AIVory - AI-Powered Compliance Scanner for VS Code

Real-time compliance validation for 18+ standards including OWASP, GDPR, HIPAA, PCI-DSS, SOC2, and ISO 27001.

Features

Free Tier - OWASP Validation

No authentication required - Start scanning immediately
OWASP Top 10 2021 compliance validation
100 files/day, 50 scans/day rate limit
AI-powered analysis with DeepInfra Qwen model

Paid Tiers - Full Compliance Suite

Unlock all 18 compliance standards with authentication:

Security & Privacy: OWASP, GDPR, DSGVO, HIPAA, CCPA, PCI-DSS
Service & Management: SOC2, ISO 27001/17/18, TISAX
EU Regulations: DORA, NIS2, EU AI Act
Financial & AML: AML, Geldwäschegesetz
Whistleblower Protection: Hinweisgeberschutzgesetz

Key Capabilities

Real-time Code Analysis: Violations highlighted as you type
AI-Powered Detection: 104% detection rate for security vulnerabilities
Dashboard UI: Comprehensive violations table with click-to-navigate
Git Hooks Integration: Pre-commit and pre-push validation
Offline Mode: Cached results and queued scans when backend unreachable
WebSocket Live Updates: Real-time scan progress
Quick Fixes: AI-suggested remediation for violations
Multi-Language Support: Java, JavaScript, TypeScript, Python, Go, C#, and more

Installation

From VS Code Marketplace

Open VS Code
Go to Extensions (Ctrl+Shift+X / Cmd+Shift+X)
Search for "AIVory"
Click Install

From VSIX

code --install-extension aivory-X.Y.Z.vsix

🎓 Quick Start

1. Open a Project

Open any workspace with source code files.

2. Run Your First Scan

Command Palette (Ctrl+Shift+P / Cmd+Shift+P)
Type: AIVory: Scan Project (Full)
Press Enter

The extension will scan all files with OWASP standard (free, no auth required).

3. View Violations

Violations appear in two places:

Editor: Red/yellow squiggly lines with hover tooltips
Dashboard: Run AIVory: Show Compliance Dashboard to see detailed violations table

4. Navigate to Violations

Click on any violation in the dashboard to jump to the exact line in your code
Hover over highlighted code for violation details
Click the lightbulb (💡) for quick fixes

Authentication (Optional - For Paid Tiers)

Command Palette → AIVory: Sign In
Browser opens to https://app.aivory.net/login
Authenticate with your account
Return to VS Code - you're signed in!

Status Bar

Check authentication status in the bottom-right status bar:

OWASP (Free) - Not authenticated, OWASP-only scanning
Signed In (Pro) - Authenticated, all standards available

Click the status bar to toggle sign in/out.

Configuration

Access settings: File → Preferences → Settings → Search for "AIVory"

Key Settings

Setting	Default	Description
`aivory.backendUrl`	`https://app.aivory.net`	Backend API URL
`aivory.enabledStandards`	`["OWASP"]`	Compliance standards to validate
`aivory.autoScanOnSave`	`false`	Automatically scan files on save
`aivory.gitHooksEnabled`	`true`	Enable Git hooks for validation
`aivory.realTimeScanningEnabled`	`true`	Use WebSocket for real-time updates
`aivory.maxFileSize`	`10` (MB)	Maximum file size to scan
`aivory.excludePatterns`	`["/node_modules/", ...]`	File patterns to exclude

Example: Enable Multiple Standards

{
  "aivory.enabledStandards": [
    "OWASP",
    "GDPR",
    "HIPAA",
    "PCI-DSS"
  ]
}

Note: Non-OWASP standards require authentication and a valid license tier.

Git Hooks Integration

AIVory can integrate with Git to validate code before commits and pushes.

Install Git Hooks

Command Palette → AIVory: Install Git Hooks

This installs:

pre-commit - Validates staged files before commit
pre-push - Validates all changes before push
post-commit - Incremental scan after commit
post-merge - Incremental scan after merge

Uninstall Git Hooks

Command Palette → AIVory: Uninstall Git Hooks

How It Works

You commit code: git commit -m "Add feature"
Pre-commit hook scans staged files
If violations found:
- Commit is blocked
- Violations shown in terminal
- Fix violations and try again
If clean: Commit proceeds ✅

Dashboard

The AIVory Dashboard provides a comprehensive view of all compliance violations.

