DEV Community

coadaflorin
coadaflorin

Posted on

Quick Security in VS Code with CodeSweep

I'll start with a disclosure and mention that I'm working for the company that put out this product (HCL AppScan), but I'm writing this as Florin, the guy who write some code and has an interest in Security.

Tl;DR: here's a video: https://www.youtube.com/watch?v=zQvonHi4ak8
plugin here: https://hclsw.co/codesweep

In the recent years everyone's been talking more about security, cybersec, IT security, cyber, etc. If you're a developer and did not hear about any of these, I would be very surprised.
One of the key areas companies have been focusing lately is application security. The area of security that focuses on securing applications and making sure they can't be exploited to hurt the company, the customers or its partners. You've seen this happening a bunch of times to various companies. Just a quick Google search could produce a very interesting list for you. There's various types of vulnerabilities that could be exploited to produce harm. I'll classify them in 2 main categories: proprietary code (your code) and 3rd party code (libraries).

The purpose of HCL AppScan CodeSweep is to help you find potential vulnerabilities in your code as you introduce them. They range from Cross Scripting, SQL Injection, hardcoded credentials, OS Injections to old encryption algorithms, and so on. Created as a VS Code plugin the tool will review your files upon saving them. If there's something potentially dangerous we'll flag it. This will give you two options: Fix it or ignore it. It's up to you what risk you're willing to take, but try to understand the issue before jumping to the conclusion it's not a problem. :)

If you have any questions feel free to join the community.

Without adding more words to something that shouldn't take more than 140 characters, you can get the plugin here: https://hclsw.co/codesweep

And you can join our community here: https://hclsw.co/CodeSweepCommunityInvite

Top comments (0)