Release: 1.0.0 • Contributions: Welcome
CodeArmor is a Visual Studio extension that helps developers detect and fix security vulnerabilities directly in their IDE.
It parses code for common weaknesses such as hard-coded secrets, unsafe input, insecure patterns, and provides actionable fixes with links to trusted resources.
The extension empowers developers to write secure code safely and efficiently with minimal performance impact.
- AWS Lambda focus: Scans handler-level code paths where security risks are most impactful (input validation, IAM permissions, secret handling).
- Low-noise approach: Minimized false positives, maximizing developer trust and everyday usability.
- Security Rules:
- Injection Prevention: Detects unsafe eval(), script injection, and unsanitized DOM APIs
- Deserialization Safety: Flags unsafe JSON.parse(), prototype pollution, untrusted object creation
- Secrets Management: Detects hardcoded credentials, API keys, tokens
- Input Validation: Highlights unsanitized user input (XSS, SQL injection risks)
- IAM Permissions: Surfaces overly permissive policies and risky role usage
- Seamless Integration — Works directly in Visual Studio
- Rule-Based Analysis — Focused on AWS Lambda handler logic (secrets detection, IAM rules, unsafe input, injection, deserialization, etc.)
- Low-Noise Scanning — Precision-focused to reduce false positives
- Actionable Guidance — Secure coding suggestions with resource links
- Lightweight & Fast — Runs in real-time without slowing your IDE
- Install Node.js
-
Install CodeArmor from Visual Studio Marketplace or load locally
-
Run: Open project in Visual Studio → Run and Debug sidebar → select Launch Extension (green arrow)
-
Debug: Set breakpoints, view logs in Debug Console, stop by closing the launched instance
-
Planned support expansion beyond AWS Lambda to broader Node.js and TypeScript projects.
-
Contributing: Please refer to our Contributing Guide.
| Name | GitHub |
|---|---|
| Thin Thin Khine | GitHub |
| Kevin Wu | GitHub |
| Peter Tan-Gatue | GitHub |
| Michal Marrow | GitHub |