
Commands
All the commands for the Meterian Security extension can be used from the Visual Studio Command Palette (shortcut: CTRL + Shift + P)
Analyse with Meterian - Start a new analysisSet Meterian API Token - Set the a new Meterian API tokenShow my Meterian API Token - Shows the stored Meterian API tokenVerify Meterian API Token - Verify the validity of the stored Meterian API tokenUnset Meterian API Token - Remove the stored Meterian API tokenConfigure Meterian Security - Shortcut to open the Meterian Security configurationEnable or Disable Meterian Security on this workspace - Stop Meterian Security from running on a specific workspace