Open Dashboard

Command Palette → AIVory: Show Compliance Dashboard

Dashboard Features

Violations Table: Rule ID, File, Line, Severity, Standard, Description
Search & Filter: Find specific violations
Click-to-Navigate: Click row to jump to code
Copy Actions: Copy violation details
Metrics Cards: Compliance score, active violations, recent scans
Real-time Updates: Live progress during scans

Offline Mode

AIVory works offline with cached results and queued scans.

When Backend is Unreachable

Cached Violations Displayed: Shows violations from last scan (up to 24 hours old)
Scans Queued: New scan requests saved to queue
Auto-Retry: Extension checks backend every 5 minutes
Queue Processing: When backend returns, queued scans process automatically

Manual Queue Processing

Command Palette → AIVory: Process Offline Queue

Commands

Command	Description
`AIVory: Sign In`	Authenticate with browser OAuth2
`AIVory: Sign Out`	Clear authentication tokens
`AIVory: Scan Project (Full)`	Scan all files in workspace
`AIVory: Scan Current File`	Scan only the active file
`AIVory: Scan Changed Files (Incremental)`	Scan only modified files
`AIVory: Show Compliance Dashboard`	Open violations dashboard
`AIVory: Install Git Hooks`	Install pre-commit/pre-push hooks
`AIVory: Uninstall Git Hooks`	Remove Git hooks
`AIVory: Export Compliance Report`	Download violations as PDF/CSV
`AIVory: Clear Violation Cache`	Clear cached violations
`AIVory: Process Offline Queue`	Process queued scans manually

Supported Languages

AIVory validates code in 20+ programming languages:

Web: JavaScript, TypeScript, HTML, CSS, PHP
Backend: Java, Kotlin, Python, Go, C#, Ruby
Systems: C, C++, Rust
Mobile: Swift, Objective-C, Dart (Flutter)
Data: SQL, R
Scripting: Bash, PowerShell
Other: Scala, Groovy, Lua

Compliance Standards Reference

OWASP Top 10 2021 (Free)

A01: Broken Access Control
A02: Cryptographic Failures
A03: Injection (SQL, XSS, etc.)
A04: Insecure Design
A05: Security Misconfiguration
A06: Vulnerable Components
A07: Authentication Failures
A08: Software & Data Integrity
A09: Security Logging Failures
A10: Server-Side Request Forgery (SSRF)

Additional Standards (Paid)

Privacy & Data Protection:

GDPR (EU General Data Protection Regulation)
DSGVO (German GDPR)
CCPA (California Consumer Privacy Act)
HIPAA (Health Insurance Portability)

Financial & Payment Security:

PCI-DSS (Payment Card Industry)
AML (Anti-Money Laundering)
Geldwäschegesetz (German AML)

Service & Management:

SOC2 Trust Services
ISO 27001 (Information Security)
ISO 27017 (Cloud Security)
ISO 27018 (Cloud Privacy)
TISAX (Automotive)

EU Regulations:

DORA (Digital Operational Resilience)
NIS2 (Network & Information Security)
EU AI Act (AI Regulation)

Whistleblower Protection:

Hinweisgeberschutzgesetz (German Whistleblower)

Pricing

View Plans

Troubleshooting

Extension Not Loading

Check VS Code version (requires 1.85+)
Reload window: Developer: Reload Window
Check console: Help → Toggle Developer Tools

Violations Not Showing

Ensure file is saved
Run scan manually: AIVory: Scan Current File
Check enabled standards in settings

Authentication Failed

Verify port 8888 is not in use
Check firewall/antivirus settings
Try again: AIVory: Sign Out → AIVory: Sign In

Git Hooks Not Working

Ensure hooks installed: AIVory: Install Git Hooks
Check hooks are executable: ls -l .git/hooks/pre-commit
Verify .aivory/token file exists

Backend Unreachable

Check internet connection
Verify backend URL in settings
Use offline mode with cached results

Support

Documentation: docs.aivory.net
Issues: GitHub Issues
Email: support@aivory.net
Community: Discord

License

MIT License - see LICENSE file for details.

Made with ❤️ by the AIVory Team

Website | Documentation | Marketplace

AIVory - AI Compliance Scanner

AIVory