These days software developers are able to deliver code in less time with the help from AI-tools. Clearly, these pair-programmers offer a multitude of benefits. Consequently, they significantly boost developer efficiency and productivity. Tools like GitHub Copilot (GHCP) help teams expedite their journey on development. Developers mention their need as a prompt and the AI-tool reverts with suggestions. As developers review the AI-generated code and embed additional code, it is important that the code is continuously scanned for any security vulnerabilities.
To notify developers on any security gaps like hard coded passwords, or secrets, etc; there are few utilities available in the marketplace. Of course, the end goal for our engineers is to deliver code that is secure and compliant. These plugins or utilities proactively notify developers on security and even on compliance issues as they build their code. One such extension is the HawkInspector from HCLSoftware. Very recently, I explored this utility and found it very helpful. Let me walk you through my journey of exploration with HawkInspector (while programming in Python).
Introducing HawkInspector
HCLSoftware’s HawkInspector acts as a vigilant guardian that automatically scans code for any potential security vulnerabilities and misconfigurations. It is easy to install in IDEs like Visual Studio Code. Once this is installed, it runs in the background and notifies developers about any issues on the fly. This proactive approach enables developers to identify and address risks early on, directly within the IDE, preventing them from becoming larger issues down the line. This powerful combination (GHCP + HawkInspector) empowers developers to write secure, high-quality code with speed and yes ….with confidence.
Some of the key features that HawkInspector offers are –
a. immediate scanning for confidential data
b. ability to exclude non-text files
c. option to customize regular expressions to identify data keywords.
Working with HawkInspector
The HawkInspector is an extension available at the Visual Studio Marketplace. So, first I downloaded this extension and then activated it in VS Code. I also had configured GHCP in this IDE.
I was building a simple Python application that was leveraging APIs and I intermittently prompted GHCP for help. HawkInspector started scanning the files that were open or being edited. As I typed in new code or accepted the suggestions from GHCP, I was notified about the issues. The notification popped up at the bottom right corner of the IDE as shown below. On clicking the ‘View Details’ button, the extension further shared details of the gap and location of error.
I was watching out for the gaps and resolved them quickly. I also had an option to disable the notifications. But, having an AI-assistant by my side that continuously reviewed my code and notified me, turned out to be very effective.
Summary – Worth the try !!
To conclude, HCLSoftware’s HawkInspector stands out as a promising solution. It goes beyond basic checks by offering deep integration with the IDE (integrated development environment) and providing actionable insights to resolve vulnerabilities quickly. With HawkInspector, teams can foster a security-first culture, minimizing risks and ensuring compliance without sacrificing their development speed. Its user-friendly interface and powerful features make it an invaluable asset for any team striving to build secure and reliable software.
Do explore this utility and share your feedback!!
