You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+10Lines changed: 10 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,6 +26,13 @@ The inline insights work **without signing in** — they use DevGuard's public p
26
26
27
27
## Getting started
28
28
29
+
### Installation
30
+
31
+
1. Download the `DevGuard-VS-Code-Companion.vsix` from our [release notes](https://github.com/l3montree-dev/devguard-vs-code-extension/releases).
32
+
2. Open VS-Code and import the downloaded file to VS-Code under the `"Extensions-Tab"` (`Ctrl+K Ctrl+S (Windows/Linux)` or `Cmd+K Cmd+S (Mac)`) > `"..."` > `"Install from VSIX"`
33
+
34
+
### Using the extension
35
+
29
36
1. Open a project with a `package.json`. Badges appear automatically (no sign-in required).
30
37
2. Run **DevGuard: Connect (Personal Access Token)** and paste your PAT. It is validated against the backend and stored in VS Code Secret Storage.
31
38
3. Run **DevGuard: Select Organization / Project / Asset** (or click the status-bar item) to connect the workspace to an asset. Hovers then show that asset's open risks per package.
@@ -41,6 +48,8 @@ The inline insights work **without signing in** — they use DevGuard's public p
41
48
|`DevGuard: Set Up Dependency Proxy (.npmrc)`| Point the project's npm registry at DevGuard's dependency proxy, which blocks malicious packages at install time. |
42
49
|`DevGuard: View SBOM for Selected Asset`| Open the connected asset's CycloneDX SBOM as a read-only document. |
43
50
|`DevGuard: Generate SBOM (Run devguard-scanner SCA)`| Run the `devguard-scanner sca` CLI on the project to generate and upload an SBOM to the selected asset, then refresh insights. |
51
+
|`DevGuard: Setup Pre- and Post-Git-Commit-Hooks`| Bootstraps your locale `.git` folder with a pre-commit-hook for secret-scanning and a post-commit-hook for intoto-scanning |
52
+
|`DevGuard: Removes Pre- and Post-Git-Commit-Hooks that were previously setup by DevGuard`| Removes the pre- and post-commit-hooks that were previously set up using the `devguard.setupGitHooks` command |
44
53
45
54
## Settings
46
55
@@ -53,6 +62,7 @@ The inline insights work **without signing in** — they use DevGuard's public p
0 commit comments