Monitor your code for exposed API keys, tokens, credentials, and high-risk security IaC misconfigurations

Last update: Dec 19, 2022

Overview

Spectral VS Code extension

The Spectral VS Code extension is a tool for developers that want to catch security issues (such as credentials, tokens and IaC misconfigurations) while still coding.

What is Spectral?

Monitor, classify, and protect your code, assets, and infrastructure for exposed API keys, tokens, credentials, and high-risk IaC security misconfigurations simply, without noise. Spectral comes with an industry's leading detector coverage with over 2500 different detectors built-in, including machine learning based detectors.

What this means in the context of a developer, working in VS Code, is that while you write your code, we're actively scanning it to make sure you don't accidentally enter sensitive data, which can be used against you if breached.

Spectral scans your code locally, sending only metadata back to our servers. No actual data (like credentials or tokens we may find) is transmitted outside your computer. This ensures we're never going to be a part of a supply-chain attack.

Read more about our mission statement here.

Install the extension

After you've installed the extension, you'll see a new icon in the activity bar.

First, you'll now need to fill in your Spectral DSN. Additionally, you'll need the Spectral binary in your PATH. The extension will guide you through those steps - read on to learn more.

Configuration

Sign up and get your SpectralOps account here. If you already have an account, sign in and do the next step.
Go to our docs in the bottom left menu and follow the instructions on downloading Spectral binary.
From Settings -> Organization, copy your DSN.
In Visual Studio Code, set your DSN in the SpectralOps extension.

Usage

Open a workspace you wish to scan with the SpectralOps extension.
Click Scan now
Scan results should appear in the SpectralOps extension and your editor.

Spectral DSN

The Spectral DSN (Data Source Name) is your personal key to communicate with Spectral. While the extension does not transmit data to our servers, you still need a DSN for Spectral to operate.

Spectral binary

This extension requires the Spectral binary to be present and available in your PATH. You can install it by following the instructions in our docs.

How to Contribute

We welcome issues to and pull requests against this repository!

License

This project is licensed under the MIT License. See LICENSE for further details.

Uptime monitoring RESTful API server that allows authenticated users to monitor URLs, and get detailed uptime reports about their availability, average response time, and total uptime/downtime.

Uptime Monitoring API Uptime monitoring RESTful API server that allows authenticated users to monitor URLs, and get detailed uptime reports about thei

Jun 14, 2022

Shield is a development framework for circom developers. The core reason is to provide libraries, plugins, and testing tools to ensure code quality and security.

SHIELD Shield is a development framework for circom developers but we plan it to other languages such as CAIRO, SNARKYJS etc. The core reason is to pr

Dec 22, 2022

Send encrypted and decrypted messages with verifiable keys and human readable names.

zooko-msg Encrypt and decrypt messages using AES with a preshared ECDH key generated using keys associated with Handshake names. I noticed that there

Jul 27, 2022

Please do not use this tracker to scam anyone! This is free and will be forever free. This tracking will never ask for seed phrases nor private keys. Keep safe!

CryptoBlades Tracker Related modules express - web application framework for node pug - template engine stylus - pre-processor CSS mongoose - nodejs o

Oct 13, 2022

Generate random ethereum wallets & private keys and then check if they match a wallet that contains some kind of balance, so that you can take it. In Node.js

Ethereum-Stealer Generate random ethereum wallets & private keys and then check if they match a wallet that contains some kind of balance, so that you

Dec 24, 2022

Fix for Object.keys, which normally just returns an array of strings, which is not good when you care about strong typing

Welcome to ts-object-keys 👋 Fix for Object.keys, which normally just returns an array of strings, which is not good when you care about strong typing

Jul 4, 2022

Comments

VS Code extension doesn't find spectral on my machine

Hello, I installed spectral via curl -L https://app.spectralops.io/latest/sh?dsn=https://[email protected] | sh.
Then I installed the extension in the VS Code and got the message "...We noticed that Spectral is not installed on your machine..."

I am using Mac OS 10.15.7,
The spectral binary is located in /usr/local/bin/spectral.
My shell is zsh.

opened by vladyslav-cherednychenko 4
update severities level
Description

Update severities to Spectralops new severities

Motivation and Context

We aligned the issue's severities based on the NIST standard (critical, high, medium, low, informational).

Issues will be mapped as follows:

Error -> high Warning -> medium Info -> informational

How Has This Been Tested?

Scanned an asset to view the new severities in the results

Checklist

[ ] Tests

[ ] Documentation

[ ] Linting

enhancement
opened by guylev008 0