Subscribe
Sign in
VulnCost for Visual Studio Code — An open source security scanner for Visual Studio Code
VulnCost is an open source security scanner for VSCode that helps find vulnerabilities in JavaScript, TypeScript & HTML packages, while you code. Receive feedback in-line with your code, such as the number of vulnerabilities a package being imported contains.
22
Replies
Finding vulnerabilities earlier is awesome, nice to see the warnings right next to the code. Great work!
IMO this is *the* most important way to surface security vulnerabilities to developers: in context and at the time they are actually working on the code. A report that shows up in an inbox is just too far removed to encourage prompt action.
Great work!
@plightbo Thank you - it's this kind of feedback that makes us want to keep at it and do more!
@jesus_verma That's the core values we are built upon - thank you so much for your support!
We gave tested it for a week now and its just amazing. Snyk is rapidly becoming the company to go about DevSecOps. Congrats on the new product, guys!
@michelleribeiro Thanks Michelle! That's awesome - we really appreciate it, and continue to strive putting developers first and creating a great DevSecOps experience.
Hi @dener_rocha, thanks for your question.
The extension scans the code in your vscode project on your local machine. Regardless if the project is stored in a public, a private or no repository at all.
The extension scans if you are using npm packages with known vulnerabilities using the proprietary Snyk database as it source. If a package is not published on npm, there will be no data available and we dont show you any vulnerabilities inline.
In addition, both public and private repositories van be connected to a Snyk account if you like. We will monitor these project for vulnerabilities in 3rd party OS libraries on a regular basis and actively you. However this is outside of the scope of this VS Code extension.
I hope this answers your question.
Snyk