Apiiro Guardian for VS Code

Detect and fix security risks before you commit with Apiiro's AI-powered code analysis.

Preview release: this extension is in early preview. Features and behavior may change. Share feedback through your Apiiro support contact.

Overview

Identify vulnerabilities, security misconfigurations, and compliance issues as you code — before they reach production.

Apiiro performs differential scans that compare your current code against a baseline (typically your main branch). Only risks introduced by your changes are surfaced, so results stay relevant and actionable.

How it works:

• Baseline: the reference point (for example, your main branch)
• Candidate: your current working branch with changes
• Analysis: Apiiro identifies risks introduced in your changes
• Results: view, filter, and fix risks directly in VS Code

Key features

🔍 Real-time risk detection: scan your changes against your base branch and get instant feedback on vulnerabilities, secrets, data exposure, and compliance issues

🤖 AI-powered remediation: click Fix with AI on any detected risk to get context-aware fix suggestions you can apply in one click

📊 Material change detection: track significant changes to APIs, data models, authentication, and sensitive data handling

🎯 Smart filtering and navigation: filter risks by severity, jump to risk locations, and view detailed remediation guidance

🔐 Secure authentication: browser-based OAuth login with API keys stored in your system keychain. Credentials are never exposed in your code or configuration

Requirements

• VS Code: version 1.105.0 or higher
• Git: repository must be initialized
• Internet: required for API communication
• Apiiro account: required

Supported platforms

• macOS (Intel and Apple Silicon)
• Windows (x64)
• Linux (x64)

Getting Started

1. Install the extension

Install Apiiro from the VS Code marketplace or from a .vsix file:

From Marketplace:

1. Search for "Apiiro" in the Extensions view (Cmd+Shift+X / Ctrl+Shift+X)
2. Click Install

From .vsix file

1. Open VS Code
2. Go to Extensions view (Cmd+Shift+X / Ctrl+Shift+X)
3. Click the ... menu → Install from VSIX...
4. Select the .vsix file apiiro-1.0.0.vsix

2. Authenticate

On first launch, you'll see the Apiiro welcome page:

1. Click the Connect button in the Apiiro sidebar
2. Your browser will open for authentication
3. Sign in with your Apiiro account credentials
4. Return to VS Code — you're ready to go

3. Run your first scan

1. Open a Git repository in VS Code
2. Click the Play icon in the Apiiro sidebar
3. Select your base branch (for example, main or develop)
4. Apiiro analyzes your changes and displays any risks found

Features

Real-time risk detection

• Scan your changes against your base branch
• Get instant feedback on vulnerabilities, secrets, data exposure, and compliance issues
• See risks highlighted directly in your code with inline decorations

Each detected risk includes:

• Severity level: Critical, High, Medium, or Low
• Risk type: SQL Injection, XSS, Secrets Exposure, and others
• Location: exact file, line number, and code snippet
• Remediation: guidance on how to fix it
• AI fix: one-click intelligent remediation

AI-powered remediation

• Click Fix with AI on any detected risk to get context-aware fix suggestions
• Review the suggested secure alternative
• Apply fixes with a single click or customize them

Material change detection

See what's changing in your codebase and how it affects your security posture:

• New or modified API endpoints
• Database schema changes
• Authentication and authorization updates
• Sensitive data handling modifications
• Third-party dependencies

Code decorations

Risks are highlighted in your code with:

• Inline decorations showing severity
• Hover tooltips with risk details
• Quick actions to view details or apply fixes
• Problem markers in the Problems panel

Filtering and navigation

• Filter risks by severity (Critical, High, Medium, Low)
• Jump directly to risk locations in your code

Commands

Access Apiiro commands through the Command Palette (Cmd+Shift+P / Ctrl+Shift+P):

• Apiiro: Authenticate: connect your Apiiro account
• Apiiro: Run Diff Scan: scan your changes for risks
• Apiiro: Change Baseline Branch: choose your comparison branch
• Apiiro: Show Welcome Page: display the welcome guide
• Apiiro: Fetch Repository Risks: load risks for the whole repository
• Apiiro: Fetch Inventory: load the repository inventory (APIs, dependencies, technologies, sensitive data, secrets)
• Apiiro: Configure MCP Server: set up the Apiiro MCP server for AI-assisted fixes
• Apiiro: Check MCP Server Status: verify the MCP server configuration
• Apiiro: Clear MCP Settings: remove MCP configuration created by the extension
• Apiiro: Set API Key: store an API key as an alternative to OAuth
• Apiiro: Clear API Key: remove the stored API key
• Apiiro: Logout: disconnect your account
• Apiiro: Clear Cached Scan Results: remove stored scan data

Configuration

Access settings through File → Preferences → Settings (or Cmd+, / Ctrl+,) and search for "Apiiro":

• apiiro.apiUrl: Apiiro API endpoint (default: https://app.apiiro.com)
• apiiro.enableFastScan: scan for secrets and OSS vulnerabilities in real time on file save (default: true). When disabled, the Fast Scan section is hidden and on-save scanning stops.
• apiiro.enableTelemetry: send anonymous product analytics such as scan success rates and activation metrics (default: true). No source code, file paths, or personally identifiable information is collected, and VS Code's global telemetry setting is always respected.
• apiiro.cliVersion: override the bundled CLI version (default: empty, which uses the recommended version). Example: 1.2.0.

Tip: prefer the Apiiro: Set API Key command over the apiiro.apiKey setting — it stores the key in your OS keychain with password-masked input instead of plain settings.

Privacy and security

• Secure storage: API keys stored in your OS-level keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service)
• OAuth authentication: browser-based login with secure token handling

Troubleshooting

Extension not loading

1. Ensure you're running VS Code 1.105.0 or later
2. Try reloading the window: Developer: Reload Window

Authentication failed

1. Check your internet connection
2. Verify your Apiiro account credentials
3. Try logging out and authenticating again

Scan not working

1. Ensure you're in a Git repository
2. Verify you have committed changes to compare against
3. Check that your base branch exists in the repository
4. Make sure the repository is added to your Apiiro environment and is tracked or monitored
5. Make sure you're scanning your intended branch

Reset extension

If you encounter persistent issues:

1. Open Command Palette (Cmd+Shift+P / Ctrl+Shift+P)
2. Run: Apiiro: Clear Cached Scan Results
3. Run: Apiiro: Logout
4. Reload VS Code: Developer: Reload Window
5. Re-authenticate with your account

Support

• Documentation: docs.apiiro.com
• Support portal: contact support through your Apiiro portal.

What's new

Version 1.0.0

• Initial release
• Real-time risk detection
• AI-powered fix suggestions
• Material change tracking
• Browser-based authentication
• Inline code decorations
• Severity filtering
• Base branch selection