OWASP LLM Code Scanner

Static security analysis for LLM and AI application code — directly in your editor.

Product name

OWASP LLM Code Scanner — used everywhere in the UI (sidebar, status bar, commands, settings title, Problems panel).

What	Value
Product name	OWASP LLM Code Scanner
Marketplace install	`ext install AkshayDamle.owasp-llm-codescan`
VSIX to upload	`owasp-llm-codescan-0.1.8.vsix`

Settings keys use the prefix llmGuard.* internally — search OWASP LLM Code Scanner in Settings.

Built for teams shipping chatbots, RAG pipelines, and agent frameworks. Scans the project you have open in VS Code and surfaces OWASP LLM Top 10 issues as editor diagnostics, remediation guidance, and one-click quick fixes. No separate repository to clone. No second VS Code window.

Why this extension

General security linters cover broad OWASP web categories. OWASP LLM Code Scanner focuses on patterns that appear when you integrate language models: prompt assembly, agent tools, model output sinks, token limits, and unsafe autonomy.

	General security scanners	OWASP LLM Code Scanner
Scope	Web apps, crypto, injection (broad)	LLM SDKs, agents, prompts (focused)
Context	Flags `eval()` anywhere	Flags sinks near LLM calls
Live testing	Usually none	Optional model red-team
Setup	Install and scan	Install, open your project, scan

How it works

Install the extension from the Marketplace.
File → Open Folder on your LLM/AI project (LangChain, OpenAI SDK, custom agents, etc.).
The extension runs a background code scan using a bundled analysis engine.
Findings appear as squiggles in your source files and entries in the Problems panel.
Hover for remediation advice; use the lightbulb for applicable quick fixes.

The scanner reads your workspace. The extension engine runs internally — you never open or configure the extension source tree.

Your project  →  extension  →  bundled engine  →  diagnostics in your editor

Features

OWASP LLM Top 10 code coverage — findings mapped to LLM01–LLM08 categories
In-editor diagnostics — severity-rated squiggles (Critical / High / Medium / Low)
Remediation on hover — what failed, why it matters, how to fix it
Quick fixes — automated suggestions for secrets, TLS, timeouts, agent flags, and more
Auto-scan — on workspace open and after saving supported source files
Unified risk dashboard — combined code-scan and optional model-scan risk view
SARIF export — for CI pipelines and GitHub code scanning
Privacy-first scanning — .env, keys, and credential files are never read

OWASP LLM Top 10 — what we detect in code

Category	Checks
LLM01 Prompt Injection	Prompts built from string interpolation or concatenation with untrusted input
LLM02 Insecure Output Handling	Model output reaching `eval`, shell, SQL, `innerHTML`, or unsafe template paths
LLM04 Model Denial of Service	LLM calls missing `max_tokens` or request timeouts
LLM05 Supply Chain	`trust_remote_code`, disabled TLS verification, unsafe deserialization
LLM06 Sensitive Disclosure	Hardcoded API keys, PEM private keys, secrets logged to stdout
LLM07 Insecure Plugin Design	Dangerous REPL/shell tools, `allow_dangerous_*` agent flags
LLM08 Excessive Agency	Auto-execute agents, subprocess near LLM usage, destructive tool registration

Heuristic static analysis — same honest framing as production SAST tools. Findings include confidence levels; review before treating as definitive.

Quick fixes (lightbulb actions)

Where safe, the extension offers one-click rewrites:

Finding	Suggested fix
Hardcoded API key / secret	Replace with `os.getenv()` or `process.env`
`verify=False`	Enable TLS verification
`yaml.load()`	Switch to `yaml.safe_load()`
Missing `max_tokens`	Insert `max_tokens=512` (Python)
Missing timeout	Insert `timeout=30` (Python)
`auto_execute=True`	Disable or require human approval

All other findings include remediation text on hover. Fixes are suggest-only — you preview and apply via the lightbulb.

Getting started

Install

ext install AkshayDamle.owasp-llm-codescan

Or search OWASP LLM Code Scanner in the Extensions view (Ctrl+Shift+X).

Requirements

VS Code 1.74 or later
Python 3.10+ available on your PATH (used by the bundled scan engine)

First scan

Open your LLM application folder in VS Code.
Open the dashboard from the status bar or run OWASP LLM Code Scanner: Open Dashboard.
Review findings in View → Problems.
Click a finding to jump to the line; apply quick fixes where offered.

Configuration

Setting	Default	Description
Setting (in UI)	Default	Purpose
-----------------	---------	---------
Scan Code On Startup	`true`	Auto-scan your open project
Open Dashboard On Startup	`false`	Dashboard is optional
Enable Model Red Team	`false`	Live LLM attacks (optional)
Python Path	`python`	Python 3.10+ for the scan engine
API Key / Provider	—	Only for optional model red-team

Open Settings → search OWASP LLM Code Scanner.

Commands

Command	Description
Open Dashboard	Risk summary and scan controls
Scan Workspace Code	Run static analysis on the open folder
Export SARIF	Export results for CI / GitHub code scanning
Run Security Scan	Live model red-team (requires `enableModelRedTeam`)

Optional: live model red-team

For teams that also want to probe a running LLM endpoint, enable model red-team in settings. The extension can send OWASP attack payloads to Groq, OpenAI, Ollama, or a custom HTTP endpoint and score responses.

This is disabled by default. The primary workflow is static code scanning — no API key required.

Supported languages

Python, JavaScript, TypeScript, JSX/TSX, Java, Go, Ruby, PHP, C#, Kotlin, Rust, and other common source extensions.

Example

# Flagged: prompt injection risk (LLM01)
prompt = f"Answer this: {user_input}"

# Flagged: hardcoded secret (LLM06)
api_key = "sk-live-..."

# Flagged: missing bounds (LLM04)
client.chat.completions.create(model="gpt-4", messages=messages)

# Better patterns
prompt = build_safe_prompt(sanitize(user_input))
api_key = os.getenv("OPENAI_API_KEY")
client.chat.completions.create(
    model="gpt-4", messages=messages, max_tokens=512, timeout=30
)

License

MIT

OWASP LLM Sentinel

Akshay Damle