snyk/vulncost snyk/vulncost

  • This repository has been archived on 11/Sep/2023
  • Stars
    star
    201
  • Rank 194,491 (Top 4 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created almost 5 years ago
  • Updated over 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
snyk/vulncost
github

snyk

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Find security vulnerabilities in open source npm packages while you code

Latest update πŸ—žοΈ (start here first πŸ‘‡)

Vuln Cost is no longer being actively maintained. While you can continue to use this extension until it is officially deprecated, we recommend you install the official Snyk extension. This new extension provides all the functionality supported by Vuln Cost and enables you to find and fix issues in both your open source dependencies AND your custom code.

Vuln Cost Animated Logo

Vuln Cost

The world's easiest, Security Scanner for VS Code

Visual Studio Marketplace Version



Vuln Cost - Security Scanner for VS Code

Getting started

Vulnerability scanning in VS Code

Find security vulnerabilities in open source packages while you code in JavaScript, TypeScript and HTML. Receive feedback in-line with your code, such as how many vulnerabilities a package contains that you are importing. And most important, suggesting a fix if known vulnerabilities are found. If you like the extension, we’d love it if you could rate it.

πŸ”’ Your code and manifest files never leave your machine. Snyk only needs the dependency name and version to test against our constantly updated vulnerability database.

Detect vulnerabilities in third-party open source packages automatically while you code.

  • Find security vulnerabilities in the npm packages you import: see the number of known vulnerabilities in your imported npm packages as soon as you require them!

  • See your project vulnerabilities inline, as you code: see feedback directly in your editor. Vuln Cost displays the number of vulnerabilities your packages add to your project.

  • Find security vulnerabilities in your JavaScript packages from well-known CDNs: Vuln Cost scans any HTML files in your projects and displays vulnerability information about the JavaScript packages you download from your favorite CDN.

  • See in-depth information about your vulnerabilities: access relevant resources that will give you deeper information about the vulnerabilities that directly affect your project.

Vuln Cost in JavaScript files:

Vuln Cost in JS files

Vuln Cost in HTML files:

Vuln Cost in HTML files

CDN support

Vuln Cost scans HTML files and displays vulnerability information about the JavaScript packages you download from multiple CDN providers.

Currently supported CDN's

More Repositories

1

cli

Snyk CLI scans and monitors your projects for security vulnerabilities.
TypeScript
4,856
star
2

driftctl

Detect, track and alert on infrastructure drift
Go
2,431
star
3

zip-slip-vulnerability

Zip Slip Vulnerability (Arbitrary file write through archive extraction)
663
star
4

actions

A set of GitHub actions for checking your projects for vulnerabilities
HTML
489
star
5

vulnerabilitydb

Snyk's public vulnerability database
369
star
6

parlay

Enrich SBOMs with data from third party services
Go
108
star
7

leaky-vessels-static-detector

Static detection tool for runc and Docker "Leaky Vessels" vulnerabilities
Go
94
star
8

leaky-vessels-dynamic-detector

Leaky Vessels Dynamic Detector
C
92
star
9

broker

A broker system between a public service and a private service
TypeScript
84
star
10

kubernetes-monitor

Use Snyk to find and fix vulnerabilities in your Kubernetes workloads
TypeScript
81
star
11

socketsleuth

Burp Extension to add additional functionality for pentesting websocket based applications
Java
76
star
12

release-notes-preview

GitHub Action for providing release notes preview for semantic releases
TypeScript
75
star
13

vscode-extension

Snyk extension for Visual Studio Code
TypeScript
75
star
14

snyk-to-html

export test reports from CLI to html
JavaScript
68
star
15

snyk-maven-plugin

Test and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.
Java
63
star
16

nodejs-lockfile-parser

Generate a Snyk dependency tree from package-lock.json or yarn.lock file
TypeScript
52
star
17

