|
1 | 1 | # CodeQL Scanner VSCode Extension |
| 2 | + |
| 3 | + |
| 4 | + |
| 5 | +[](https://marketplace.visualstudio.com/items?itemName=codeql-scanner.codeql-scanner-vscode) |
| 6 | +[](https://marketplace.visualstudio.com/items?itemName=codeql-scanner.codeql-scanner-vscode) |
| 7 | +[](LICENSE) |
| 8 | + |
| 9 | +## 🔍 Supercharge Your Code Security with CodeQL |
| 10 | + |
| 11 | +Seamlessly integrate GitHub's powerful CodeQL scanning engine directly into your VS Code workflow. Detect vulnerabilities, find security flaws, and improve code quality without leaving your editor. |
| 12 | + |
| 13 | +## ✨ Key Features |
| 14 | + |
| 15 | +- **🛡️ Instant Security Analysis**: Scan your code for vulnerabilities directly from VSCode |
| 16 | +- **🔄 Real-Time Feedback**: Get immediate security insights as you code |
| 17 | +- **📊 Rich Result Visualization**: View detailed vulnerability reports with syntax highlighting and data flow paths |
| 18 | +- **🌊 Data Flow Analysis**: Trace security issues from source to sink with intuitive navigation |
| 19 | +- **🔄 GitHub Integration**: Connect to GitHub for enhanced scanning capabilities and team collaboration |
| 20 | +- **⚙️ Flexible Configuration**: Choose between local and remote scanning options to suit your workflow |
| 21 | +- **🧰 Multi-Language Support**: Analyze JavaScript, TypeScript, Python, Java, C#, C/C++, Go, Ruby, Swift, Kotlin, and Scala code |
| 22 | + |
| 23 | +## 🚀 Getting Started |
| 24 | + |
| 25 | +1. Install the extension from the [VS Code Marketplace](https://marketplace.visualstudio.com/items?itemName=codeql-scanner.codeql-scanner-vscode) |
| 26 | +2. Configure your GitHub token (optional for enhanced features) |
| 27 | +3. Open any code repository |
| 28 | +4. Run a scan using the command palette (`Ctrl+Shift+P` or `Cmd+Shift+P`): `CodeQL: Run Scan` |
| 29 | + |
| 30 | +## 📋 Available Commands |
| 31 | + |
| 32 | +| Command | Description | |
| 33 | +|---------|-------------| |
| 34 | +| `CodeQL: Run Scan` | Start a security scan on the current workspace | |
| 35 | +| `CodeQL: Initialize Repository` | Set up CodeQL for the current repository | |
| 36 | +| `CodeQL: Run Analysis` | Execute a full code analysis | |
| 37 | +| `CodeQL: Configure Settings` | Open the extension settings | |
| 38 | +| `CodeQL: Show Logs` | View the extension's log output | |
| 39 | +| `CodeQL: Clear Logs` | Clear all log entries | |
| 40 | +| `CodeQL: Clear Inline Diagnostics` | Remove inline problem markers | |
| 41 | +| `CodeQL: Show CLI Information` | Display information about the CodeQL CLI | |
| 42 | +| `CodeQL: Copy Flow Path` | Copy vulnerability data flow path to clipboard | |
| 43 | +| `CodeQL: Navigate Flow Steps` | Step through vulnerability data flow paths | |
| 44 | + |
| 45 | +## ⚙️ Configuration Options |
| 46 | + |
| 47 | +The extension provides several configuration options to customize its behavior: |
| 48 | + |
| 49 | +```json |
| 50 | +{ |
| 51 | + "codeql-scanner.github.token": "your-github-token", |
| 52 | +} |
| 53 | +``` |
| 54 | + |
| 55 | +## 💡 Why CodeQL Scanner? |
| 56 | + |
| 57 | +CodeQL is GitHub's semantic code analysis engine that lets you query code as if it were data. This extension brings that power directly into VS Code, allowing you to: |
| 58 | + |
| 59 | +- Detect potential security vulnerabilities early in development |
| 60 | +- Understand complex security issues with clear data flow visualization |
| 61 | +- Integrate advanced security scanning into your daily coding workflow |
| 62 | +- Improve code quality with actionable insights |
| 63 | + |
| 64 | +## 🔗 Integration with GitHub |
| 65 | + |
| 66 | +Connect the extension to GitHub for enhanced capabilities: |
| 67 | +- Access GitHub's vast CodeQL query library |
| 68 | +- Synchronize with your GitHub repositories |
| 69 | +- View and manage GitHub code scanning alerts |
| 70 | + |
| 71 | +## 🛠️ Development |
| 72 | + |
| 73 | +Want to contribute? Great! You can: |
| 74 | + |
| 75 | +1. Clone the repository: `git clone https://github.com/geekmasher/codeql-scanner-vscode.git` |
| 76 | +2. Install dependencies: `npm install` |
| 77 | +3. Build the extension: `npm run compile` |
| 78 | +4. Run tests: `npm run test` |
| 79 | + |
| 80 | +## 📜 License |
| 81 | + |
| 82 | +This project is licensed under the terms specified in the [LICENSE](LICENSE) file. |
| 83 | + |
| 84 | +## 🙏 Acknowledgements |
| 85 | + |
| 86 | +- Built on GitHub's powerful [CodeQL](https://github.com/github/codeql) engine |
| 87 | +- Inspired by the need for accessible security tools for all developers |
| 88 | + |
| 89 | +--- |
| 90 | + |
| 91 | +Happy Secure Coding! 🔒✨ |
0 commit comments