DeepCode for Visual Studio Code
Table of Contents
Through the extension you can quickly start using DeepCode's code review and analysis within your development workflow. The extension will automatically alert you about critical vulnerabilities you need to solve in your code the moment when you hit Save in your IDE. With DeepCode's superior code review you save time finding and fixing bugs before they go to production.
DeepCode's AI Engine finds bugs
DeepCode uses symbolic AI to process hundreds of millions of commits in open source software projects and learns how to find serious coding issues. Because the platform determines the intent of the code — and not only the syntax mistakes — DeepCode identifies 10x more critical bugs and security vulnerabilities than other tools.
Our AI provides explanation behind found bugs
In order to show the detailed explanation of a potential bug, we introduced a new AI technique called Ontology. With Ontology, we’ve integrated the capability to present logical argumentation used by the DeepCode engine. If you want to learn more about the technologies behind DeepCode, make sure to visit our website DeepCode.AI and the resources listed.
Video on how to install and use the extension
You can find the DeepCode Extension in the Visual Studio Code Marketplace. So, to install, you can either navigate to the DeepCode Extension on the Visual Studio Code Marketplace and press Install or use the build in mechanism in Visual Studio Code behind the Extensions Icon in the sidebar.
Tips on using the on-premise version
With the extension, you can scan code that is actually not stored in any repo yet. The extension bundles the code files and send them for analysis. You can define which backend infrastructure to use (provided by DeepCode or your own on premise installation).
By default the VS Code extension uses deepcode.ai. However you or your organisation is running DeepCode in combination with a self-managed BitBucket or Gitlab you can change the endpoint to your on-premise installation and upload the code to the on-premise version. You could do that by going to DeepCode's preferences and update the DeepCode's URL as shown in the video below:
How to use it?
PROTIP - DeepCode analysis on Save
DeepCode in action
Whenever DeepCode encounters an unseen project, you will be asked to provide consent for DeepCode to handle the code. Without the consent, DeepCode will not touch your code.
DeepCode will then bundle the files and run an analysis. From Extension Version 3.x on, you can find a DeepCode Icon in the sidebar . It provides all the suggestions in a concise and clean view containing all information that is available on the online dashboard.
On the top left, you can see some statistics plus a list of files with the suggestions found for them. The icons here mean:
Below, on the bottom left, you see a collection of helpful links about DeepCode.
In the middle, you can see the editor window showing the code that is inspected and below the Problems window. These two provide syntax highlightning and context to the suggestion you are currently inspecting.
On the top right, you see the DeepCode Suggestion window. It provides the argumentation of the DeepCode engine using for example variable names of your code and the line numbers in red. Also, here you can find links to external resources to explain the bug pattern in more detail (see the More info link). Furthermore, you can see tags that were assigned by DeepCode such as Security (this is an security issue), Database (it is related to database interaction), or In Test (it seems it is test code) to name a few. Moreover, you can see code from open source repositories that might be of help to see how others got rid of the issue at hand. Finally, you can insert the comments that command DeepCode to ignore this particular suggestion or all of these suggestions for the whole file by using the two buttons on the lower end of the window. You want to do this in the case that you know what you are doing or it is testing code that explicitly does something wrong.
We also want to mention that we included the feedback mechanism for possible false positive in the same way as you know it from the web based dashboard.
How to ignore suggestions (text)
There are two key steps here:
How to ignore suggestions (video)
Feedback and contact