snyk-intellij-plugin

Snyk Vulnerability Scanner for IDEs based on the IntelliJ platform
Kotlin
51
star
18

snyk-images

A build toolchain for Snyk Docker images.
TypeScript
51
star
19

awesome-snyk-community

Awesome Snyk community contributions, champions, integrations, blogs, tools and more πŸ’œ
42
star
20

serverless-snyk

Serverless plugin for securing your dependencies with Snyk
JavaScript
40
star
21

snyk-ls

Language Server using LSP meant to be used by IDEs as Snyk Backend for Frontends
Go
38
star
22

jobs

Job opportunities at Snyk - join us in driving Open Source Security!
JavaScript
38
star
23

policy-engine

Unified Policy Engine
Go
37
star
24

faker-security

Python Faker provider for security related data
Python
35
star
25

snyk-api-import

⚑️Snyk API powered import tool to help you automate & monitor a large scale import into Snyk organizations. Designed for onboarding with a built in queue & retries πŸ“ˆ
TypeScript
35
star
26

dep-graph

Represents a dependency graph
TypeScript
31
star
27

snyk-visual-studio-plugin

Snyk Visual Studio Extension
C#
27
star
28

snyk-azure-pipelines-task

TypeScript
26
star
29

resolve-deps

Resolves a node package tree with combined support for both npm@2 and npm@3
TypeScript
26
star
30

snyk-docker-plugin

This plugin provides dependency metadata for Docker images
TypeScript
24
star
31

snyk-gradle-plugin

Basic Snyk CLI plugin for Gradle support
TypeScript
24
star
32

user-docs

Gitbook documentation repo.
Go
23
star
33

sweater-comb

API linting rules
TypeScript
21
star
34

snyk-orb

Integrate Security into your CircleCI pipeline with Snyk
20
star
35

vervet

API resource versioning tool
Go
18
star
36

pkgbot

Superseded by @statsbot (private repo)
JavaScript
18
star
37

event-loop-spinner

Centralised event loop spinning
TypeScript
17
star
38

driftctl-action

GitHub Action for driftctl
Shell
17
star
39

artifactory-snyk-security-plugin

Allow Artifactory users to test their applications against the Snyk vulnerability database
Java
17
star
40

snyk-python-plugin

Basic Snyk CLI plugin for Python support
Python
16
star
41

homebrew-tap

An automatically updated Homebrew tap for Snyk
Ruby
16
star
42

nodejs-runtime-agent

Snyk Node Runtime Agent
JavaScript
16
star
43

snyk-apps-demo

Snyk demo app that showcases how Snyk Apps work, including the authorization flow.
TypeScript
15
star
44

gradle-plugin

Snyk Gradle Plugin - Scanning and monitoring your dependencies for security vulnerabilities from Gradle
Java
15
star
45

nexus-snyk-security-plugin

Allow Nexus users to test their applications against the Snyk vulnerability database
Java
15
star
46

snyk-eclipse-plugin

Eclipse plugin
Java
14
star
47

snyk-broker-helm

Smarty
12
star
48

snyk-poetry-lockfile-parser

TypeScript
11
star
49

java-call-graph-builder

Tool for building a call graph for the JVM ecosystem (Maven, Gradle...)
TypeScript
11
star
50

fluentd-logzio-kubernetes

A kubernetes daemonset that pushes your cluster logs to logz.io using fluentd
Shell
10
star
51

snyk-go-plugin

Basic Snyk CLI plugin for Golang support
TypeScript
10
star
52

ruby-semver

A semver parser that uses RubyGem's semantics with node-semver's api
TypeScript
10
star
53

cocoapods-lockfile-parser

Generate a Snyk dependency graph from a Podfile.lock file
TypeScript
9
star
54

teamcity-snyk-security-plugin

Allow TeamCity users to test their applications against the Snyk vulnerability database
Java
9
star
55

