ProScan Security Scanner for VS Code

Run security scans and see findings directly in your editor. ProScan analyzes your code for vulnerabilities, hardcoded secrets, and security misconfigurations as you work.

Requirements

A running Proscan instance on your network. The extension connects to your Proscan server to run scans and retrieve results.

Setup

1. Install the extension
2. Open Settings and search for "ProScan"
3. Set Server URL to your Proscan instance (e.g. http://localhost:18080)
4. Set API Key to a token from Proscan (Settings > API Tokens), or use SSO

Features

Inline Security Findings

Vulnerabilities appear as editor diagnostics — underlined in your code with severity-based colors. Hover for details, CWE references, and remediation guidance.

Quick Fix

When a fix suggestion is available, use the lightbulb (Ctrl+.) to apply it directly. The extension shows the suggested code change before applying.

Scan Commands

Open the command palette (Ctrl+Shift+P) and type "ProScan":

• ProScan: Scan Current File — scan the active file
• ProScan: Scan Workspace — scan the entire workspace
• ProScan: Show Findings — open the findings sidebar
• ProScan: Clear Findings — clear all diagnostics

Auto-Scan on Save

When enabled (default), files are automatically scanned each time you save. Disable this in settings if you prefer manual scanning only.

Findings Sidebar

The ProScan panel in the activity bar shows all findings organized by severity. Click a finding to jump to the relevant line in your code.

Authentication

Two authentication methods:

• API Key — generate a token in Proscan and paste it in extension settings
• SSO — sign in through your organization's OAuth2/OIDC provider (Okta, Azure AD, Auth0, etc.)

Extension Settings

Links

• Proscan Documentation
• Report an Issue
• proscan.one