A short origin: BugBench began as a scrappy NetBeans plugin, matured into CodeRef for IntelliJ with a robust Java/Kotlin analysis engine, and was later wrapped into a JVM-backed language server and TypeScript client so the same engine could run inside VS Code and Kiro. The modern extension preserves the original analysis rules while giving you a lightweight, cross-editor experience with git-diff awareness, SARIF output, and an easy-to-rebuild VSIX.
From NetBeans to CodeRef to BugBench — the arc that matters
- Prototype (NetBeans) — fast, focused static checks to surface likely bugs in Java projects.
- Maturity (CodeRef / IntelliJ) — richer AST parsing, Kotlin support, and a proven rule set.
- Port (VS Code / Kiro) — instead of rewriting the analysis core, the team wrapped ~90% of the Java/Kotlin implementation into a JVM server and built a TypeScript client. That allowed the same engine to be consumed by modern editors while keeping the analysis logic intact.
What the BugBench extension gives you (features and benefits)
- On‑demand project scans powered by the original Java/Kotlin engine.
- Git diff awareness so scans can focus on changed files and produce compact, review‑friendly results.
- SARIF export for CI, code review, and security dashboards.
- Self‑contained VSIX packaging that bundles the JVM server artifacts and the TypeScript client for easy install in VS Code compatible editors.
- Editor commands and quick fixes surfaced inline so developers can triage issues without leaving the editor.
- Rebuildable from source — the repo documents how to produce the fat jars and package the VSIX so teams can audit and reproduce the build.
Quick start — install, run, and CI examples
Prerequisites
- JDK 17 (or the version documented in the repo)
- Node 20+ and npm or yarn
- Gradle (or use the included Gradle wrapper)
- ovsx CLI (optional, for publishing to Open VSX)
Install the extension (VSIX)
# If you have a VSIX file:
code --install-extension ./bugbench-1.2.3.vsix
# For Kiro or other VS Code forks:
kiro --install-extension ./bugbench-1.2.3.vsix
Download extension for VSCode and Kiro
Locate the BugBench extension from the website below;
https://open-vsx.org/extension
build the TypeScript client and package the extension
cd client
npm install
npm run build
create VSIX (uses vsce or similar packager)
npx vsce package
result: bugbench-.vsix
#### Publish to Open VSX (optional)
bash
install ovsx
npm i -g ovsx
publish (you need an Open VSX account and token)
ovsx publish ./bugbench-.vsix --pat
#### Run the bundled JVM scanner locally
bash
run a full workspace scan
java -jar build/libs/bugbench-server-all.jar --scan . --format sarif --out results.sarif
run a git-diff focused scan (scan only changed files)
java -jar build/libs/bugbench-server-all.jar --scan . --diff HEAD~1 --format sarif --out diff-results.sarif
#### CI example: produce SARIF and upload
bash
produce SARIF
java -jar build/libs/bugbench-server-all.jar --scan src --format sarif > bugbench.sarif
upload to a SARIF consumer (example placeholder)
curl -X POST -H "Content-Type: application/sarif+json" --data-binary @bugbench.sarif https://ci.example.com/sarif/upload
---
### Commands and actions inside Kiro (editor commands)
The extension exposes editor commands (Command Palette) and a small set of CLI-like actions you can trigger from Kiro. Typical commands you’ll see in the Command Palette:
- **BugBench: Scan Workspace** — run a full project scan.
- **BugBench: Scan Git Diff** — scan only files changed in the current branch or between two commits.
- **BugBench: Toggle Live Scan** — enable/disable background scanning on file save.
- **BugBench: Show Results** — open the results panel with issues grouped by file and rule.
- **BugBench: Export Results as SARIF** — export the last scan to a SARIF file.
- **BugBench: Open Server Logs** — view the JVM server logs for debugging.
- **BugBench: Rebuild Index** — re-index project sources used by the analysis engine.
- **BugBench: Run Rule Set** — run a specific rule or rule group by name.
- **BugBench: Ignore Issue / Add Suppression** — add an inline suppression comment or project-level ignore entry.
You can bind these commands to keyboard shortcuts in Kiro’s keybindings if you prefer faster access.
---
### Kiro CLI examples (install, list, manage extensions)
Kiro exposes a `kiro` CLI compatible with many `code` commands. Useful commands:
bash
install an extension VSIX
kiro --install-extension ./bugbench-1.2.3.vsix
uninstall an extension
kiro --uninstall-extension vendor.bugbench
list installed extensions
kiro --list-extensions
show extension details (if supported)
kiro --show-versions
open Kiro with a workspace
kiro path/to/project
(If your Kiro build uses a different binary name, substitute accordingly; the extension also works via the editor UI.)
---
### Contributing and practical tips
- **Improve rules** in the Java/Kotlin analysis core if you want more precise detections.
- **Add or refine suppressions** and project-level configuration to reduce noise.
- **Enhance the TypeScript client** to add richer UI flows (e.g., inline fix suggestions, PR annotations).
- **Audit and rebuild** the VSIX in your CI to ensure reproducible artifacts for your org.
---
### Closing notes
BugBench’s story is a reminder that **good analysis engines outlive any single editor**. By wrapping the proven Java/Kotlin core in a JVM server and building a lightweight TypeScript client, the project kept the analysis logic intact while making it accessible to modern workflows in VS Code and Kiro. If you want, I can turn this into a ready-to-publish dev.to post with badges, a short GitHub Actions CI snippet for building the VSIX, and a checklist for adding BugBench to a PR workflow.