Catch security vulnerabilities and exposed secrets before they reach production. Loros Security Scanner runs fast, local SAST and secrets analysis on JavaScript, TypeScript, Python, Go, and PHP projects — right inside VS Code. Get AI-powered fix suggestions, block risky pushes with pre-push checks,
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
A fast, local security scanner for VS Code that performs SAST (Static Application Security Testing) and secrets detection with minimal false positives.
Features
🔍 Fast, local-only security scanning
🎯 Low/zero false positives
💻 Inline diagnostics and quick fixes
🚫 Pre-push blocking based on policy
🔒 Zero network dependency for scanning
☁️ Optional sync with Loros platform
Installation
Install the extension from the VS Code Marketplace
Required engines (Semgrep) will be automatically installed on first use
Optional: Install TruffleHog for enhanced secrets detection
Requirements
VS Code 1.85.0 or higher
Node.js 20 or higher
Supported Languages
Primary Support
JavaScript/TypeScript
Python
Secondary Support
Go
PHP
Secret scanning is language-agnostic
Usage
Commands
Loros: Scan Changed Files - Scan currently changed files
Loros: Pre-push Security Scan - Run security check before push
Loros: Apply Security Fix - Apply suggested fix for a security issue
Loros: Report False Positive - Report a false positive finding
Configuration
loros.severityThreshold: Minimum severity level for reporting (low/medium/high/critical)
