A GitHub Copilot extension that helps developers identify and fix security vulnerabilities in their code. This extension integrates with CodeQL, Snyk, and Dependabot to provide comprehensive security analysis.
list codeql- Shows a summary of all CodeQL security alerts, grouped by severityexpand {severity}- Lists all vulnerabilities of a specific severity level- Example:
expand medium,expand high,expand critical,expand low
- Example:
fix the vulnerability "{location}"- Get detailed fix suggestions for a specific vulnerability- Example:
fix the vulnerability "Hard-coded credentials in vulnerable/vulnerable1.ts:12"
- Example:
fix codeql- Get fix suggestions for the most severe open alert
snyk- Shows a summary of all Snyk security vulnerabilities in your projectfix vuln- Get detailed remediation steps for Snyk vulnerabilities
dependabot alerts- Lists all Dependabot security alerts for your repository
vulnerabilities {code}- Analyzes provided code snippet for potential security vulnerabilities- Example:
vulnerabilities function login(password) { ... }
- Example:
Vulnerabilities are typically displayed in a table format with the following columns:
- Severity (C = Critical, H = High, M = Medium, L = Low)
- Title
- Location (file path and line number)
- Fix Command
When requesting fixes, you'll receive:
- Explanation of the vulnerability
- Specific code fixes with before/after comparisons
- Additional security best practices
- Testing recommendations
- The extension requires appropriate GitHub tokens and permissions to access security features
- Fix suggestions are generated using GPT-4 and should be reviewed before implementation
- Some commands may require specific security tools to be enabled in your repository
Start the server
npm install
npm run dev
Open the extension
open http://localhost:3000