Skip to content
| Marketplace
Sign in
Visual Studio Code>Other>SecureLyNew to Visual Studio Code? Get it now.
SecureLy

SecureLy

omar-alsanea

|
4 installs
| (0) | Free
C and Java Vulnerability Scanner
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

🔒 SecureLy - Secure Coding Extension for C and Java

SecureLy is a Visual Studio Code extension designed to help developers write more secure C and Java code by detecting vulnerabilities in real-time based on CERT Secure Coding Standards.


🚀 Features

  • ✅ Detects common C and Java vulnerabilities using regex and static analysis
  • ✅ Uses clang and clang-format for code parsing and formatting (C/C++)
  • ✅ Highlights code issues with detailed diagnostic messages
  • ✅ Real-time scanning on demand from the command palette
  • ✅ Supports format string detection, SQL/XML injection, resource leaks, and more

📌 Vulnerabilities Detected

🧪 C/C++ Checks

  • FIO30-C: Format string vulnerabilities (printf, sprintf, etc.)
  • FIO34-C: Improper use of char to store I/O results (fgetc, getchar, etc.)
  • DCL30-C: Misuse of global/static variables
  • SQL Injection: Unsanitized SQL queries

☕ Java Checks

  • IDS00-J: String concatenation in SQL queries (use PreparedStatement)
  • IDS06-J: Format string misuse
  • IDS16-J: XML Injection risks
  • FIO14-J: Resource leaks (missing .close() calls)
  • FIO08-J: Unsafe stream reading logic

🧑‍💻 Usage

🟢 Run Secure Scan

  1. Open a C or Java source file in VS Code.
  2. Open the command palette (Ctrl+Shift+P).
  3. Type and run SecureLy: Scan Code.
  4. Found vulnerabilities will appear in the Problems panel.

🛠 Requirements

  • For C scanning:
    • LLVM/Clang must be installed and accessible via command line.
    • Make sure clang and clang-format are available in your PATH.

📦 Installation

To install manually:

  1. Run the following in your extension project folder:
    vsce package
    
  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2025 Microsoft