Visual Studio Code Plugin for GOOGLE Vulnerability Scanner for Open Source

In this post, i will show you how to build and publish a vs code extension for Vulnerability Scanner for Open Source

Open-source security has been one of the hottest topics in enterprise security for the past two years. In an attempt to help organizations manage open-source software, Google today announced the launch of OSV-Scanner, a free vulnerability scanner designed to provide developers with access to vulnerability information about open-source projects, which it claims is the largest community-editable database for open-source vulnerabilities.

Make sure Git and Node.js are set up on your computer before you do anything else. The VS Code Extension Generator and Yeoman must then be installed. This command will allow us to install them:

npm install -g yo generator-code        

Once it is installed, run this command:

yo code        

You'll be given various options as a result that look like the one below.

A new extension project will be created in the current directory as a result. When the project is opened in VS Code, it ought to appear as follows:

In the 'extension.js' file, replace the code in there to the code below

// The module 'vscode' contains the VS Code extensibility AP
// Import the module and reference it with the alias vscode in your code below
const vscode = require('vscode');
const axios = require('axios');
let fs = require("fs");
var path = require('path');


// This method is called when your extension is activated
// Your extension is activated the very first time the command is executed


/**
 * @param {vscode.ExtensionContext} context
 */
function activate(context) {


    // Use the console to output diagnostic information (console.log) and errors (console.error)
    // This line of code will only be executed once when your extension is activated
    console.log('Congratulations, your extension "dd" is now active!');


    // The command has been defined in the package.json file
    // Now provide the implementation of the command with  registerCommand
    // The commandId parameter must match the command field in package.json
    let disposable = vscode.commands.registerCommand('dd.helloWorld', function () {
        // The code you place here will be executed every time your command is executed


        // Display a message box to the user
        vscode.window.showInformationMessage('Hello World from dd!');


        //  call the axios libray 
        let url = `https://api.osv.dev/v1/query`;


axios({
    method:'post',
    url,
    data: {
        "version": "1.2.0",
        "package": {
        "name": "moment",
        "ecosystem": "npm"}
        },
})
    .then(response => {
        if (response.status === 200) {
            vscode.window.showInformationMessage(JSON.stringify(response.status));


        //  fs.writeFileSync(path.join(vscode.workspace.rootPath,'giri.txt'), JSON.stringify(response.data));


        }
        else {
            
            vscode.window.showErrorMessage(response.status);
        }
    })
    .catch(error => {
        
        vscode.window.showErrorMessage("failure");
    });


    });


    context.subscriptions.push(disposable);
}


// This method is called when your extension is deactivated
function deactivate() {}


module.exports = {
    activate,
    deactivate
}

I        

To run this extension, press f5, this will open a new vs code window with the extension activated. So to test this, select a text in the editor, and open your command pallete by running CMD+SHIFT+P(on mac) or CTRL+SHIFT+P(on windows), and run Hello World(you can change this name),

It is that easy to build a vs code extension, you can extend this plugin for angular,node js ,python etc