Get started with Lucent Sky AVM for Visual Studio

2024/9/5 |

Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.

In this article, you will learn how to:

  • Install Lucent Sky AVM for Visual Studio
  • Scan an application
  • Review the identified result and apply their Instant Fixes

At the end, you will be able to use the Lucent Sky AVM for Visual Studio to scan projects, review scan results, and apply Instant Fixes to remediate vulnerabilities automatically.

Prerequisites

  • Visual Studio - This article uses Visual Studio 2022, but the Lucent Sky AVM for Visual Studio can also be used in other supported version of Visual Studio.

Install Lucent Sky AVM for Visual Studio

To learn more about the installation and configuration of Lucent Sky AVM for Visual Studio, as well as system requirements, view the following article in the Lucent Sky Knowledge Base:
Administration guide to Lucent Sky AVM for Visual Studio

Create an API key

  1. Go to the Web UI in your browser, and then sign in with your credentials.
  2. Go to Settings > Account, and select Create a new key. In the dialog, enter CLI as the description of the key, then select Create Key.
  3. Select and copy the generated API key.

Scan a project

  1. In Visual Studio, open the solution containing the project.
  2. In Solution Explorer, select and hold (or right-click) the project, and then select Scan with Lucent Sky AVM.
  3. The New Scan - Lucent Sky AVM dialog will appear. Select Sign In, and sign in with your Lucent Sky AVM API key.
  4. To create a new application for the scan, select New Application. In the New Application - Lucent Sky AVM window, enter the name of the application, select its framework, and review and change its vectors, rule package, runtime, and scan arguments as needed. Then, select Create to create the application.
  5. Alternatively, select an existing application in the New Scan - Lucent Sky AVM window to use for the scan.
  6. Review and change the weakness policies, vectors, and scan arguments as needed. Select Scan to start the scan.
  7. The Lucent Sky AVM window will appear. When the scan is in progress, the upper right corner will display information about its progress.

Review scan results

  1. Once the scan is completed, the scan results will appear in the Lucent Sky AVM window.
  2. Expanding a vulnerability category will show all results under that category. Expanding a result will show its Statements, Instant Fix, and Suggestion. Double-click on one of the Statements or Instant Fixes to open the file in the editor and go to the relevant line of code.
  3. To apply Instant Fix to a result, select and hold (or right-click) the Instant Fix of the result then select Remediate.
  4. To apply Instant Fixes to all results of the same vulnerability category, select and hold (or right-click) the category then select Remediate Vulnerabilities.
  5. To apply Instant Fixes to all results, select and hold (or right-click) the top node in the Lucent Sky AVM window, then select Remediate All Vulnerabilities.
  6. To undo the applied Instant Fixes, select Undo Remediation in the respected context-click menu.