Endor Labs provides developers with plug-ins that they can directly install in their Integrated Development Environments (IDE). The extension helps developers fix code at its origin phase and during the early stages of development without running the endorctl scan.
Developers can successfully perform early security reviews and mitigate the need for expensive fixes during later stages of development. It accelerates the process of creating, delivering, and shipping secure applications.
Endor Labs provides a plug-in for Visual Studio Code that developers can install from Visual Studio’s marketplace and get started with early vulnerability and dependency scanning.
Endor Labs Visual Studio Code Extension
The Endor Labs extension for Visual Studio Code scans your repositories and highlights issues that may exist in the open-source dependencies. You can use the extension with Endor Labs API credentials.
Prerequisites
The following prerequisites must be fulfilled to use the Endor Labs VS Code extension:
-
The minimum supported version of Visual Studio Code is 1.71 and higher.
-
See the following table for supported languages, package managers, and file extensions. The extension reads the manifest files to fetch the list of dependencies and displays the results in both manifest and source code files.
Supported Language Manifest file Source code file JavaScript package.json
.js
,.ts
,.jsx
,.tsx
,.mjs
,.cjs
extensionsPython requirements.txt
.py
extensionGolang go.mod
.go
extension -
Generate Endor Labs API keys and have them handy. You must enter these details in the VS Code extension. See Managing API Keys for details.
Install the Endor Labs extension
Developers can install the extension from the Visual Studio marketplace and configure it with Endor Labs API keys.
- Launch Visual Studio Code and click Extensions.
- Look for the Endor Labs using the search bar and click Install. See Visual Studio Extension documentation for details on managing the extension.
- Select the Endor Labs extension, click the Settings icon, and choose Extension Settings.
- Enter the API Key and API Secret of the Endor Labs application.
View scan results
The Endor Labs Visual Studio extension reads all the manifest files in your project and fetches the list of dependencies.
- Hover over a dependency to view the package version, released date, findings, and Endor Labs scores in a pop-up.
- For effective prioritization, issues with dependencies are classified into four severity levels: Critical, High, Medium, and Low.
- Click a specific version to view the same results in the Endor Labs application’s user interface.
- The dependencies are color-coded in the following ways:
- Red underline - Has critical findings and is also on an outdated version
- Orange underline - Has critical findings and is on the latest version
- Yellow underline - Has no critical findings but is an outdated version
- No Underline - Has no critical findings and is on the latest version
- Use Update to latest version to update the package to its latest version.
Note: The manifest file is updated with the latest version however, the package is not automatically upgraded.