Get started with Lucent Sky AVM for Eclipse IDE

2023/8/7 |

Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.

In this article, you will learn how to:

  • Install Lucent Sky AVM for Eclipse IDE
  • Scan an application
  • Review the identified result and their Instant Fix

At the end, you will be able to use the Lucent Sky AVM for Eclipse IDE to scan applications, review identified results, and apply their Instant Fixes.

Prerequisites

  • Eclipse IDE - This article uses Eclipse IDE 2023-06, but the Lucent Sky AVM for Eclipse IDE can also be used in other supported version of Eclipse IDE.

Install Lucent Sky AVM for Eclipse IDE

To learn more about the installation and configuration of Lucent Sky AVM for Eclipse IDE, as well as system requirements, view the following article in the Lucent Sky Knowledge Base:
Administration guide to Lucent Sky AVM for Eclipse IDE

Scan an application

  1. Open the workspace containing the project you want to scan, and make sure the project is opened.
  2. Under Package Explorer, right-click on the project to scan, and then select Scan with Lucent Sky AVM.
  3. The Scan with Lucent Sky AVM dialog will pop up. If you have not signed in, select Sign in, and use your Lucent Sky AVM API key to sign in.
  4. You can select an existing application to link the scan to, or to create a new application by selecting Create New Application.
  5. After selecting an application or creating a new one, you can edit the scan arguments, and enable or disable rules and vectors as desired. Then select Scan to start the scan.
  6. The Lucent Sky AVM Results window will appear. When the scan is in progress, the Console window will display information about its progress.

Review the identified results and apply their Instant Fixes

  1. Once the scan is completed, the vulnerabilities will be shown in the Lucent Sky AVM Scan Results window. Expanding a vulnerability category will show all vulnerabilities under that category. Expanding a vulnerability will show the Statements, Instant Fix, or Suggestion of that vulnerability. Double-click one of the Statements or Instant Fixes to go to the line of code.
  2. To apply Instant Fix to a vulnerability, right-click on the Instant Fix of the vulnerability then select Remediate.