CodeSage: Security & Bug Scanner (Gemini Edition)
CodeSage Security & Bug Scanner is a VS Code extension that scans your codebase for bugs, implementation errors, and security vulnerabilities using the Google Gemini API.
This is a private, first-party utility that runs with your own Google Gemini API Key. Your code is sent directly to Google's APIs and is not routed through any third-party middleman servers.
Features
- On-Demand Scans:
- Scan File: Scan the current active document for immediate issues.
- Scan Selection: Scan only a highlighted snippet of code.
- Scan Entire Workspace: Recursively walk the repository (respecting file exclusion rules and size limits) and scan all files.
- Diagnostics Integration: Findings map natively to VS Code's Problems panel as squiggles and error logs (supporting CWE IDs and inline Suggested Fixes).
- Scan Report Dashboard: A beautiful, sortable, theme-responsive Webview panel presenting a summarized table of all findings ordered by severity.
- Bug Finder Tool: Paste a stack trace or describe a bug; CodeSage will search related workspace files, localize the root cause, and suggest a precise code fix.
- Local Safety Router: Client-side regex classification checks code for sensitive exploit-dev/malware patterns or weakened configurations, automatically routing high-risk contents to a more heavily safety-tuned model tier (e.g. Gemini 1.5 Pro).
- Ultra-lightweight: Leverages native Node.js fetch APIs without external LLM SDK dependencies.
Extension Settings
You can customize the following settings under VS Code Settings (Ctrl+, or Cmd+, and search for "CodeSage"):
codesage.defaultModel: The Gemini model used for normal scans (default: gemini-1.5-flash).
codesage.safetyModel: The Gemini model used when safety-critical keywords are flagged (default: gemini-1.5-pro).
codesage.scanOnSave: Enable/disable automatic single-file scans when files are saved (default: false).
codesage.maxFileSizeKB: Limit files scanned in workspace scanning to prevent excessive token usage (default: 300).
codesage.excludeGlobs: Glob patterns to ignore during workspace scanning (default includes node_modules, dist, out, .git, build).
codesage.severityThreshold: The minimum severity required to create squiggles in the Problems panel (info, low, medium, high, critical). The Report Panel always lists all findings.
Setup & Usage
1. Set API Key
- Run the Command Palette (
Ctrl+Shift+P / Cmd+Shift+P).
- Search and select:
CodeSage: Set Gemini API Key.
- Enter your Google Gemini API Key (
AQ.Ab8...). The key is stored securely in VS Code's native SecretStorage.
2. Scanning Code
- Active File: Right-click inside any code editor and select CodeSage: Scan Current File, or run the command from the Command Palette.
- Selection: Highlight a portion of code, right-click, and select CodeSage: Scan Selection.
- Workspace: Right-click a folder in the Explorer sidebar and select CodeSage: Scan Entire Workspace, or run the command from the Command Palette.
3. Localize Bugs
- Run the command
CodeSage: Find Bug From Stack Trace / Description from the Command Palette.
- Paste a stack trace or type a description of the bug.
- CodeSage will fetch related identifiers, search the codebase, and open a split markdown document outlining the diagnosis and resolution plan.
Supported File Extensions
Scans are limited to common code/scripting files to optimize token usage:
ts, tsx, js, jsx, py, go, rs, java, rb, php, c, cpp, h, hpp, cs, swift, kt, sql, sh, yaml, yml, json.
Development & Building
To run or build the extension from source:
- Clone or navigate to the source directory.
- Install dependencies:
npm install
- Compile the TypeScript source code:
npm run compile
- Package the extension to a
.vsix file:
npx @vscode/vsce package
- Install the generated
.vsix into VS Code:
code --install-extension codesage-security-scanner-0.1.0.vsix
| |