YAG-Suite Visual Studio Code Linter Plugin
Connect to the YAG-Suite Scan Server to provide detected vulnerabilities as warnings in Visual Studio Code.
This plugin requires an account on a YAG-Suite Scan Server. Vulnerabilities are fetched from that server (no local scan)
About the YAG-Suite
The YAG-Suite is a SAST product developped by YAGAAN. It scan the source code in order to spot some vulnerabilities (SQL Injection, XSS, Sensitive Data Exposure, etc.). The YAG-Suite use a Scan Server (SaaS or On-Premises) to centralize scans of applications without consuming developper's resources.
Each scan use machine learning capabality of the YAG-Suite to remove the alerts that are false positives.
Connection to server is configured in the
If your connection to the server go through a proxy:
Use 'proxyUser' and 'proxyPassword' in case of an authenticated proxy.
In order to fetch detected vulnerabilities, you need to provide the identifier of the scanned project. This can be done by creating file
Project identifier (
For example, the url