You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DevGuard for VS Code brings a focused DevGuard workflow straight into your editor. It helps you inspect dependency risk, connect the workspace to a DevGuard asset, export SBOMs, and run a few common security actions without switching tools.
27
+
The DevGuard VS Code extension brings a focused DevGuard workflow straight into your editor. It helps you inspect dependency risk, connect the workspace to a DevGuard asset with a [personal access token](/explanations/personal-access-token), [export SBOMs](/how-to-guides/compliance/export-sbom), and run a few common security actions without switching tools.
28
28
29
29
---
30
30
@@ -62,7 +62,7 @@ After connecting with a personal access token, you can pick an organization, pro
62
62
63
63
### SBOM Generation
64
64
65
-
After connecting to your DevGuard instance you can run a SCA scan to generate an SBOM for your project.
65
+
After connecting to your DevGuard instance you can run a [software composition analysis (SCA) scan](/how-to-guides/scanning/scan-dependencies) to generate an SBOM for your project.
@@ -72,7 +72,7 @@ It will be uploaded to your DevGuard instance, but you can also view it directly
72
72
73
73
### Dependency proxy setup
74
74
75
-
If you want npm installs to go through DevGuard's proxy, the extension can setup your `.npmrc` for you in one step. Optionally, you can provide a dependency proxy secret when you are prompted, if your organization uses one.
75
+
If you want npm installs to go through [DevGuard's dependency proxy](/how-to-guides/dependency-proxy/setup-npm-proxy), the extension can setup your `.npmrc` for you in one step. Optionally, you can provide a dependency proxy secret when you are prompted, if your organization uses one.
@@ -84,7 +84,7 @@ Your `.nmprc` will then contain:
84
84
85
85
The DevGuard VS Code extension provides you with commands that will bootstrap or remove DevGuard git hooks for local commit-time checks. The hooks call the DevGuard scanner from Docker, so you get a lightweight local safety net before commits land.
86
86
87
-
So far, DevGuard provides you with a secret-scan setup as a pre-commit hook to prevent secrets from ending up in your commits permanently.
87
+
So far, DevGuard provides you with a [secret-scanning](/explanations/devsecops/secret-scanning) setup as a pre-commit hook to prevent secrets from ending up in your commits permanently.
@@ -100,7 +100,7 @@ The statusbar will reflect if the DevGuard git hooks are present in your `.git/h
100
100
101
101
### SAST scanning on save
102
102
103
-
When enabled through the `{devguard.sast.enabled}` setting (`default` is `true`), the extension runs a Docker-based DevGuard SAST scan on save for supported files, so issues surface as you work instead of only after a manual scan. Resulting issues will be displayed in the `PROBLEMS` Tab of VS Code.
103
+
When enabled through the `{devguard.sast.enabled}` setting (`default` is `true`), the extension runs a Docker-based DevGuard [static application security testing (SAST)](/explanations/devsecops/sast) scan on save for supported files, so issues surface as you work instead of only after a manual scan. Resulting issues will be displayed in the `PROBLEMS` Tab of VS Code.
0 commit comments