Xygeni Security Extension for Visual Studio

Secure your codebase with Secrets, SAST, SCA, IaC & Supply Chain scanning directly within your Visual Studio environment.

Xygeni Security Scanner is a powerful extension that brings comprehensive security scanning to your fingertips. It integrates seamlessly with your development workflow, allowing you to identify and remediate security vulnerabilities early in the process.

Key Features

• Comprehensive Scanning: Detect a wide range of security issues:
  • Secrets: Find hardcoded credentials, API keys, and other sensitive data.
  • SAST (Static Application Security Testing): Analyze your source code for common vulnerabilities.
  • SCA (Software Composition Analysis): Identify vulnerabilities in your open-source dependencies.
  • IaC (Infrastructure as Code): Scan your IaC files (e.g., Terraform, CloudFormation) for misconfigurations.
  • Misconfigurations: Detect security misconfigurations in your application and services.
• Remediation actions for SCA and SAST Issues: Automatically detect and provide remediation guidance for vulnerabilities found in your source code and dependencies, enabling quick fixes directly within Visual Studio.
• Interactive SAST Code Flow: For taint-flow findings, visualize the full data path from source to sink. Switch between an interactive D3 graph view and a textual "Path" view, and click any frame to jump straight to the offending file and line in the editor.
• AI Explanation (on demand): From the Code Flow toolbar, the AI Explain button opens a modeless dialog with an AI-generated, Markdown-rendered explanation of the issue and how to fix it. Results are cached per issue so reopening doesn't re-spend tokens.
• Incremental Scan on Save (opt-in): When enabled, saving a file triggers a debounced incremental scan (xygeni scan --incremental) so you get fast feedback while you code. Disabled by default; toggle it from the Xygeni Settings panel.
• IDE Seat Licensing: The extension validates an IDE seat with the Xygeni backend on startup and after token changes, and releases it on shutdown. Scans and AI Explain are gated on the seat being available.
• Seamless Integration: The extension adds a dedicated Xygeni tool window and Error List entries for easy access to findings.
• Guided Setup: A simple configuration process to connect to the Xygeni service.
• In-Editor Issue Highlighting: View security findings directly in your code, making it easy to pinpoint and fix issues.
• Detailed Vulnerability Information: Get rich details for each identified issue, including severity, description, code snippet, and remediation guidance.
• Proxy Support: Configure the extension to work with your corporate proxy.

Installation

1. Open the Extensions view in Visual Studio (Ctrl+Shift+X).
2. Search for Xygeni Security.
3. Click Install.

Getting Started

1. Open the Xygeni View: After installation, click on the Xygeni icon in the main bar.
2. Configure the Extension:
   • You will be prompted to configure the connection to the Xygeni service.
   • Obtain an API token from your Xygeni Dashboard. If you don't have an account, you can sign up for a trial.
   • Enter the Xygeni API URL and your token in the configuration view.
3. Run a Scan:
   • Once configured, the "Scan" button will be enabled.
   • Click the "Run Scanner" button to initiate a scan of your workspace.
4. View Results:
   • Scan results will be displayed in the Xygeni Explorer view, categorized by type (SAST, SCA, Secrets, etc.).
   • Click on an issue to see detailed information and navigate to the affected file and line.

Extension Settings

• Xygeni API URL: The URL of the Xygeni API server.
• Xygeni API Token: The API token for authentication.
• Auto-run incremental scan on save: When checked, saving any source file in the open solution/folder triggers a debounced (1s) incremental scan in the background. Off by default. Available only after the scanner has been installed.
• Proxy: Optional corporate proxy settings (host, port, protocol, credentials, non-proxy hosts).

Support

For support, questions, or feedback, please contact us at support@xygeni.io.

License

This extension is licensed under the MIT License.