This extension helps you identify and manage security vulnerabilities directly within your VS Code environment using the Gemini AI. It also provides a web-based dashboard to view and manage all detected vulnerabilities.
Features
AI-Powered Code Analysis: Scan your code for security vulnerabilities using the Gemini AI.
Inline Diagnostics: See detected vulnerabilities highlighted in your code editor.
Quick Fix Suggestions: Get AI-generated code suggestions to fix common vulnerabilities (where available).
Step-by-Step Fix Guidance: For complex issues, receive detailed, actionable steps to remediate vulnerabilities manually.
Ignore Vulnerabilities: Mark specific vulnerabilities as ignored to clear them from your view.
Vulnerability Dashboard: A web-based dashboard for an overview and management of all detected vulnerabilities, stored in a MySQL database.
Dashboard & Server Setup (For Vulnerability Management)
The dashboard requires a local web server with PHP and MySQL (e.g., XAMPP, WAMP, MAMP, or a custom Apache/Nginx + PHP-FPM + MySQL setup).
Prerequisites:
Web Server with PHP: Ensure you have a web server like Apache or Nginx configured to serve PHP files.
MySQL Database: A running MySQL server is required.
PHP MySQLi Extension: Make sure the mysqli extension is enabled in your php.ini (usually uncommenting extension=mysqli).
Setup Steps:
Run the Dashboard Setup Command in VS Code:
Open the Command Palette (Ctrl+Shift+P or Cmd+Shift+P).
Type and select "Code Analyzer: Setup Dashboard Files".
You will be prompted to select a destination folder. Choose the document root of your local web server (e.g., C:\xampp\htdocs\ on Windows, or ~/Sites/your_dashboard_folder on macOS if using MAMP, or /var/www/html/your_dashboard_folder on Linux).
The extension will copy index.php, api.php, style.css, script.js, and setup_db.php to this chosen folder.
Initialize the Database:
After copying, the extension will provide you with a URL (e.g., http://localhost/YOUR_FOLDER_NAME/setup_db.php).
Open this URL in your web browser. This will execute the setup_db.php script, which automatically creates the code_analyzer_db database and the vulnerabilities table within your MySQL server.
Important: If your MySQL server uses a username/password other than root and empty password, you must edit setup_db.php (and api.php) manually to reflect your credentials before running this step.
For security, delete setup_db.php from your server after successful setup.
Access the Dashboard:
Once the database is set up, you can access your dashboard by navigating to http://localhost/YOUR_FOLDER_NAME/index.php in your web browser.
How to Use
Set Your Gemini API Key:
Open the Command Palette (Ctrl+Shift+P or Cmd+Shift+P).
Select "Code Analyzer: Set Gemini API Key".
Enter your API key from Google AI Studio. This key is stored securely by VS Code.
Analyze Your Code:
Open the code file you want to analyze in the editor.
Open the Command Palette (Ctrl+Shift+P or Cmd+Shift+P).
Select "Code Analyzer: Analyze Code for Vulnerabilities".
The extension will send your code to Gemini AI for analysis. Results will appear as problems in the VS Code "Problems" panel.
View Vulnerability Details & Fixes:
Click on a vulnerability in the "Problems" panel.
A lightbulb icon (Quick Fix) will appear next to the problematic line. Click it or press Ctrl+. (Cmd+.)
You'll see options:
"Preview & Apply Fix": If an automated fix is available, this will show a diff view, allowing you to review and apply the changes.
"Help Me Fix This (Step-by-Step)": This will open a side panel with detailed, AI-generated guidance on how to manually fix the vulnerability.
"Show Full Vulnerability Information": Provides a comprehensive explanation of the vulnerability, its risks, and general remediation advice.
"Ignore this vulnerability": Hides this specific vulnerability from future scans on this file.
Manage Dashboard Data:
Open the dashboard in your web browser (http://localhost/YOUR_FOLDER_NAME/index.php).
Use the "Refresh Data" button to fetch the latest vulnerabilities from the backend.
Use the "Clear All" button to remove all vulnerabilities from the dashboard's database.
Ensure your local web server (Apache/Nginx) is running.
Verify PHP is installed and configured correctly.
Check your php_error.log for more details on PHP errors in api.php.
"Failed to connect to MySQL" during setup_db.php:
Ensure your MySQL server is running.
Verify the username and password in setup_db.php (and api.php) match your MySQL credentials.
"JSON parse error":
This usually means the AI returned an unexpected format. Try re-running the analysis. If it persists, there might be an issue with the AI's response format or the extension's parsing logic.