Jit IDE Extension for Visual Studio Code
Overview
Enhance your coding experience and strengthen security with the Jit IDE Extension for Visual Studio Code.
Find us in VSCode Marketplace.
Key Features
Real-time Vulnerability Detection: Write secure code confidently as Jit's IDE extension detects and helps you fix vulnerabilities as you code.
Prevent Secrets from Being Pushed: Safeguard sensitive information by leveraging Jit's pre-commit hooks that prevent accidental exposure.
Streamlined and Secure Workflow: Access the power of Jit directly from your IDE. No additional tools or configurations needed.
Prerequisites
In order to use Jit Extension from your IDE:
- Docker must be up & running: The extension runs docker containers in the background to scan your code with multiple security tools.
Features
Quick fix highlights issues in the editor
Manage New and Existing Issues
Pre-Commit Hook
Jit includes a pre-commit hook that uses the pre-commit framework to check your code for security issues before you commit it.
Enable pre-commit hook
Open the command palette and search for "Jit: Install Pre Commit Hook".
Alternatively, you can install the pre-commit hook from the side panel of the extension and click the "Activate" button in the pre-commit section.
This will add the Jit pre-commit hook to your existing .pre-commit-config.yaml file. The hook will check for any security issues in your code before you commit it, helping you prevent insecure code from being committed to your repository.
If the hook finds any security issues in your code, it will fail the commit and provide diagnostic information to help you fix them. This can help you ensure that your code is always secure and free from vulnerabilities.
Configure pre-commit hook
You can configure the pre-commit hook to your specific needs and preferences. To do this:
- Open the settings view
- Search for the "jitsecurity.pre-commit" section
- Choose which security issues the hook will check for, and adjust other settings as needed
You can change these settings anytime, so you can easily adapt the hook to your changing needs and priorities.
Coverage
We support the following languages and file types—
| Language/File Type | Objective |
|---|---|
| Python | Code scanning Dependency check |
| JavaScript & TypeScript | Code scanning Dependency check |
| GoLang | Code scanning Dependency check |
| Java | Code scanning |
| Kotlin | Code scanning |
| C# | Code scanning |
| Swift | Code scanning |
| Rust | Code scanning |
| PHP | Dependency check |
| Text Files | Secret detection |
| Terraform / CloudFormation | Infrastructure-as-code scanning |
| Kubernetes | Infrastructure-as-code scanning |
| Dockerfile | Infrastructure-as-code scanning |
FAQ
-
What are the requirements for the extension to work?
- The extension requires Docker to be installed and running on your machine.
-
Do I have to worry about my code being saved by this extension?
- No. Your code is not saved by the extension. It only scans your code locally in a Docker container and displays the results in your IDE.
-
What happens if I don't have Docker installed?
- The extension will prompt you to install Docker if it is not already installed on your machine.
Updated 4 months ago