snyk-mvn-plugin

Basic Snyk CLI plugin for Maven support
TypeScript
9
star
56

code-client

Typescript consumer of public API
TypeScript
9
star
57

snyk-go-parser

A library to parse dependency manifests for Go
TypeScript
9
star
58

dotnet-deps-parser

Generate a dependency tree from .NET & .NET Core manifest files
TypeScript
8
star
59

unified-range

Uniform version ranges based on the Maven VersionRange spec
Python
8
star
60

scoop-snyk

A Scoop Bucket for Snyk, making installation on Windows easier
Ruby
8
star
61

snyk-iac-rules

Go
8
star
62

github-codeowners

TypeScript
8
star
63

snyk-sbt-plugin

Basic Snyk CLI plugin for SBT support
TypeScript
8
star
64

java-reachability-playground

Intentionally vulnerable repository for demonstration of reachability features
Java
7
star
65

policy

Snyk policy parser and matching logic
TypeScript
7
star
66

snyk-code-review-exercise

Example Code Review Exercise
7
star
67

snyk-github-import

Import projects from GitHub repos modified since a given date
JavaScript
7
star
68

go-application-framework

Framework for building client side applications like the Snyk CLI with its Extensions
Go
7
star
69

koa2-bunyan-server

A structured logging example using koa2 and bunyan
JavaScript
6
star
70

go-httpauth

"Advanced" HTTP Authentication mechanisms to be used in the golang HTTP stack
Go
6
star
71

dev-null

FOR TESTING ONLY
6
star
72

snyk-hex-plugin

Elixir
6
star
73

rpm-parser

Produce a list of dependencies from an RPM database file
TypeScript
6
star
74

kubernetes-scanner

Collects data about Kubernetes resources for Snyk
Go
6
star
75

snyk-iac-aws-cdk

Snyk Infrastructure as Code Demo for AWS CDK
JavaScript
5
star
76

java-runtime-agent

Java runtime instrumentation
Java
5
star
77

config

Common config loader for snyk
TypeScript
5
star
78

snyk-cpp-plugin

Snyk CLI C/C++ plugin
TypeScript
5
star
79

code-sdk-java

Snyk Code Public API package in Java
Java
5
star
80

snyk-php-plugin

Basic Snyk CLI plugin for PHP support
TypeScript
5
star
81

cloud-config-parser

A utility library for finding issues in configuration files
TypeScript
5
star
82

snykwire

JavaScript
4
star
83

snyk-docker-analyzer

CLI for analyzing docker images (previous method, see snyk-docker-plugin)
Go
4
star
84

snyk-iac-cloudformation

Snyk Infrastructure as Code Cloudformation demo
4
star
85

snyk-nuget-plugin

Basic Snyk CLI plugin for .NET support
TypeScript
4
star
86

resolve-package

Resolves the location of a node package given a path
HTML
4
star
87

driftctl-docs

Docs site for driftctl
MDX
4
star
88

composer-lockfile-parser

Snyk composer.lock file parser
TypeScript
4
star
89

press-kit

Snyk's press kit
4
star
90

snyk-to-jira

Shell script to convert Snyk issues to JIRA tickets
Shell
4
star
91

try-require

Snyk package loading system with policy detection
JavaScript
3
star
92

follow-npm

Simple cli tool that prints package@version to stdout
JavaScript
3
star
93

snyk-bazel-plugin

Basic Snyk CLI plugin for Bazel support
TypeScript
3
star
94

cli-extension-sbom

Go
3
star
95

snyk-cocoapods-plugin

Basic Snyk CLI plugin for CocoaPods support
TypeScript
3
star
96

broker-snyk-client-example

An example of the old-style broker configuration. Please read the newer docs.
3
star
97

nuget-semver

A semver parser that uses nuget semantics with node-semver's api
JavaScript
2
star
98

test-pug

Ruby
2
star
99

spring-bean-printer

Java
2
star
100

clojure-manifest-parser

WIP
TypeScript
2
star