Snyk
The AI Security Platform
Start new thread

VulnCost for Visual Studio Code - An open source security scanner for Visual Studio Code

by
VulnCost is an open source security scanner for VSCode that helps find vulnerabilities in JavaScript, TypeScript & HTML packages, while you code. Receive feedback in-line with your code, such as the number of vulnerabilities a package being imported contains.

Add a comment

Replies

Best
Maker
Hello Product Hunters, thanks for coming to check out our product! With a core mission of trying to make the open source ecosystem more secure, we are excited to launch our VSCode plugin VulnCost on Product Hunt. In short, VulnCost empowers developers to import more secure packages into their code and projects straight from the IDE. I'm Guy, the founder of Snyk. After founding a successful startup that was acquired by Akamai and serving as CTO of both companies, I discovered first-hand the challenges of modernizing security from the source - developers & common coding processes. Snyk strives to be a developer-first tool that integrates seamlessly with the tooling developers know and love from Github, to Docker, and even IDEs like VSCode and Intellij. By using VulnCost you will be able to immediately understand the security vulnerabilities you are introducing into your project, and even receive suggestions for more secure alternative packages and immediate fixes when available through a quick scan and pull request directly into your git processes. Today Snyk enables more than 400,000+ developers to scan and fix vulnerabilities in their open source libraries and containers, and this plugin is just one more way for us to make this even simpler and more accessible to all developers. We encourage you to check it out, and register for free to use Snyk and let us know what you think.
Maker
Woot! Really excited about this - awesome team work in getting this out! Always love a great tool striving to better the open source world!
Engaging developers in a truly devfirst fashion. Love it!
IMO this is *the* most important way to surface security vulnerabilities to developers: in context and at the time they are actually working on the code. A report that shows up in an inbox is just too far removed to encourage prompt action. Great work!
Maker
Thank you - it's this kind of feedback that makes us want to keep at it and do more!
Looking forward to installing in VS and finding all sorts of vulnerabilities!
Maker
I honestly love the simplicity of the tool
agree, super smooth experience and unified with native VS code recommendations
We gave tested it for a week now and its just amazing. Snyk is rapidly becoming the company to go about DevSecOps. Congrats on the new product, guys!
Maker
Thanks Michelle! That's awesome - we really appreciate it, and continue to strive putting developers first and creating a great DevSecOps experience.
thanks for all the kind words! on a mission to make open source security better :)
Awesome, but i can´t add my private repositories
Maker
Hi , thanks for your question. The extension scans the code in your vscode project on your local machine. Regardless if the project is stored in a public, a private or no repository at all. The extension scans if you are using npm packages with known vulnerabilities using the proprietary Snyk database as it source. If a package is not published on npm, there will be no data available and we dont show you any vulnerabilities inline. In addition, both public and private repositories van be connected to a Snyk account if you like. We will monitor these project for vulnerabilities in 3rd party OS libraries on a regular basis and actively you. However this is outside of the scope of this VS Code extension. I hope this answers your question.
WOW!!! 🤯 CONGRATS Brian!!! Taking #DevSecOps to the next level! 🤯
Awesome!
You guys are making world more better. Cheers for the ?makers
Maker
That's the core values we are built upon - thank you so much for your support!
Finding vulnerabilities earlier is awesome, nice to see the warnings right next to the code. Great work!
12
Next
Last