Get started with Lucent Sky AVM for Visual Studio Code

2023/8/7 |

Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.

In this article, you will learn how to:

  • Install Lucent Sky AVM for Visual Studio Code
  • Scan an application
  • Review the identified result and their Instant Fix

At the end, you will be able to use Lucent Sky AVM for Visual Studio Code to scan applications, review identified results and apply their Instant Fixes.

Prerequisites

  • Visual Studio Code - This article uses Visual Studio Code 1.80, but Lucent Sky AVM for Visual Studio Code can also be used in other supported version of Visual Studio Code.

Install Lucent Sky AVM for Visual Studio Code

To learn more about the installation and configuration of Lucent Sky AVM for Visual Studio Code, as well as system requirements, view the following article in the Lucent Sky Knowledge Base:
Administration guide to Lucent Sky AVM for Visual Studio Code

Scan an application

  1. Open the workspace or folder containing the project you want to scan.
  2. Open the Command Palette, select Lucent Sky AVM: Sign in, then enter your Lucent Sky AVM API key.
  3. Open the Command Palette, select Lucent Sky AVM: Create application, enter the name of the application, then select the framework of the application.
  4. Open the Command Palette, select Lucent Sky AVM: Scan, select the workspace folder containing the project, select the framework of the project, then select an application you created previously to start the scan.
  5. The Lucent Sky AVM Results window will appear. When the scan is in progress, notifications will display information about its progress.

Review the identified results and apply their Instant Fixes

  1. Once the scan is completed, the vulnerabilities will be shown in the Lucent Sky AVM Scan Results window. Expanding a vulnerability category will show all vulnerabilities under that category. Expanding a vulnerability will show the Statements, Instant Fix, or Suggestion of that vulnerability. Double-click one of the Statements or Instant Fixes to go to the line of code.
  2. To apply Instant Fix to a vulnerability, right-click on the Instant Fix of the vulnerability then select Remediate.