Skip to content
| Marketplace
Sign in
Visual Studio Code>Programming Languages>CodeSage: Security & Bug ScannerNew to Visual Studio Code? Get it now.
CodeSage: Security & Bug Scanner

CodeSage: Security & Bug Scanner

Preeyaj Safary

| (0) | Free
Scans your codebase for bugs, implementation errors, and security vulnerabilities using Google Gemini.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

CodeSage: Security & Bug Scanner (Gemini Edition)

CodeSage Security & Bug Scanner is a VS Code extension that scans your codebase for bugs, implementation errors, and security vulnerabilities using the Google Gemini API.

This is a private, first-party utility that runs with your own Google Gemini API Key. Your code is sent directly to Google's APIs and is not routed through any third-party middleman servers.

Features

  • On-Demand Scans:
    • Scan File: Scan the current active document for immediate issues.
    • Scan Selection: Scan only a highlighted snippet of code.
    • Scan Entire Workspace: Recursively walk the repository (respecting file exclusion rules and size limits) and scan all files.
  • Diagnostics Integration: Findings map natively to VS Code's Problems panel as squiggles and error logs (supporting CWE IDs and inline Suggested Fixes).
  • Scan Report Dashboard: A beautiful, sortable, theme-responsive Webview panel presenting a summarized table of all findings ordered by severity.
  • Bug Finder Tool: Paste a stack trace or describe a bug; CodeSage will search related workspace files, localize the root cause, and suggest a precise code fix.
  • Local Safety Router: Client-side regex classification checks code for sensitive exploit-dev/malware patterns or weakened configurations, automatically routing high-risk contents to a more heavily safety-tuned model tier (e.g. Gemini 1.5 Pro).
  • Ultra-lightweight: Leverages native Node.js fetch APIs without external LLM SDK dependencies.

Extension Settings

You can customize the following settings under VS Code Settings (Ctrl+, or Cmd+, and search for "CodeSage"):

  • codesage.defaultModel: The Gemini model used for normal scans (default: gemini-1.5-flash).
  • codesage.safetyModel: The Gemini model used when safety-critical keywords are flagged (default: gemini-1.5-pro).
  • codesage.scanOnSave: Enable/disable automatic single-file scans when files are saved (default: false).
  • codesage.maxFileSizeKB: Limit files scanned in workspace scanning to prevent excessive token usage (default: 300).
  • codesage.excludeGlobs: Glob patterns to ignore during workspace scanning (default includes node_modules, dist, out, .git, build).
  • codesage.severityThreshold: The minimum severity required to create squiggles in the Problems panel (info, low, medium, high, critical). The Report Panel always lists all findings.

Setup & Usage

1. Set API Key

  1. Run the Command Palette (Ctrl+Shift+P / Cmd+Shift+P).
  2. Search and select: CodeSage: Set Gemini API Key.
  3. Enter your Google Gemini API Key (AQ.Ab8...). The key is stored securely in VS Code's native SecretStorage.

2. Scanning Code

  • Active File: Right-click inside any code editor and select CodeSage: Scan Current File, or run the command from the Command Palette.
  • Selection: Highlight a portion of code, right-click, and select CodeSage: Scan Selection.
  • Workspace: Right-click a folder in the Explorer sidebar and select CodeSage: Scan Entire Workspace, or run the command from the Command Palette.

3. Localize Bugs

  1. Run the command CodeSage: Find Bug From Stack Trace / Description from the Command Palette.
  2. Paste a stack trace or type a description of the bug.
  3. CodeSage will fetch related identifiers, search the codebase, and open a split markdown document outlining the diagnosis and resolution plan.

Supported File Extensions

Scans are limited to common code/scripting files to optimize token usage: ts, tsx, js, jsx, py, go, rs, java, rb, php, c, cpp, h, hpp, cs, swift, kt, sql, sh, yaml, yml, json.


Development & Building

To run or build the extension from source:

  1. Clone or navigate to the source directory.
  2. Install dependencies:
    npm install
    
  3. Compile the TypeScript source code:
    npm run compile
    
  4. Package the extension to a .vsix file:
    npx @vscode/vsce package
    
  5. Install the generated .vsix into VS Code:
    code --install-extension codesage-security-scanner-0.1.0.vsix
    
  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2026 Microsoft