a.k.a. dbt™ power user makes vscode seamlessly work with dbt™: auto-complete, preview, column lineage, AI docs generation, health checks, cost estimation etc
Flags items that contain or depend on components known to be vulnerable to Remote Code Execution (RCE). These vulnerabilities may allow attackers to execute arbitrary code on the user's system, potentially leading to full system compromise, data theft, or further lateral movement. This includes both direct RCE risks in the item’s code and transitive risks introduced through dependencies.
Flags items that contain or rely on components with critical severity vulnerabilities, as identified by sources such as Google OSV and NVD. These vulnerabilities may expose the item to exploitation, including risks like backdoors, privilege escalation, or data compromise.
Flags Snippet type extensions that run code on the user's machine. Snippet should be static JSON files and not execute any code.
AI-powered analysis of the extension's source code for security insights and risk assessment.
API calls detected through static analysis of the source code. For more accurate insights, explore our sandbox dynamic analysis.
Any encoded/decoded secrets we managed to find in the source code, git repository, or related files
Known vulnerabilities and security issues detected in the extension's dependencies and code.
Any identifiers we detected that may indicate external communication from the item's code
Dependencies and third-party libraries used by the extension, including version information and license details.
