{"id":13454544,"url":"https://github.com/trailofbits/vscode-weaudit","last_synced_at":"2025-04-03T01:11:48.848Z","repository":{"id":227674672,"uuid":"772021950","full_name":"trailofbits/vscode-weaudit","owner":"trailofbits","description":"Create code bookmarks and code highlights with a click.","archived":false,"fork":false,"pushed_at":"2024-09-13T08:34:13.000Z","size":26064,"stargazers_count":169,"open_issues_count":15,"forks_count":14,"subscribers_count":10,"default_branch":"main","last_synced_at":"2024-09-13T21:56:03.427Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://marketplace.visualstudio.com/items?itemName=trailofbits.weaudit","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trailofbits.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-03-14T11:42:10.000Z","updated_at":"2024-09-11T09:44:22.000Z","dependencies_parsed_at":"2024-04-18T16:43:14.860Z","dependency_job_id":"528da7e0-1388-4e51-8218-30e42d96e4c7","html_url":"https://github.com/trailofbits/vscode-weaudit","commit_stats":null,"previous_names":["trailofbits/vscode-weaudit"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fvscode-weaudit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fvscode-weaudit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fvscode-weaudit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trailofbits%2Fvscode-weaudit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trailofbits","download_url":"https://codeload.github.com/trailofbits/vscode-weaudit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246916761,"owners_count":20854514,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T08:00:55.193Z","updated_at":"2025-04-03T01:11:48.829Z","avatar_url":"https://github.com/trailofbits.png","language":"TypeScript","funding_links":[],"categories":["TypeScript"],"sub_categories":[],"readme":"\u003cpicture\u003e\n  \u003csource media=\"(prefers-color-scheme: dark)\" srcset=\"https://raw.githubusercontent.com/trailofbits/vscode-weaudit/main/media/banner-dark-mode.png\"\u003e\n  \u003csource media=\"(prefers-color-scheme: light)\" srcset=\"https://raw.githubusercontent.com/trailofbits/vscode-weaudit/main/media/banner-light-mode.png\"\u003e\n  \u003cimg alt=\"weAudit banner\" src=\"https://raw.githubusercontent.com/trailofbits/vscode-weaudit/main/media/banner-dark-mode.png\"\u003e\n\u003c/picture\u003e\n\n# weAudit - A collaborative code review tool for VSCode\n\n### [Release Blogpost](https://blog.trailofbits.com/2024/03/19/read-code-like-a-pro-with-our-weaudit-vscode-extension/) | [Installation](#installation) | [Features](#features)\n\nWeAudit is an essential extension in the arsenal of any code auditor.\n\nWith weAudit, you can bookmark regions of code to highlight issues, add notes, mark files as reviewed, and collaborate with your fellow auditors. Enhance your reporting workflow by writing the findings directly in VSCode, creating prefilled GitHub issues, and copying links. For the stats lovers, analyze your audit progress with the daily log, showing the number of files and LOC audited per day.\n\n![Screenshot](media/readme/screenshot.png)\n\n## Installation\n\nInstall weAudit directly from [weAudit @ VSCode Marketplace](https://marketplace.visualstudio.com/items?itemName=trailofbits.weaudit).\n\nSee the [Build and install](#build-and-install) section below for how to build and install from source.\n\n\n\n## Features\n\n-   [**Findings and Notes**](#findings-and-notes) - Bookmark regions of code to identify findings or to add audit notes.\n-   [**Audited Files**](#audited-files) - Mark an entire file as reviewed.\n-   [**Partially Audited Files**](#partially-audited-files) - Mark a region of code as reviewed.\n-   [**Detailed Findings**](#detailed-findings) - Fill detailed information about a finding.\n-   [**GitHub/Gitlab Issues**](#github-issues) - Create formatted GitHub or Gitlab issues with the Detailed Findings information.\n-   [**Multi-region Findings**](#multi-region-findings) - Group multiple locations under a single finding.\n-   [**Resolve and Restore**](#resolve-and-restore) - Resolved findings will not be highlighted in the editor but are still visible in the sidebar.\n-   [**Copy Permalinks**](#copy-permalinks) - Copy GitHub permalinks to findings, or to a selected code region.\n-   [**Daily Log**](#daily-log) - View a daily log of all the marked files and LOC per day.\n-   [**View Mode**](#view-mode) - View findings in a list, or grouped by filename.\n-   [**Multiple Users**](#multiple-users) - Findings can be viewed from multiple different users.