SynapseAudit - AI-Powered Security Code Analysis

Professional-grade security analysis and tester for your code, powered by AI. Works seamless, intelligent, and instant.

🚀 Features

🔍 Real-Time Security Analysis

• 50+ Vulnerability Types: SQL injection, XSS, code injection, hardcoded secrets and more
• Multi-Language Support: JavaScript, TypeScript, Python, Java, PHP, C/C++, and more
• Instant Feedback: Visual indicators directly in your code with severity levels
• One-Click Fixes: Apply security improvements with a single click

🧠 AI-Powered Intelligence

• Multi-LLM Support: Integrated with OpenAI GPT-4, Google Gemini, Anthropic Claude, and Ollama
• Bring Your Own AI (BYOAI): Connect your own AI models and endpoints for complete control
• Synapse Cortex Engine: Our proprietary AI engine for advanced security analysis and pattern recognition
• Smart Recommendations: Context-aware improvement suggestions with implementation details
• Auto-Generated Test Cases: Automatically creates comprehensive security test cases
• Intelligent Analysis: Goes beyond pattern matching with deep code understanding

🎯 Developer-Friendly Experience

• Seamless Integration: Works naturally within your VS Code workflow
• Visual Indicators: Inline decorations show vulnerabilities like spelling errors
• Comprehensive Sidebar: Professional results panel with detailed explanations
• Keyboard Shortcuts: Ctrl+Shift+S for instant analysis (customizable)

🐙 GitHub Integration

• Auto-Create Issues: Convert vulnerabilities into GitHub issues with one click
• Security Advisories: Generate comprehensive security advisory drafts
• CI/CD Workflows: Auto-generate GitHub Actions security scanning workflows
• SARIF Integration: Upload results to GitHub Security tab

🧪 Comprehensive Testing Framework

• Auto-Generated Test Cases: Creates security test cases for detected vulnerabilities
• Built-in Test Runner: Execute tests directly within VS Code
• 20+ Test Categories: SQL injection, XSS, authentication, cryptography, and more
• Interactive Test Helper: Step-by-step testing guidance and validation
• Watch Mode Testing: Real-time test execution during development
• Mocha Integration: Professional testing framework with detailed reporting

🔧 Quick Start

Analyze Your Code

1. Open any file in VS Code
2. Press Ctrl+Shift+S (Windows/Linux) or Cmd+Shift+S (Mac)
3. View results in the SynapseAudit sidebar
4. Apply fixes with one-click buttons

🛡️ Security Detection

Critical Vulnerabilities

• SQL Injection - Unsafe database queries
• Code Injection - eval(), exec() functions
• Path Traversal - File system vulnerabilities
• Hardcoded Secrets - API keys, passwords in code

High Severity Issues

• XSS (Cross-Site Scripting) - DOM manipulation risks
• CSRF Vulnerabilities - State validation issues
• Weak Cryptography - Insecure algorithms
• Authentication Bypass - Logic vulnerabilities

Additional Checks

• Input validation issues
• Information disclosure
• Session management
• CORS configuration
• Error handling
• Code quality issues

⚙️ Configuration

Access settings via Ctrl+, and search "synapseAudit":

🚀 Advanced Features

AI Provider Configuration

Configure your preferred AI provider for enhanced analysis:

• OpenAI GPT-4
• Google Gemini
• Anthropic Claude
• Local Ollama models

GitHub Integration Setup

1. Generate a GitHub personal access token
2. Add token in VS Code settings: synapseAudit.github.token
3. Create issues directly from security findings

Test Generation

• Automatically generate security test cases
• Run tests with built-in test runner
• 20+ test categories covered
• Integration with Mocha framework
• Watch mode for continuous testing
• Interactive test guidance and validation

Testing Workflow

1. Analyze Code: Run security analysis on your files
2. Generate Tests: Auto-create test cases for found vulnerabilities
3. Execute Tests: Run tests directly in VS Code terminal
4. View Results: See pass/fail status with detailed reports
5. Continuous Testing: Watch mode for real-time test execution

🎯 File Exclusion with .synapseaudit-ignore

Control which files get scanned with a .synapseaudit-ignore file (similar to .gitignore):

• Automatic Exclusions: Skip build outputs, dependencies, and minified files
• Custom Patterns: Define your own exclusion rules using glob patterns
• Hot Reload: Changes take effect immediately on next scan
• Transparency: See how many files were filtered during analysis

Quick Setup:

1. Press Ctrl+Shift+P → Search "SynapseAudit: Create .synapseaudit-ignore File"
2. Default patterns are added automatically
3. Customize patterns to fit your project

Example patterns:

# Ignore dependencies
node_modules/
vendor/

# Ignore build outputs
dist/
build/

# Ignore specific files
*.min.js
*.test.js

📖 Full Documentation - Complete guide to ignore patterns and best practices

🔍 How It Works

1. Code Analysis: Parses your code using AST and pattern matching
2. Vulnerability Detection: Identifies security issues with confidence scoring
3. Smart Recommendations: Provides actionable fixes and improvements
4. Visual Feedback: Shows results directly in your editor

📋 Requirements

• VS Code 1.82.0 or higher
• 2GB RAM recommended
• Internet connection for AI features (optional)

🛠️ Troubleshooting

Extension Not Working?

1. Reload VS Code: Ctrl+Shift+P → "Developer: Reload Window"
2. Check logs: "SynapseAudit: Show Output Logs"
3. Restart backend: "SynapseAudit: Start Backend Server"

Can't See Results?

1. Open SynapseAudit sidebar from Activity Bar
2. Run "View: Focus on SynapseAudit View"
3. Ensure file contains code that can be analyzed

📚 Documentation

• Quick Start Guide
• Configuration Guide
• GitHub Integration
• Troubleshooting

🌟 Where to Find Us

SynapseAudit is available and featured on multiple platforms:

• VS Code Marketplace - Install directly from VS Code
• Product Hunt - Featured AI security tool
• Peerlist - Community showcase
• Official Website - Complete documentation and demos

👥 Team

SynapseAudit is built by a passionate team of security researchers and developers:

Chirag Nahata	Snigdha Ghosh	Somyadip Ghosh	Shamonnoy Halder
Rajarshi Bhowmik	Ariyan Bhattarcharjee	Hitesh Kumar Roy

🤝 Support & Community

• Website: https://synapseaudit.digidenone.tech/
• VS Code Marketplace: https://marketplace.visualstudio.com/items?itemName=Digidenone.synapse-audit
• Product Hunt: https://www.producthunt.com/products/synapseaudit
• Peerlist: https://peerlist.io/chiragnahata/project/synapseaudit
• Changelog: View all releases
• Issues: Report bugs
• Discussions: Community forum
• Phone: +917439611385 | +916291602098
• Email: digidenone@gmail.com
• Documentation: Full guides

📄 License

See LICENSE for details.

⚠️ Disclaimer

SynapseAudit provides tools and insights to assist with application security. However, no system can guarantee 100% detection or prevention of all security issues. Users are advised to combine automated tools with manual review processes. Digidenone assumes no liability for losses resulting from the usage or misinterpretation of outputs generated by the platform.

🔐 Secure your code before it ships. Deploy with confidence.

⭐ Rate this extension | 🌐 Website | 🐙 GitHub | 🚀 Product Hunt | 📖 Documentation

Made with ❤️ by Digidenone for developers