Skip to content
| Marketplace
Sign in
Visual Studio Code>Linters>SecureRefactorNew to Visual Studio Code? Get it now.
SecureRefactor

SecureRefactor

RamMohan Reddy K

|
1 install
| (0) | Free
Scan your workspace for security vulnerabilities, vulnerable dependencies, and code quality issues. Review AI-assisted fixes as diffs before applying.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

SecureRefactor

Scan → Review → Fix — all from your VS Code sidebar.

SecureRefactor scans your workspace for security vulnerabilities, vulnerable dependencies, and code quality issues, then shows everything in a unified dashboard with AI-assisted fix suggestions presented as reviewable diffs.

Features

  • 🛡️ Security Scanning — Semgrep-powered SAST for SQLi, XSS, hardcoded secrets, insecure crypto, path traversal, SSRF, and more
  • 📦 Dependency Scanning — OSV-Scanner / npm audit / pip-audit for known vulnerable packages
  • 🔍 Code Quality — ESLint-based code smell detection (respects your project's config)
  • 📊 Unified Dashboard — Project score, severity breakdown, category filters, all in one sidebar
  • 🔧 Fix Workflow — AI-generated fixes shown as reviewable diffs before any file is modified
  • 📄 Report Export — HTML, PDF, JSON, and SARIF 2.1.0 formats

Prerequisites

Tool Required For Install
Semgrep SAST / security scanning pip install semgrep or brew install semgrep
OSV-Scanner Dependency scanning go install github.com/google/osv-scanner/cmd/osv-scanner@latest
ESLint Code quality (optional) Uses your project's ESLint if present

The extension detects missing tools and guides you through installation.

Getting Started

  1. Install the SecureRefactor extension
  2. Click the 🛡️ shield icon in the Activity Bar
  3. Click Scan in the dashboard
  4. Review findings in the tree view below
  5. Right-click a finding → Fix This Issue to review a diff
  6. Accept or reject the proposed fix

Configuration

Setting Default Description
secureRefactor.scan.excludeGlobs ["node_modules", "dist", "build", ".git"] Paths to exclude from scanning
secureRefactor.scan.engines All enabled Enable/disable individual scan engines
secureRefactor.score.weights {critical: 8, high: 4, medium: 1.5, low: 0.5} Severity penalty weights for score
secureRefactor.ai.enabled false Enable AI-assisted fix suggestions
secureRefactor.ai.provider "none" AI provider ("anthropic" or "none")
secureRefactor.ai.contextLines 15 Lines of context sent to AI for fixes
secureRefactor.report.defaultFormat "html" Default report export format
secureRefactor.fixAll.batchReviewThreshold 5 Threshold for batch-review mode

Privacy & Security

  • No silent writes. Every fix is shown as a diff that you must explicitly accept.
  • AI is opt-in. Code is never sent to any external API unless you enable it and provide an API key.
  • Minimal context. Only the specific finding's snippet (not your whole repo) is sent to the AI provider.
  • Secrets are never sent. The extension redacts detected secrets from AI requests.
  • API keys stored securely. Uses VS Code's SecretStorage — never in settings.json.

Development

# Install dependencies
npm install

# Build
npm run build

# Watch mode
npm run watch

# Run tests
npm test

# Package
npm run package

License

MIT

  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2026 Microsoft