зеркало из https://github.com/microsoft/DevSkim.git
Removed Unneeded README Files (#171)
This commit is contained in:
David Alcantar
GitHub
Родитель
be944676e0
Коммит
8f7c33dbfc
|
|
@ -1,35 +0,0 @@
|
|||
# DevSkim
|
||||
|
||||
DevSkim is a framework of IDE extensions and Language analyzers that provide inline security analysis
|
||||
in the dev environment as the developer writes code. It is designed to work with multiple IDEs
|
||||
(VS, VS Code, Sublime Text, etc.), and has a flexible rule model that supports multiple programming
|
||||
languages. The idea is to give the developer notification as they are introducing a security
|
||||
vulnerability in order to fix the issue at the point of introduction, and to help build awareness
|
||||
for the developer.
|
||||
|
||||
### PUBLIC PREVIEW
|
||||
|
||||
DevSkim is currently in *public preview*. We're looking forward to working with the community
|
||||
to improve both the scanning engines and rules over the next few months, and welcome your feedback
|
||||
and contributions!
|
||||
|
||||
### Repository Structure
|
||||
|
||||
DevSkim and its plugins/extensions are currently being merged here into a single repository.
|
||||
|
||||
This repository contains DevSkim and its plugins each within their own folder. Issues and contributions are accepted here for all of these tools:
|
||||
|
||||
* DevSkim - CLI tool, plus common rules and guidance
|
||||
* DevSkim-VisualStudio-Extension
|
||||
* DevSkim-VSCode-Plugin
|
||||
|
||||
### Writing Rules
|
||||
|
||||
Please see [Writing Rules](https://github.com/Microsoft/DevSkim/wiki/Writing-Rules) for
|
||||
instructions on how to author new rules.
|
||||
|
||||
### Reporting Issues
|
||||
|
||||
Please see [CONTRIBUTING](https://github.com/Microsoft/DevSkim/blob/master/CONTRIBUTING.md) for
|
||||
information on reporting issues and contributing code.
|
||||
|
||||
|
|
@ -1,48 +0,0 @@
|
|||
# README
|
||||
|
||||
This is the VS Code plugin project for DevSkim. It is implemented in two parts - a Client that handles the integration and interaction with VS Code, and an out of proc server that handles the analysis. This allows for more process intensive analysis without interfering in the responsiveness of the IDE.
|
||||
|
||||
A primer for VS Code Language Servers can be found at <https://code.visualstudio.com/docs/extensions/example-language-server> and a primer on the protocol between the language server and client can be found at <https://github.com/Microsoft/language-server-protocol/blob/master/protocol.md>.
|
||||
|
||||
As with most VS Code extensions, this project is implemented in TypeScript running on Node.js.
|
||||
|
||||
## PUBLIC PREVIEW
|
||||
|
||||
DevSkim is currently in *public preview*. We're looking forward to working with the community
|
||||
to improve both the scanning engines and rules over the next few months, and welcome your feedback
|
||||
and contributions!
|
||||
|
||||
## Running DevSkim in VS Code
|
||||
|
||||
For people simply interested in using DevSkim in VS Code, it can be installed and run from the [VS Code Extension Marketplace](https://marketplace.visualstudio.com/items?itemName=MS-DevSkim.vscode-devskim). In VS Code launch the VS Code Quick Open (Ctrl + P), paste the following command, and press enter:
|
||||
|
||||
ext install ms-devskim.vscode-devskim
|
||||
|
||||
This will install the DevSkim Plugin in
|
||||
|
||||
- **Windows:** %USERPROFILE%\.vscode\extensions\vscode-devskim
|
||||
- **Mac/Linux:** $HOME/.vscode/extensions/vscode-devskim
|
||||
|
||||
The rules directory within the install location contains the JSON based rules definitions used by DevSkim to find and fix problems. DevSkim will by default run any rules located in the rules/default (the rules that ship with DevSkim) and rules/custom (location for organizations to add their own rules) folders. By default, only fairly high confidence, high severity rules are enabled, however the the VS Code Settings allow the user to configure VS Code to also run the rules for Low Severity, Defense-in-Depth, and Manual Review.
|
||||
|
||||
## Getting started with Development
|
||||
|
||||
Install the TypeScript compiler if you have not already done so. Then clone this repo and:
|
||||
|
||||
> cd client
|
||||
> npm install
|
||||
> code .
|
||||
|
||||
> cd ../server
|
||||
> npm install
|
||||
> code .
|
||||
|
||||
This will install all of the dependencies and launch a VS Code instance for each component. Once up and running hit "ctrl+shift+b" (command+shift+b on the Mac) in the server project to build the server. The build script automatically copies the compiled server components into ../client/server, as the client needs a copy of server in order to function. Switch to the client VS Code instance, build it as well, and launch it (F5). This will run the DevSkim plugin in a new instance of VS Code set up to debug extensions
|
||||
|
||||
The README.md in both the client and server folders have more details on their specific component files.
|
||||
|
||||
Additionally, it is necessary to grab the rules folder from the [all up DevSkim Repo](https://github.com/Microsoft/DevSkim) and copy it into the client directory. This directory contains all of the rules that DevSkim runs against the file it is analyzing.
|
||||
|
||||
## Contributing
|
||||
|
||||
The README.md for the [all up DevSkim Repo](https://github.com/Microsoft/DevSkim) has the general details for contributing to the DevSkim project. This section is specific for the VS Code Plugin. As a TypeScript/Nodejs based project, use of NPM modules is par for the course. Since this project is distributed by Microsoft in the VS Code Marketplace and Microsoft has a policy requiring review of licenses of all third party components it distributes, every NPM Module added to VS Code needs to be reviewed internally by Microsoft before distribution in the Marketplace. This will delay contributions that add a new NPM Module from appearing in the official distribution of this plugin, however a couple of things can speed up the process. NPM with no dependencies or a small dependency tree are quicker to review (the whole dependency tree needs license review), and MIT (or similar licenses) require much less review than more restrictive licenses, or custom licenses.
