Shield AI Security Scanner
🛡️ AI-powered security vulnerability scanner for your code - Keep your codebase secure with real-time threat detection and intelligent analysis.
✨ Features
🔍 Real-time Vulnerability Scanning
- On-save scanning: Automatically scan files when you save them
- Manual scanning: Scan current file or entire workspace on demand
- Smart filtering: Focus on specific severity levels (Critical, High, Medium, Low)
- Pattern exclusion: Skip unnecessary files and folders (node_modules, dist, etc.)
🎯 Multi-language Support
- JavaScript & TypeScript
- Python
- Java
- PHP
- Ruby
- Go
- C#
- C/C++
🚀 Advanced Detection
- Hardcoded secrets (API keys, passwords, tokens)
- SQL injection vulnerabilities
- Cross-site scripting (XSS) patterns
- Insecure dependencies
- Authentication and authorization flaws
- Data exposure issues
- Cryptographic weaknesses
💻 Seamless IDE Integration
- In-editor highlighting: Visual indicators for vulnerable code
- Diagnostics panel: Full integration with VS Code's Problems panel
- Dedicated sidebar: Organized vulnerability tree view
- Status bar indicator: Quick access to scan results
- Quick actions: Mark issues as fixed or ignored
🔧 Customizable Configuration
- API integration: Connect to your Shield AI server
- Severity filtering: Focus on what matters most
- File exclusion patterns: Customize what gets scanned
- Auto-scan toggle: Choose manual or automatic scanning
🚀 Installation
From VS Code Marketplace (Recommended)
- Open Extensions in VS Code (
Ctrl+Shift+X or Cmd+Shift+X)
- Search for "Shield AI Security Scanner"
- Click Install
From VSIX File
- Download the latest
.vsix file from Releases
- Open VS Code command palette (
Ctrl+Shift+P or Cmd+Shift+P)
- Run "Extensions: Install from VSIX..."
- Select the downloaded file
📋 Requirements
- VS Code 1.85+
- Shield AI Server (local or cloud instance) for API access
⚙️ Configuration
Server Connection
{
"shield-ai.api.url": "http://localhost:3000", // Your Shield AI server
"shield-ai.api.key": "your-api-key" // Optional API key
}
Scanning Behavior
{
"shield-ai.autoScan": true, // Scan on save
"shield-ai.severityFilter": ["critical", "high", "medium", "low"], // Severity levels
"shield-ai.excludePatterns": [ // Files to ignore
"**/node_modules/**",
"**/dist/**",
"**/build/**",
"**/*.min.js"
]
}
🎯 Usage
Quick Start
- Install the extension from the marketplace
- Configure your Shield AI server URL in settings
- Open a file or workspace
- Scan manually or wait for automatic scanning
Manual Scanning
Scan Current File:
- Command Palette:
Shield AI: Scan Current File
- Command Palette:
shield-ai.scanCurrentFile
- Right-click in editor → "Scan Current File"
Scan Workspace:
- Command Palette:
Shield AI: Scan Workspace
- Command Palette:
shield-ai.scanWorkspace
- Click refresh icon in sidebar
Viewing Results
- In-Editor: Red underlines for critical issues, yellow for warnings
- Problems Panel: Comprehensive list with descriptions and fixes
- Sidebar: Organized by severity, file, and vulnerability type
- Status Bar: Shows scan status and issue count
Managing Issues
- Mark as Fixed: Click checkmark in sidebar or Problems panel
- Ignore Issue: Click dismiss icon to hide false positives
- Open Dashboard: View detailed analysis in web interface
🔌 Commands
| Command |
Shortcut |
Description |
Shield AI: Scan Current File |
- |
Scan the currently active file |
Shield AI: Scan Workspace |
- |
Scan entire workspace (up to 100 files) |
Shield AI: Open Dashboard |
- |
Open Shield AI web dashboard |
Shield AI: Configure Settings |
- |
Open extension settings |
📊 Vulnerability Types
🔴 Critical
- Exposed API keys and credentials
- Remote code execution vulnerabilities
- SQL injection in database queries
- Hard-coded passwords in source code
🟠 High
- Cross-site scripting (XSS) vectors
- Insecure deserialization
- Weak cryptographic implementations
- Authentication bypass vulnerabilities
🟡 Medium
- Information disclosure
- Missing security headers
- Insecure direct object references
- Dependency vulnerabilities
🔵 Low
- Development/TODO comments with sensitive info
- Potentially insecure functions
- Best practice violations
🛠️ Development
Building from Source
# Clone the repository
git clone https://github.com/shield-ai/vscode-extension.git
cd vscode-extension
# Install dependencies
npm install
# Compile TypeScript
npm run compile
# Run in development
npm run watch
Testing
# Run linting
npm run lint
# Run tests
npm test
# Package extension
npm run vscode:prepublish
🐛 Troubleshooting
Common Issues
"Cannot connect to Shield AI server"
- Check that your Shield AI server is running
- Verify the API URL in settings matches your server
- Ensure no firewall is blocking the connection
"Invalid API key"
- Verify your API key is correct
- Check if the key has sufficient permissions
- Ensure the key hasn't expired
"No supported files found"
- Ensure you have source code files in supported languages
- Check your exclude patterns aren't too broad
- Verify files aren't in ignored directories
"Rate limit exceeded"
- Wait a few minutes before scanning again
- Consider upgrading your Shield AI plan
- Reduce workspace scan frequency
Debug Mode
Enable debug logging in VS Code:
- Open Developer: Toggle Developer Tools (Help → Toggle Developer Tools)
- Check the Console tab for detailed error messages
- Look for logs prefixed with
[Shield AI]
🤝 Contributing
We welcome contributions! Please see our Contributing Guide for details.
Development Workflow
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature)
- Commit your changes (
git commit -m 'Add amazing feature')
- Push to the branch (
git push origin feature/amazing-feature)
- Open a Pull Request
📝 Changelog
See CHANGELOG.md for a list of changes and version history.
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
🆘 Support
🌟 Star History
Made with ❤️ by the Shield AI Team
Keep your code secure, one scan at a time.
