🧩 AquilaX AppSec VS Code Extension

🚀 Overview

The AquilaX AppSec VS Code Extension empowers developers to build secure software effortlessly by integrating AI-powered vulnerability scanning directly into Visual Studio Code.

It connects seamlessly to AquilaX’s advanced detection engine to analyze your repositories, highlight vulnerabilities in real time, and provide actionable security insights - ensuring security is embedded from the first line of code.

✨ Features

• 🔍 Code-Level Findings – Instantly highlights vulnerabilities inline, with detailed hover information.
• ⚡ On-Demand Scanning – Trigger full repo scans with real-time progress tracking and result polling.
• 📊 Scan Management – Start, cancel, and monitor scans effortlessly with sidebar status updates.
• 📋 Comprehensive Reports – Generate ASCII-style summaries by scanner, including TP/FP/UV counts.
• 🏢 Multi-Org & Group Support – Easily switch between organizations and teams using dashboard dropdowns.
• 📁 File & Directory Decorations – See badges directly on files/folders indicating detected findings.
• 🖥️ Modern Dashboard UI – Clean, responsive webview interface with spinners, loaders, and authentication.
• 🔄 Automatic State Reset – Cancels pending scans when switching workspaces for clean transitions.
• ⏱️ Periodic Auto-Refresh – Background refresh every 15 minutes keeps findings up-to-date.
• 🔗 Deep Dashboard Links – Jump directly to the AquilaX dashboard for full remediation details.
• 🧠 AI-Enhanced Insights – Detects advanced vulnerabilities (e.g., SQLi) using Securitron-001 AI analysis.
• ⚡ Live File Scan – Scan the active file instantly without running a full repository scan.
• 🔧 AI-Powered Auto-Fix – One-click fix for any live scan finding powered by AquilaX AI, with full file context awareness and safe guardrails against introducing new vulnerabilities.
• ↩️ Accept / Revert Controls – Review every AI fix before committing: accept to keep it or revert to restore the original code precisely, even across multi-line changes.
• 🧩 Native Integration – Built for VS Code with seamless UX and real-time status bar indicators.

🧭 Installation

1. Open Visual Studio Code.
2. Navigate to the Extensions Marketplace (Ctrl + Shift + X).
3. Search for AquilaX AppSec.
4. Click Install.
5. Reload VS Code if prompted.

🧑‍💻 Usage

🔐 1. Sign In

• Click Sign In when prompted to authenticate through the secure AquilaX portal.
• Your Personal Access Token (PAT) will be securely stored for API communication.

🏢 2. Select Organization & Group

• Choose your organization from the sidebar dropdown.
• Select a group (project/team) to scope scans and results.

🧾 3. Scan Your Repository

• Ensure your workspace is a Git repository with a valid origin remote.
• Click Scan Now to start an on-demand scan.
• View real-time progress and cancel scans anytime.

🧩 4. View & Manage Findings

• ✅ True Positives (TP): Red highlights
• ⚠️ Unverified Findings (UV): Orange highlights
• Hover to view severity, descriptions, and recommended fixes.
• Access aggregated reports in the AquilaX Scan Summary output channel.
• AI-powered “About this Codebase” view appears if Securitron-001 findings exist.

🔄 5. Switch Contexts

• Use Change Organization from the command palette to switch orgs/groups.
• Workspace changes automatically cancel active scans and clear findings.

⚡ 6. Live Scan & AI Auto-Fix (New in 1.4.0)

Live Scan lets you scan the currently open file instantly — no full repository scan needed.

How to use:

• Click the AquilaX icon in the editor title bar (top right) to open the Live Scan panel.
• Click Scan Now — the file is analysed immediately and findings appear in the panel.
• Each finding card shows the rule ID, CWE, severity, status, description, recommendation, and the affected line range.

AI Auto-Fix:

• Click 🔧 Fix on any finding card.
• AquilaX AI analyses the full file for context and generates a secure, minimal fix.
• The fix is applied directly in your editor.
• Review the change, then:
  • Click ✓ Accept to keep the fix — the finding is marked resolved and its line highlight is cleared.
  • Click ↩ Revert to restore the original code exactly as it was, even for multi-line changes.

Guardrails applied to every AI fix:

• No hardcoded secrets or credentials introduced.
• No hardcoded fallback values in environment variable lookups.
• No new OWASP Top 10 vulnerabilities (SQLi, XSS, command injection, etc.).
• Changes are minimal — only the vulnerable lines are modified.

Plan requirement: AI Auto-Fix requires a Pro or Ultimate AquilaX plan.

🔓 7. Logout & Reset

• Click Logout to clear credentials and findings.
• Use Reset Credentials for a full session wipe.

⚙️ Requirements

• 🧱 VS Code version 1.70.0 or higher
• 🔑 Active AquilaX account
• 🧾 Git-initialized workspace (for repo recognition)

🆘 Support

Need help or found a bug? We’ve got you covered 👇

• 🐞 Report issues: GitHub Issues
• 📧 Email us: support@aquilax.ai
• 💬 Join our community: AquilaX Developer Network for updates and discussions

📜 License

Licensed under the MIT License.

💡 Acknowledgments

Powered by AquilaX AppSec - your trusted partner in securing every stage of the software development lifecycle.

© Copyright

© 2025 AquilaX Ltd. All rights reserved.
Designed with ❤️ for developers - because secure code is smart code.