Loros Security Scanner

Loros Security Solutions

13 installs

Catch security vulnerabilities and exposed secrets before they reach production. Loros Security Scanner runs fast, local SAST and secrets analysis on JavaScript, TypeScript, Python, Go, and PHP projects — right inside VS Code. Get AI-powered fix suggestions, block risky pushes with pre-push checks,

Installation

Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.

Copied to clipboard

More Info

Loros Security Scanner

Catch security vulnerabilities and exposed secrets before they reach production — directly inside VS Code, with no external tools required.

Features

Local SAST analysis across JavaScript, TypeScript, Python, Go, and PHP
Secrets detection with entropy filtering to minimize false positives
Inline diagnostics with fix guidance for every finding
Pre-push blocking to prevent risky code from reaching your repository
Optional sync with the Loros Cybersecurity platform for team-wide visibility

Supported Languages

Language	SAST	Secrets
JavaScript / TypeScript	Yes	Yes
Python	Yes	Yes
Go	Yes	Yes
PHP	Yes	Yes
All other files	—	Yes

Usage

Scan Modes

Command	Description
Scan Changed Files	Scans only files modified since the last commit
Scan Current File	Scans the file open in the editor
Scan Entire Project	Scans all source files in the workspace
Pre-push Security Scan	Runs before a git push and blocks it on critical findings

The extension also scans files automatically on save when you are logged in.

Findings

Results appear inline as editor diagnostics (red and yellow underlines) and in the Loros Security sidebar panel. Click any finding to jump to the exact line in the file.

Configuration

Setting	Default	Description
`loros.severityThreshold`	`medium`	Minimum severity to report: `low`, `medium`, `high`, or `critical`
`loros.languages`	`[javascript, typescript, python]`	Languages included in SAST analysis

Requirements

VS Code 1.85.0 or higher
A Loros account — sign up at loros.io

Privacy & Security

All scans run locally inside VS Code
Your code never leaves your machine unless you explicitly enable platform sync
Credentials are stored securely using the system keychain

Support

For questions or issues, contact us at support@loros.io