The Lacework VS Code vulnerability scanner extension is a new plugin that will quickly identify vulnerabilities in your base images right from your IDE. This is a first step and alpha release with expanded and additional capabilities to be released soon.

This blog covers how to install lw-scanner and leverage it to perform image assurance scans from within VS Code.

Install lw-scanner
The plugin assumes that lw-scanner is installed on your local system. Installation instructions can be found here: support.lacework.com and the the latest release of the scanner binary can be found at github.com

Once lw-scanner is installed the next step is to download the Lacework plugin from the VS Code Marketplace.

With an active Dockerfile in the editor you can initiate an image assurance scan by clicking Command+Shift+P on macOS (Control+Shift+P on Windows/Linux).

Once the scan is complete you will see a summary next to the base image that will disappear along with a more detailed scan result available in the output window.

Source code can be found here for now: github.

This is just a quick preview update. For suggestions or feedback please open an issue on the repo. PRs welcomed. Stay tuned for more.

Cheers,
Jeff