\n-   [**Hide Findings**](#hide-findings) - Hide all findings associated with a specific user.\n-   [**Search \u0026 Filter Findings**](#search--filter-findings) - Search and filter the findings in the _List of Findings_ panel.\n-   [**Export Findings**](#export-findings) - Export findings to a markdown file.\n-   [**Drag \u0026 drop Findings and Locations**](#drag--drop-findings-and-locations) - Drag and drop findings and locations in the _List of Findings_ panel.\n-   [**Settings**](#settings) - Customize colors.\n\n---\n\n### Findings and Notes\n\nFindings and notes can be added to the current selection by calling the `weAudit: New Finding from Selection` or `weAudit: New Note from Selection` commands, or their respective keyboard shortcuts. The selected code will be highlighted in the editor, and an item added to the _List of Findings_ view in the sidebar.\n\n![Create Finding](media/readme/gifs/create_finding.gif)\n\nClicking on a finding in the _List of Findings_ view will navigate to the region of code previously marked.\n\nA file with a finding will have a `!` annotation that is visible both in the file tree, and in the file name above the editor.\n\n![File annotation](media/readme/finding_marker.png)\n\nThe highlighted colors can be customized in the [settings](#settings).\n\n### Audited Files\n\nAfter reviewing a file, you can mark it as audited by calling the `weAudit: Mark File as Reviewed` command, or its respective keyboard shortcut. The whole file will be highlighted and annotated with a `✓` in the file tree, and in the file name above the editor.\n\n![Mark File as Reviewed](media/readme/gifs/mark_audited.gif)\n\nThe highlighted color can be customized in the [settings](#settings).\n\n### Partially Audited Files\n\nYou can also partially mark a file as reviewed by selecting a region of code and calling the `weAudit: Mark Region as Reviewed` command. Partially reviewed regions can be merged together by calling the same command on a region containing.\nIf called on a region:\n - that matches an already audited region, the region will be unmarked.\n - containing an already audited region, the region will be extended.\n - contained in an already audited region, the region will be split into two regions.\n\nOnce a file is marked as audited with the `weAudit: Mark File as Reviewed` command, all partial regions will be discarded.\n\nThe following gif showcases all the scenarios described:\n![Mark Region as Reviewed](media/readme/gifs/mark_region_audited.gif)\n\nThe highlighted color can be customized in the [settings](#settings).\n\n### Detailed Findings\n\nYou can fill detailed information about a finding by clicking on it in the _List of Findings_ view in the sidebar. The respective _Finding Details_ panel will open, where you can fill the information.\n\n![Finding Details](media/readme/finding_details.png)\n\n### GitHub/Gitlab Issues\n\nYou can create a GitHub/Gitlab issue with the detailed findings information by clicking on the corresponding `Open Remote Issue` button in the _List of Findings_ panel. A browser window in will open prompting you to open the issue with the prefilled information from the _Finding Details_ panel.\n\n![Open Remote Issue](media/readme/gifs/create_gh_issue.gif)\n\n### Multi-region Findings\n\nYou can add multiple regions to a single finding or note. Once you select the code region to be added, call the `weAudit: Add Region to a Finding` and select the finding to add the region to from the quick pick menu. The regions will be highlighted in the editor, and the finding will be updated in the _List of Findings_ panel.\n\n![Add Region to a Finding](media/readme/gifs/multi_region_finding.gif)\n\n### Resolve and Restore\n\nYou can resolve a finding by clicking on the corresponding `Resolve` button in the _List of Findings_ panel. The finding will no longer be highlighted in the editor, but will still be visible in the _Resolved Findings_ panel. You can restore a resolved finding by clicking on the corresponding `Restore` button in the _Resolved Findings_ panel.\n\n![Resolve and Restore](media/readme/gifs/resolve_finding.gif)\n\n### Copy Permalinks\n\nCopy the Audit permalink by clicking on the corresponding `Copy Audit Permalink` button in the _List of Findings_ panel.\n\n![Copy Audit Permalink](media/readme/copy_permalink.png)\n\nCopy a permalink to any code region by right clicking and selecting one of the `weAudit: Copy Permalink` options in the context menu.