Skip to content
| Marketplace
Sign in
Visual Studio Code>Programming Languages>LeapFix sast scanNew to Visual Studio Code? Get it now.
LeapFix sast scan

LeapFix sast scan

Fernando Mengali

|
1,106 installs
| (2) | Free
The plugin identifies and helps to fix code vulnerabilities across various languages and frameworks.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

LeapFix

LeapFix is a powerful VSCode extension designed to perform SAST methodology or static security analysis on your code. It scans the lines of code in your files for vulnerabilities, providing descriptions and links on "how to fix the vulnerabilities" found. This allows developers to identify and fix vulnerabilities while coding. The extension identifies different types of vulnerabilities across various frameworks and programming languages.

Plugin free

This plugin is completely free and does not require authentication, registration, create an account or generate credentials.

Supported language(s) and Frameworks(s)/Plataforms(s)

Player Language Framework(s)/Platforms(s) File Extension(s)
Dart Flutter .dart
Golang GoLang, Protobuf .go
JavaScript Angular, NodeJS, React and VueJS .js
PHP CakePHP, CodeIgniter, Kohana, Laravel, Smarty, Symfony,bWapp, etc .php,.php3,.php5.php6,.phtml,.pthm,.tpl,.ctp
Python DJango, FastAPI, Flask, PyQt, Tkinter,Kivy, etc .py
Perl Dancer2,Mojolicious,Catalyst,Plack, Mason,Moose,Dist::Zilla etc .pl,pm,psgi,plx
Ruby Ruby on Rails .rb
TypeScript Angular, React and VueJS .ts
ADVPL TOTVS Framework AdvPL .prw

How to use

Run a new scan from your IDE even before committing your code or project.

To make the plugin scan and search for vulnerabilities in your code, press:

Ctrl+Shift+P

Select the command:

Run SCAN

This command will scan the current file for vulnerabilities.

Se vulnerabilities are found, a tab will open pointing out the details of the vulnerabilities, along with a description and links on how to fix them.

Result

During code scans, vulnerabilities that appear will be highlighted in a tab:

Watch the video on how LeapFix works for different languages:

Vulnerability remediation detail

When we scan the lines of code and vulnerabilities we find examples of how to fix the vulnerabilities. For a better understanding of vulnerabilities, we offer an example of vulnerable code and an example of safe code to implement in your application. I see examples of how developers will view the breakdown and example of vulnerable and secure code:

1 - Remote Command Execution - GoLang

2 - Insecure Deserialization - Ruby

3 - Potential SQL Injection in SELECT - PHP

4 - XSS via Unsanitized Output - TypeScript (ReactJS)

5 - TLS 1.0: Insufficient Cryptographic Algorithm Strength - ADVPL

6 - XML External Entities (XXE) - Python

7 - Improper Certificate Validation - JavaScript

8 - Improper Use of Cookies - PHP

9 - Insecure Communication - Dart

10 - Potential SQL Injection in SELECT - ADVPL

The LeapFix

The word Leap means to jump and fix means to correction vulnerabilities. But the combination of Leap fix means a "quick fix". This is exactly the purpose of plugin: to provide developers with the opportunity to look for vulnerabilities while developing their code, without needing web platforms to make them aware of the vulnerabilities.

Contributing

The plugin was created by Fernando Mengali.

License

This project is licensed under the MIT License.

  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2025 Microsoft