Orca AppSec for Visual Studio Code

Secure your code as you write with Orca AppSec for Visual Studio Code. Get real-time security scanning, actionable insights, and fixes - right in your workflow

Features

• Comprehensive security coverage:

  • Secrets Scanning (with active verification): Detect exposed secrets and credentials.
  • Static Application Security Testing (SAST): Identify security vulnerabilities in your source code.
  • Software Composition Analysis (SCA): Uncover vulnerabilities in your dependencies.
  • Infrastructure as Code (IaC) Security: Detect misconfigurations in your infrastructure code.

• On-save scanning for modified files and on-demand scanning for full projects.

• Inline issue annotations, Problems panel integration, and a structured security findings sidebar.

• Fully customizable scanning configuration.

• All scans are performed locally - your code never leaves your machine.

Prerequisites

Before using the extension, make sure you have:

• Visual Studio Code version 1.90.0 or later.
• A valid Orca Security API token.

For full setup and configuration instructions, see Orca documentation.