YAG-Suite Linter

yagaan

|
166 installs
| (0) | Free
Integrates YAG-Suite into VS Code
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

YAG-Suite Visual Studio Code Linter Plugin

Connect to the YAG-Suite Scan Server to provide detected vulnerabilities as warnings in Visual Studio Code.

This plugin requires an account on a YAG-Suite Scan Server. Vulnerabilities are fetched from that server (no local scan)

Use

About the YAG-Suite

The YAG-Suite is a SAST product developped by YAGAAN. It scan the source code in order to spot some vulnerabilities (SQL Injection, XSS, Sensitive Data Exposure, etc.). The YAG-Suite use a Scan Server (SaaS or On-Premises) to centralize scans of applications without consuming developper's resources.

The Scan Server embedd YAG-Scanner for advanced vulnerability detection for Java and PHP languages. It also contains a selection of Open Source SAST tools for Java, JavaScript, TypeScript, PHP, C/C++, Python and Go languages.

Each scan use machine learning capabality of the YAG-Suite to remove the alerts that are false positives.

Configuration

Server connection

Connection to server is configured in the ~/.yagaan/scanner-configuration.json file

    {
       "username":"admin",
       "password": "**********",
       "url":"https://scan.yagaan.io"
    }

Project configuration

In order to fetch detected vulnerabilities, you need to provide the identifier of the scanned project. This can be done by creating file .yagaan/project.json in the root directory of scanned project.

    {
       "pid": 1
    }

Project identifier (pid) can be obtained from the url of the scanned project on the dashboard.

For example, the url https://scan.yagaan.io/#/project/12/dashboard correspond the project identifier pid=12.