SecuScan is a Visual Studio Code extension designed to scan for security vulnerabilities in project dependencies. It helps developers ensure their projects are secure by analyzing and identifying potential vulnerabilities in dependencies using the NVD (National Vulnerability Database) API.
- Dependency Scanner: Scan your project's dependencies for known security vulnerabilities.
- Custom Commands: Execute commands to perform security checks on your project dependencies.
- NVD API Integration: Uses the National Vulnerability Database (NVD) API to fetch and analyze vulnerability data.
SecuScan leverages the National Vulnerability Database (NVD) API to identify vulnerabilities in project dependencies. The NVD provides a comprehensive source of vulnerability data, including Common Vulnerabilities and Exposures (CVE) identifiers and detailed descriptions.
- Dependency Analysis: When you initiate a scan, SecuScan collects and analyzes the list of dependencies in your project.
- API Request: SecuScan queries the NVD API to fetch vulnerability data related to the dependencies identified in your project.
- Data Matching: The extension matches the fetched vulnerability data with your project's dependencies to identify any known issues.
- Results Display: The results are presented in the VS Code interface, highlighting any vulnerabilities found and providing detailed information about each issue.
SecuScan uses the NVD API endpoints to retrieve the latest vulnerability information. To ensure effective and accurate scanning, the extension is configured to:
- Fetch Vulnerability Data: Query the NVD for current vulnerability records related to project dependencies.
- Update Regularly: Access the latest updates from the NVD to keep the vulnerability database current.
For more information about the NVD API, visit the NVD API Documentation.
To install the SecuScan extension, follow these steps:
-
Clone the Repository:
git clone https://github.com/fromjyce/secuscan.git cd secuscan -
Install Dependencies:
npm install
-
Compile the Extension:
npm run compile
-
Run Tests:
npm run test -
Package the Extension:
vsce package
-
Install the VSIX Package:
- Open Visual Studio Code.
- Go to the Extensions view.
- Click on the ellipsis (...) and select
Install from VSIX.... - Choose the generated
.vsixfile to install.
Once installed, you can use the SecuScan extension to scan your project's dependencies:
- Open Command Palette: Press
Ctrl+Shift+PorF1. - Run Command: Type
SecuScan: Check Project Dependenciesand select it to run the dependency check.
- Programming Language: TypeScript, Javascript
- Build Tool: Webpack
- Testing Framework: Mocha
- Dependency Management: npm
- VS Code API: Utilizes the VS Code extension API for integration and command execution.
- Vulnerability Data: National Vulnerability Database (NVD) API
If you come across any issues, have suggestions for improvement, or want to discuss further enhancements, feel free to contact me at jaya2004kra@gmail.com. Your feedback is greatly appreciated.
All the code and resources in this repository are licensed under the Creative Commons Legal Code License. You are free to use, modify, and distribute the code under the terms of this license. However, I do not take responsibility for the accuracy or reliability of the programs.