Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.
In this article, you will learn how to:
- Install Lucent Sky AVM for Eclipse IDE
- Scan an application
- Review the identified result and their Instant Fix
At the end, you will be able to use the Lucent Sky AVM for Eclipse IDE to scan projects, review scan results, and apply Instant Fixes to remediate vulnerabilities automatically.
Prerequisites
- Eclipse IDE - This article uses Eclipse IDE 2024-06, but the Lucent Sky AVM for Eclipse IDE can also be used in other supported version of Eclipse IDE.
Install Lucent Sky AVM for Eclipse IDE
To learn more about the installation and configuration of Lucent Sky AVM for Eclipse IDE, as well as system requirements, view the following article in the Lucent Sky Knowledge Base:
Administration guide to Lucent Sky AVM for Eclipse IDE
Create an API key
- Go to the Web UI in your browser, and then sign in with your credentials.
- Go to Settings > Account, and select Create a new key. In the dialog, enter CLI as the description of the key, then select Create Key.
- Select and copy the generated API key.
Scan a project
- In Eclipse IDE, open the workspace containing the project, and open the project.
- Under Package Explorer, select and hold (or right-click) the project to scan, and then select Scan with Lucent Sky AVM.
- The New Scan - Lucent Sky AVM dialog will appear. Select Sign In, and sign in with your Lucent Sky AVM API key.
- To create a new application for the scan, select New Application. In the New Application - Lucent Sky AVM window, enter the name of the application, select its framework, and review and change its vectors, rule package, runtime, and scan arguments as needed. Then, select OK to create the application.
- Alternatively, select an existing application in the New Scan - Lucent Sky AVM window to use for the scan.
- Review and change the weakness policies, vectors, and scan arguments as needed. Select Scan to start the scan.
- The Lucent Sky AVM window will appear. When the scan is in progress, the Console window will display information about its progress.
Review scan results
- Once the scan is completed, the scan results will appear in the Lucent Sky AVM window.
- Expanding a vulnerability category will show all results under that category. Expanding a result will show its Statements, Instant Fix, and Suggestion. Double-click on one of the Statements or Instant Fixes to open the file in the editor and go to the relevant line of code.
- To apply Instant Fix to a result, select and hold (or right-click) the Instant Fix of the result then select Remediate.
- To apply Instant Fixes to all results of the same vulnerability category, select and hold (or right-click) the category then select Remediate Vulnerabilities.
- To apply Instant Fixes to all results, select and hold (or right-click) the top node in the Lucent Sky AVM window, then select Remediate All Vulnerabilities.