CodeGraph VS Code Extension

AI Security Scanner for Visual Studio Code. Discover AI assets and analyze security vulnerabilities in your codebase.

Features

• Auto-scan on save - Automatically scans files when you save
• Inline diagnostics - See security findings as problems in the editor
• Quick fixes - Apply recommendations with one click
• Status bar - Shows scan status and finding count
• Multiple analysis modes - Static, Smart (AI), or Validate

Requirements

• CodeGraph CLI must be installed
• Python 3.10+ (for CodeGraph CLI)

Install CodeGraph CLI

pip install codegraph

Or with AI providers:

pip install codegraph[anthropic]  # For Claude
pip install codegraph[openai]     # For GPT-4
pip install codegraph[all]        # All providers

Extension Settings

This extension contributes the following settings:

Commands

Severity Levels

Findings are mapped to VS Code diagnostic severity:

AI Providers

For smart/validate modes, configure an AI provider:

1. Set the API key as an environment variable:

   • ANTHROPIC_API_KEY for Claude
   • OPENAI_API_KEY for GPT-4
   • GOOGLE_API_KEY for Gemini

2. Or specify in settings:

   {
     "codegraph.aiProvider": "anthropic"
   }
   

Development

Building

cd vscode-codegraph
npm install
npm run compile

Packaging

npm install -g @vscode/vsce
vsce package

This creates a .vsix file you can install manually.

Testing

1. Open in VS Code
2. Press F5 to launch Extension Development Host
3. Open a project with AI/ML code

Release Notes

0.1.0

• Initial release
• Auto-scan on save
• Inline diagnostics
• Status bar integration
• Quick fixes for recommendations

License

MIT License - see LICENSE for details.

Links

• CodeGraph CLI
• Report Issues
• Guard0 Security