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
# README
|
||||
|
||||
This is a language client implementation of DevSkim. This is the in proc component of the plugin that handles integration with VS Code and spawns the out of proc server (located in ../server). The server handles the actual analysis.
|
||||
|
||||
A primer for VS Code Lanuage Client/Servers can be found at https://code.visualstudio.com/docs/extensions/example-language-server and a primer on the protocol between the language server and client can be found at https://github.com/Microsoft/language-server-protocol/blob/master/protocol.md.
|
||||
|
||||
As with most VS Code extensions, this project is implemented in TypeScript running on Node.js.
|
||||
|
||||
Before beginning development on the server component open a console window to this directory and type
|
||||
|
||||
npm install
|
||||
|
||||
this will install the necessary dependencies from NPM
|
||||
|
||||
The README.md in the root directory of this project contains the bulk of details relevant to working with the DevSkim VS Code plugin
|
||||
|
||||
## Project files
|
||||
Within this project the relevant files are:
|
||||
* **package.json** - a vs code package definition, but very similar to the node.js format. This is where NPM dependencies are listed. also contains instructions to copy build output to ../client/server so the client can use it. It also informs VS Code of integration points. Information on its format can be found at <https://code.visualstudio.com/docs/extensionAPI/extension-manifest>
|
||||
* **src/extensions.ts** - contains the main VS Code language client functionality. The majority of the functionality is inherited from vscode-languageclient module, so the code in this file is relatively short.
|
||||
* **.vscode/launch.json** - instructions to VS Code on what actions to take in order to debug this project
|
||||
* **.vscode/tasks.json** - build task definition
|
||||
|
||||
Also of note, the ./server directory is populated by the output of the ../server build task. the ./rules directory is a git submodule containing the rule definitions in a JSON format
|
||||
|
||||
## Debugging
|
||||
Have the client and server open in separate VS Code instances, and build both (CTRL+Shift+b). Hit "F5" in the client to launch an instance of VS Code configured to debug the extensions. As most of the actual extension logic is in the server instead of the client, also hit F5 in the server instance of VS Code to attach and debug the server.
|
||||
|
|
@ -1,34 +0,0 @@
|
|||
#README
|
||||
|
||||
This is a language server implementation of DevSkim - an out of proc engine that handles the analysis capabilities for this VS Code plugin. The client component (in ../client) handles the actual integration with VS Code and runs in process.
|
||||
|
||||
A primer for VS Code Lanuage Servers can be found at <https://code.visualstudio.com/docs/extensions/example-language-server> and a primer on the protocol between the language server and client can be found at <https://github.com/Microsoft/language-server-protocol/blob/master/protocol.md>.
|
||||
|
||||
As with most VS Code extensions, this project is implemented in TypeScript running on Node.js.
|
||||
|
||||
Before beginning development on the server component open a console window to this directory and type
|
||||
|
||||
npm install
|
||||
|
||||
this will install the necessary dependencies from NPM
|
||||
|
||||
The README.md in the root directory of this project contains the bulk of details relevant to working with the DevSkim VS Code plugin
|
||||
|
||||
## Project files
|
||||
Within this project the relevant files are:
|
||||
* **package.json** - a vs code package definition, but very similar to the node.js format. This is where NPM dependencies are listed. also contains instructions to copy build output to ../client/server so the client can use it
|
||||
* **src/devskimServer.ts** - contains the main VS Code language server functionality, i.e. responding to connection events, response handlers, etc. This file orchestrates most of the activity
|
||||
* **src/devskimWorker.ts** - contains the class that handles all of the analysis logic
|
||||
* **src/devskimObjects.ts** - contains interface, enum, and other definitions used by Devskim.
|
||||
* **src/regexHelpers.ts** - the DevSkim rules are implemented using python style regular expressions which are *mostly* like javascript regexes. This file contains the logic to rationalize the differences
|
||||
* **.vscode/launch.json** - instructions to VS Code on what actions to take in order to debug this project
|
||||
* **.vscode/tasks.json** - build task definition
|
||||
|
||||
If you are looking to just add/edit the rules, they are loaded as a git submodule in ../client/rules
|
||||
|
||||
## Debugging
|
||||
Have the client and server open in separate VS Code instances, and build both (CTRL+Shift+b). Hit "F5" in both instancs of code to get debugging running for both. The server component automatically attaches after the client project has spawned a VS Code extension host window, however the server times out after 10 seconds if there is nothing to attach to.
|
||||
|
||||
|
||||
|
||||
|
||||
Загрузка…
Ссылка в новой задаче