Get started with Lucent Sky AVM for Visual Studio Code

2024/9/5 |

Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.

In this article, you will learn how to:

  • Install Lucent Sky AVM for Visual Studio Code
  • Scan an application
  • Review the identified result and their Instant Fix

At the end, you will be able to use Lucent Sky AVM for Visual Studio Code to scan projects, review scan results, and apply Instant Fixes to remediate vulnerabilities automatically.

Prerequisites

  • Visual Studio Code - This article uses Visual Studio Code 1.91, but Lucent Sky AVM for Visual Studio Code can also be used in other supported version of Visual Studio Code.

Install Lucent Sky AVM for Visual Studio Code

To learn more about the installation and configuration of Lucent Sky AVM for Visual Studio Code, as well as system requirements, view the following article in the Lucent Sky Knowledge Base:
Administration guide to Lucent Sky AVM for Visual Studio Code

Create an API key

  1. Go to the Web UI in your browser, and then sign in with your credentials.
  2. Go to Settings > Account, and select Create a new key. In the dialog, enter CLI as the description of the key, then select Create Key.
  3. Select and copy the generated API key.

Scan a project

  1. In Visual Studio Code, open the workspace or folder containing the project.
  2. Open the Command Palette, select Lucent Sky AVM: Sign In, and sign in with your Lucent Sky AVM API key.
  3. To create a new application for the scan, open the Command Palette, select Lucent Sky AVM: New Application. Enter the name of the application, select the framework of the application, then review and change its vectors as needed. Then, select OK to create the application.
  4. Open the Command Palette, select Lucent Sky AVM: Scan, select the workspace folder containing the project, select the framework of the project, then select an application to use for the scan.
  5. When the scan is in progress, notifications will display information about its progress.

Review scan results

  1. Once the scan is completed, the scan results will appear in the Lucent Sky AVM window.
  2. Expanding a vulnerability category will show all results under that category. Expanding a result will show its Statements, Instant Fix, and Suggestion. Double-click on one of the Statements or Instant Fixes to open the file in the editor and go to the relevant line of code.
  3. To apply Instant Fix to a result, select and hold (or right-click) the Instant Fix of the result then select Remediate.