Write safe code right away by getting instant detection of opensource software vulnerabilities.
Remediate your code vulnerabilities by picking one of the suggested secure versions.
Meterian Security works as a completely FREE tool for opensource projects, and also can be used to analyze private projects with a Meterian API token. Get one from your Meterian Account. Meterian
Supported languages and remediation
Language
Manifest
Support
Remediation
Dotnet
*.csproj
V
V
NodeJS
package.json
V
V
package-lock.json
V
Java
pom.xml
V
V
build.gradle
V
Php
composer.json
V
V
composer.lock
V
Ruby
Gemfile
V
Gemfile.lock
V
Python
requirements.txt
V
V
Pipfile
V
V
Pipfile.lock
V
pyproject.toml
V
V
poetry.lock
V
uv.lock
V
Rust
Cargo.toml
V
V
Cargo.lock
V
V
Golang
go.mod
V
go.sum
V
Commands
All the commands for the Meterian Security extension can be used from the Visual Studio Command Palette (shortcut: CTRL + Shift + P)
Analyse with Meterian - Start a new analysis
Set Meterian API Token - Set the a new Meterian API token
Show my Meterian API Token - Shows the stored Meterian API token
Unset Meterian API Token - Remove the stored Meterian API token
Configure Meterian Security - Shortcut to open the Meterian Security configuration
Enable or Disable Meterian Security on this workspace - Stop Meterian Security from running on a specific workspace
API token
Meterian Security is FREE but an API token can be used to get insights for your private projects.
You can create one from the Meterian dashboard
Configuration
Users will be able to configure the behaviour of the plugin by setting some thresholds
Label
Default value
Severity Threshold
LOW
CVSS Threshold
3.5
EPSS Threshold
0.01
Other configuration settings
Label
Default value
Description
CVEs only
false
Only see vulnerabilities with a CVE id
Max Files
100000
Set the maximum amount of files to consider during an analysis