\n\n![Copy Audit Permalink](media/readme/copy_permalink_context.png)\n\n### Daily Log\n\nYou can view a daily log of all the marked files and LOC per day by clicking on the `Daily Log` button in the _List of Findings_ panel.\n\n![Daily Log](media/readme/daily_log.png)\n\nYou can also view the daily log by calling the `weAudit: Show Daily Log` command in the command pallette, or its respective keyboard shortcut.\n\n### View Mode\n\nYou can view findings in a list, or grouped by filename by clicking on the `View Mode` button in the _List of Findings_ panel.\n\n![View Mode](media/readme/view_mode.png)\n\n![View Mode](media/readme/view_mode_grouped.png)\n\n### Multiple Users\n\nYou can share the weAudit file with you co-auditors to share findings. This file is located in the `.vscode` folder in your workspace named `$USERNAME.weaudit`.\n\nIn the `weAudit Files` panel, you can toggle to show or hide the findings from each user by clicking on the entries.\nThere are color settings for other user's findings and notes, and for your own findings and notes.\n\n![Multiple Users](media/readme/multi_user.png)\n\n### Hide Findings\nYou can hide all findings associated with a specific user by clicking on that user's name on the  `weAudit Files` panel.\n\n![Hide Findings associated to a user](media/readme/gifs/hide_findings.gif)\n\n### Search \u0026 Filter Findings\nYou can search for and filter the findings in the `List of Findings` panel by calling the `weAudit: Search and Filter Findings` command.\n\n![Filter Findings](media/readme/gifs/filter_findings.gif)\n\n### Export Findings\nYou can export the findings to a markdown file by calling the `weAudit: Export Findings as Markdown` command.\n\n### Drag \u0026 Drop Findings and Locations\nYou can drag and drop findings and locations in the _List of Findings_ panel to:\n- drag a location (from a multi location finding) into another finding;\n- drag a location (from a multi location finding) to create a separate finding;\n- drag a multi-location finding into another finding, moving all locations into it;\n- reorder locations within a single finding.\n\n![Drag \u0026 Drop Findings and Locations](media/readme/gifs/drag_drop.gif)\n\n### Settings\n\n#### Background colors\n\nEach background color is customizable via the VSCode settings page. Write as #RGB, #RGBA, #RRGGBB or #RRGGBBAA:\n\n-   `weAudit.auditedColor`: Background color for files marked as audited\n-   `wAudit.{other,own}findingColor`: Background color for findings\n-   `weAudit.{other,own}noteColor`: Background color for notes\n\n#### Keybindings\n\nYou can configure the keybindings to any of the extension's commands in the VSCode settings. The default shortcuts are:\n\n-   `weAudit.addFinding`: Add Selected Code To Findings: `cmd + 3`\n-   `weAudit.addNote`: Add Selected Code To Notes: `cmd + 4`\n-   `weAudit.deleteLocationUnderCursor`: Delete Finding Under Cursor: `cmd + 5`\n-   `weAudit.editEntryUnderCursor`: Edit Finding Under Cursor: `cmd + 6`\n-   `weAudit.toggleAudited`: Mark Current File As Reviewed: `cmd + 7`\n-   `weAudit.addPartiallyAudited`: Mark Region As Reviewed: `cmd + shift + 7`\n-   `weAudit.copySelectedCodePermalink`: Copy Permalink (for the Selected Code Region): `cmd + 8`\n\n## WeAudit Concepts\n\n-   **Findings and Notes**: A region of code that is of interest. Findings can be marked as \"Resolved\" or \"Restored\". There is no actual difference between findings and notes, except that they can be assigned different colors and that findings are displayed before notes in the _List of Findings_ panel.\n-   **Audited Files**: A file that has been reviewed. This is a binary state, either a file is audited or it is not.\n-   **Audit and Client Repositories**:\n    -   **Audit Repository**: The repository where issues should be created. This is usually the Trail of Bits repository with the code being audited.\n    -   **Client Repository**: The repository that the Audit Repository mirrors. This is used to create permalinks to include in the report.\n\n\n## Development\n\n### Build and install\n\nTo build and install a new vsix file run the following script:\n\n```bash\nnpm install\n./install.sh\n```\n\n### Linting and Formatting\n\nWe use ESLint and Prettier to enforce a consistent code style.\n\n```bash\n# run ESLint\nnpx eslint -c .eslintrc.json .\n\n# run Prettier\nnpx prettier --write .\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fvscode-weaudit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrailofbits%2Fvscode-weaudit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrailofbits%2Fvscode-weaudit/lists"}