Snyk is a Boston-based cybersecurity company specializing in cloud computing. It was founded in 2015 out of London and Tel Aviv with headquarters in Boston.

SecureVibe is free and focuses on the pre-commit stage. Massive respect to Snyk, though.

VulnCost is an open source security scanner for VSCode that helps find vulnerabilities in JavaScript, TypeScript & HTML packages, while you code. Receive feedback in-line with your code, such as the number of vulnerabilities a package being imported contains.

Hello Product Hunters, thanks for coming to check out our product! With a core mission of trying to make the open source ecosystem more secure, we are excited to launch our VSCode plugin VulnCost on Product Hunt. In short, VulnCost empowers developers to import more secure packages into their code and projects straight from the IDE. I'm Guy, the founder of Snyk. After founding a successful startup that was acquired by Akamai and serving as CTO of both companies, I discovered first-hand the challenges of modernizing security from the source - developers & common coding processes. Snyk strives to be a developer-first tool that integrates seamlessly with the tooling developers know and love from Github, to Docker, and even IDEs like VSCode and Intellij. By using VulnCost you will be able to immediately understand the security vulnerabilities you are introducing into your project, and even receive suggestions for more secure alternative packages and immediate fixes when available through a quick scan and pull request directly into your git processes. Today Snyk enables more than 400,000+ developers to scan and fix vulnerabilities in their open source libraries and containers, and this plugin is just one more way for us to make this even simpler and more accessible to all developers. We encourage you to check it out, and register for free to use Snyk and let us know what you think.

@guypod Woot! Really excited about this - awesome team work in getting this out! Always love a great tool striving to better the open source world!

@guypod Engaging developers in a truly devfirst fashion. Love it!

IMO this is *the* most important way to surface security vulnerabilities to developers: in context and at the time they are actually working on the code. A report that shows up in an inbox is just too far removed to encourage prompt action. Great work!