v1.0 — now on Open VSX

Security scanning
inside your editor

CVE detection, OWASP header linting, STRIDE threat modeling, and one-click fixes — all without leaving VS Code.

bene-guard — VS Code

bene-guard running in VS Code showing security overview sidebar with A+ grade, CVE findings, and STRIDE threat analysis

Features

Everything you need to ship secure code

CVE scanning

Scans package.json and lock files on every save. Queries the OSV API — the same database behind GitHub Dependabot — and shows inline diagnostics with severity-coded colours and direct advisory links.

Header linting

Parses Next.js, Vercel, Netlify, and Helmet configs. Checks 7 OWASP headers against production best practices. Flags missing headers and dangerous misconfigurations like unsafe-inline CSP and wildcard CORS.

One-click fixes

Every finding comes with lightbulb actions. Insert secure defaults, strip unsafe directives from CSP, or jump straight to the relevant OWASP cheat sheet. Fix vulnerabilities without leaving your editor.

STRIDE threat model

Analyzes your codebase for auth surfaces, databases, API routes, external services, secrets, and file I/O. Maps each component to STRIDE threat categories with severity and mitigation suggestions.

A+

Security grade

One grade. Full picture.

bene-guard combines CVE severity scores, header configuration weights, and STRIDE threat surface analysis into a single letter grade — visible in your status bar and sidebar at all times.

CVE findings

Header misconfigs

STRIDE threats

Get started in seconds

Install from Open VSX or download the .vsix directly. Works with VS Code, VSCodium, Cursor, Windsurf, and Gitpod.

Open VSX

Search "bene-guard"

VS Code

Ctrl+Shift+P → Install from VSIX

Security scanninginside your editor