Get started with Lucent Sky AVM for Visual Studio

2023/8/7 |

Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.

In this article, you will learn how to:

  • Install Lucent Sky AVM for Visual Studio
  • Scan an application
  • Review the identified result and apply their Instant Fixes

At the end, you will be able to use the Lucent Sky AVM for Visual Studio to scan applications, review identified results, and apply their Instant Fixes.

Prerequisites

  • Visual Studio - This article uses Visual Studio 2022, but the Lucent Sky AVM for Visual Studio can also be used in other supported version of Visual Studio.

Install Lucent Sky AVM for Visual Studio

To learn more about the installation and configuration of Lucent Sky AVM for Visual Studio, as well as system requirements, view the following article in the Lucent Sky Knowledge Base:
Administration guide to Lucent Sky AVM for Visual Studio

Scan an application

  1. For web applications, open the solution containing the project of the application in Visual Studio. For web sites, open the web site in Visual Studio.
  2. Under Solution Explorer, right-click on the project or website to scan, and then select Scan with Lucent Sky AVM.
  3. The Scan with Lucent Sky AVM dialog will pop up. If you have not signed in, select Sign in, and use your Lucent Sky AVM API key to sign in.
  4. You can select an existing application to link the scan to, or to create a new application by clicking Create New Application.
  5. After selecting an application or creating a new one, you can edit the scan arguments, and enable or disable rules and vectors as desired. Then select Scan to start the scan.
  6. The Lucent Sky AVM Results window will appear. When the scan is in progress, the upper right corner will display information about its progress.

Review the identified results and apply their Instant Fixes

  1. Once the scan is completed, the vulnerabilities will be shown in the Lucent Sky AVM Results window. Expanding a vulnerability category will show all vulnerabilities under that category. Expanding a vulnerability will show the Statements, Instant Fix, or Suggestion of that vulnerability. Double-click one of the Statements or Instant Fixes to go to the line of code.
  2. To apply Instant Fixes to all vulnerabilities, right-click All Results then select Remediate All Vulnerabilities. To apply Instant Fixes to all vulnerabilities under a certain rule, right-click on the rule (for example CWE79) then select Remediate Vulnerabilities in CWE79. To apply Instant Fix to a single vulnerability, right-click on the Instant Fix of the vulnerability then select Remediate.
  3. To undo the remediation applied in the previous step, select Undo Remediation in the respected right-click menus.