Skip to content

Commit dcf75a0

Browse files
committed
Adjusted README and added github actions
1 parent 1f84614 commit dcf75a0

2 files changed

Lines changed: 58 additions & 0 deletions

File tree

.github/workflows/release.yml

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
name: Build and Release VS Code Extension
2+
3+
on:
4+
push:
5+
tags:
6+
- "v*"
7+
8+
permissions:
9+
contents: write
10+
11+
jobs:
12+
build-and-release:
13+
runs-on: ubuntu-latest
14+
15+
steps:
16+
- name: Checkout code
17+
uses: actions/checkout@v4
18+
with:
19+
fetch-depth: 0
20+
persist-credentials: false
21+
22+
- name: Setup Node.js
23+
uses: actions/setup-node@v4
24+
with:
25+
node-version: 20
26+
cache: npm
27+
28+
- name: Install dependencies
29+
run: npm ci
30+
31+
- name: Install VSCE
32+
run: npm install -g @vscode/vsce
33+
34+
- name: Package extension
35+
run: vsce package
36+
37+
- name: Rename VSIX
38+
id: vsix
39+
run: |
40+
file=$(ls *.vsix | head -n1)
41+
mv "$file" DevGuard-VS-Code-Companion.vsix
42+
echo "file=DevGuard-VS-Code-Companion.vsix" >> "$GITHUB_OUTPUT"
43+
44+
- name: Create GitHub Release
45+
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844
46+
with:
47+
files: ${{ steps.vsix.outputs.file }}
48+
generate_release_notes: true

README.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,13 @@ The inline insights work **without signing in** — they use DevGuard's public p
2626

2727
## Getting started
2828

29+
### Installation
30+
31+
1. Download the `DevGuard-VS-Code-Companion.vsix` from our [release notes](https://github.com/l3montree-dev/devguard-vs-code-extension/releases).
32+
2. Open VS-Code and import the downloaded file to VS-Code under the `"Extensions-Tab"` (`Ctrl+K Ctrl+S (Windows/Linux)` or `Cmd+K Cmd+S (Mac)`) > `"..."` > `"Install from VSIX"`
33+
34+
### Using the extension
35+
2936
1. Open a project with a `package.json`. Badges appear automatically (no sign-in required).
3037
2. Run **DevGuard: Connect (Personal Access Token)** and paste your PAT. It is validated against the backend and stored in VS Code Secret Storage.
3138
3. Run **DevGuard: Select Organization / Project / Asset** (or click the status-bar item) to connect the workspace to an asset. Hovers then show that asset's open risks per package.
@@ -41,6 +48,8 @@ The inline insights work **without signing in** — they use DevGuard's public p
4148
| `DevGuard: Set Up Dependency Proxy (.npmrc)` | Point the project's npm registry at DevGuard's dependency proxy, which blocks malicious packages at install time. |
4249
| `DevGuard: View SBOM for Selected Asset` | Open the connected asset's CycloneDX SBOM as a read-only document. |
4350
| `DevGuard: Generate SBOM (Run devguard-scanner SCA)` | Run the `devguard-scanner sca` CLI on the project to generate and upload an SBOM to the selected asset, then refresh insights. |
51+
| `DevGuard: Setup Pre- and Post-Git-Commit-Hooks` | Bootstraps your locale `.git` folder with a pre-commit-hook for secret-scanning and a post-commit-hook for intoto-scanning |
52+
| `DevGuard: Removes Pre- and Post-Git-Commit-Hooks that were previously setup by DevGuard` | Removes the pre- and post-commit-hooks that were previously set up using the `devguard.setupGitHooks` command |
4453

4554
## Settings
4655

@@ -53,6 +62,7 @@ The inline insights work **without signing in** — they use DevGuard's public p
5362
| `devguard.request.timeoutMs` | `8000` | Per-request timeout. |
5463
| `devguard.cache.ttlMinutes` | `720` | How long package results are cached. |
5564
| `devguard.scannerPath` | `devguard-scanner` | Path to the `devguard-scanner` CLI used by "Generate SBOM". |
65+
| `devguard.sast.enabled` | `true` | Enables automatic sast-scans for file on save |
5666

5767
## How the version is resolved
5868

0 commit comments

Comments
 (0)