VS Code extension
Catch risk before it leaves the editor. The extension shows inline diagnostics on manifest files, scans the workspace on save, and offers quick-fixes for upgradable dependencies — authenticated against your self-hosted dpndncY instance.
Install & authenticate
- Install the
.vsixfrom your dpndncY instance’s download page. - Authenticate with a Personal Access Token (PAT) scoped to your tenant.
What it does
| Feature | Detail |
|---|---|
| Inline diagnostics | Vulnerable dependencies and SAST findings underlined in package.json, requirements.txt, pom.xml, and more. |
| Scan on save / open | Configurable, with debounce. |
| Quick-fix lens | One-click bump for upgradable dependencies. |
| Severity filter | Show only the severities you care about while coding. |
Shift-left, literally
The cheapest place to fix a vulnerable dependency is before you commit it. The extension puts the same verdicts you’d see in CI right next to the line you’re editing.