v2.0 — multi-ecosystem · secrets · monorepo

Security scanning
inside your editor

CVE detection across npm, PyPI, Go & Ruby. Secret detection. OWASP header linting. STRIDE threat modeling. One-click fixes — without leaving VS Code.

Install extension Watch demo
bene-guard — VS Code
bene-guard running in VS Code showing security overview sidebar with A+ grade, CVE findings, and STRIDE threat analysis
Live demo

See it in action

Watch bene-guard detect vulnerabilities, secrets, and misconfigurations as they appear — in real time inside your editor.

package.json — demo-project
package.json
app.js
next.config.js
CRITICAL CVE-2021-23337
lodash 4.17.11 — command injection via template
Quick fix → bump to 4.17.21
Features

Everything you need to ship secure code

Multi-ecosystem CVE scanning

Scans npm, PyPI, Go, and RubyGems manifests on every save via the OSV API — the same database powering GitHub Dependabot. Inline diagnostics with severity colours and advisory links.

Secret detection

Scans every source file for 15+ hardcoded credential patterns — AWS keys, GitHub tokens, Stripe, OpenAI, private keys, and more. Preview-safe: only the first 6 chars are shown, never the full value.

Header linting

Parses Next.js, Vercel, Netlify, and Helmet configs. Checks 7 OWASP headers against production best practices. Flags missing headers and misconfigs like unsafe-inline CSP and wildcard CORS.

STRIDE threat model

Analyzes auth surfaces, databases, API routes, external services, secrets, and file I/O. Maps each component to STRIDE categories with severity and mitigation suggestions. Exports to THREAT-MODEL.md and SARIF.

One-click fixes

Every finding comes with lightbulb code actions. Insert secure defaults, strip unsafe CSP directives, bump a vulnerable package, or jump to the OWASP cheat sheet — without leaving the editor.

Monorepo support

Discovers all manifests workspace-wide at activation — up to 50 files by default. The sidebar shows a "X files scanned" indicator so you always know the full coverage across all packages.

Try it yourself

Open the demo project

Clone the showcase repo, open demo-project/ in VS Code with bene-guard installed, and see all of these findings appear in real time.


View on GitHub

CVE findings (npm)

CRITlodash@4.17.11 · CVE-2021-23337
CRITminimist@1.2.0 · CVE-2021-44906
HIGHhandlebars@4.0.12 · CVE-2019-20920
MEDaxios@0.18.0 · CVE-2020-28168
MEDws@7.4.4 · CVE-2021-32640

CVE findings (Python)

CRITPillow@8.0.0 · CVE-2021-25287
CRITPyYAML@5.1 · CVE-2020-14343
HIGHDjango@2.2.0 · multiple

Hardcoded secrets (app.js)

SECRETHardcoded api_key / apiKey
SECRETHardcoded password
SECRETHardcoded client_secret
SECRETHardcoded access_token
SECRETHardcoded jwt_secret / jwtSecret

Header misconfigs (next.config.js)

HIGHMissing Content-Security-Policy
HIGHMissing X-Frame-Options
HIGHMissing Strict-Transport-Security
MEDWildcard CORS (Access-Control: *)
A+
Security grade

One grade. Full picture.

bene-guard combines CVE severity scores, secret detection, header configuration weights, and STRIDE threat surface analysis into a single letter grade — visible in your status bar and sidebar at all times.

CVE findings
Hardcoded secrets
Header misconfigs
STRIDE threats

Get started in seconds

Install from Open VSX or download the .vsix directly. Works with VS Code, VSCodium, Cursor, Windsurf, and Gitpod.

Open VSX
Search "bene-guard"
VS Code
Ctrl+Shift+P → Install from VSIX
Built with
TypeScript
VS Code API
OSV API
OWASP
STRIDE
npm
PyPI
Go
RubyGems
SARIF