CVE detection across npm, PyPI, Go & Ruby. Secret detection. OWASP header linting. STRIDE threat modeling. One-click fixes — without leaving VS Code.
Watch bene-guard detect vulnerabilities, secrets, and misconfigurations as they appear — in real time inside your editor.
Scans npm, PyPI, Go, and RubyGems manifests on every save via the OSV API — the same database powering GitHub Dependabot. Inline diagnostics with severity colours and advisory links.
Scans every source file for 15+ hardcoded credential patterns — AWS keys, GitHub tokens, Stripe, OpenAI, private keys, and more. Preview-safe: only the first 6 chars are shown, never the full value.
Parses Next.js, Vercel, Netlify, and Helmet configs. Checks 7 OWASP headers against production best practices. Flags missing headers and misconfigs like unsafe-inline CSP and wildcard CORS.
Analyzes auth surfaces, databases, API routes, external services, secrets, and file I/O. Maps each component to STRIDE categories with severity and mitigation suggestions. Exports to THREAT-MODEL.md and SARIF.
Every finding comes with lightbulb code actions. Insert secure defaults, strip unsafe CSP directives, bump a vulnerable package, or jump to the OWASP cheat sheet — without leaving the editor.
Discovers all manifests workspace-wide at activation — up to 50 files by default. The sidebar shows a "X files scanned" indicator so you always know the full coverage across all packages.
Clone the showcase repo, open demo-project/ in VS Code with bene-guard installed, and see all of these findings appear in real time.
Install from Open VSX or download the .vsix directly. Works with VS Code, VSCodium, Cursor, Windsurf, and Gitpod.
Search "bene-guard"
Ctrl+Shift+P → Install from VSIX