Scratch Security - VS Code Extension
AI-powered code security analysis and vulnerability detection for VS Code.
Features
- 🤖 AI-Powered Analysis: Uses Google Gemini AI to intelligently detect security vulnerabilities
- 🔍 Real-time Scanning: Analyze individual files or entire workspaces
- 📊 Security Dashboard: Visual overview of your code's security status
- 🎯 Smart Detection: Identifies SQL injection, XSS, authentication issues, and more
- 📈 Security Scoring: Get an overall security score for your projects
- 📄 Export Reports: Generate detailed security reports in JSON format
- 🎨 VS Code Integration: Seamlessly integrates with VS Code's UI and themes
Getting Started
- Install the Extension: Install from the VS Code Marketplace
- First Analysis: The extension uses a default API key for your first analysis
- Get Your Own API Key: For continued use, get a free API key from Google AI Studio
- Configure: Use
Ctrl+Shift+P → "Scratch: Configure API Key" to set your key
Usage
Quick Start
- Analyze Workspace:
Ctrl+Shift+P → "Scratch: Analyze Current Workspace"
- Analyze File: Right-click any code file → "Scratch: Analyze Current File"
- View Dashboard:
Ctrl+Shift+P → "Scratch: Open Security Dashboard"
Supported Languages
- JavaScript/TypeScript (.js, .ts, .jsx, .tsx)
- Python (.py)
- Java (.java)
- C/C++ (.c, .cpp)
- PHP (.php)
- Ruby (.rb)
- Go (.go)
- Rust (.rs)
- Swift (.swift)
- Kotlin (.kt)
Security Issues Detected
- SQL Injection vulnerabilities
- Cross-Site Scripting (XSS)
- Authentication/Authorization flaws
- Input validation problems
- Sensitive data exposure
- Insecure dependencies
- Code injection risks
- Path traversal vulnerabilities
- Cryptographic issues
Configuration
Access settings via File → Preferences → Settings → search for "Scratch":
- Auto Analyze: Automatically analyze files when saved
- Severity Filter: Set minimum severity level to display
- Max File Size: Maximum file size to analyze (default: 1MB)
- Exclude Patterns: File patterns to exclude from analysis
Commands
| Command |
Description |
Scratch: Analyze Current Workspace |
Scan all supported files in workspace |
Scratch: Analyze Current File |
Analyze the currently open file |
Scratch: Open Security Dashboard |
View comprehensive security overview |
Scratch: Configure API Key |
Set your Google Gemini API key |
Scratch: Export Security Report |
Export analysis results to JSON |
Security Tree View
The extension adds a "Scratch Security" panel to the Explorer sidebar showing:
- Overall security score
- Files analyzed with individual scores
- Security issues grouped by file
- Issue severity indicators
- Quick navigation to problem areas
API Key Setup
First Time Users
The extension includes a default API key for testing purposes. You can immediately start analyzing your code without any setup.
Getting Your Own Key
- Visit Google AI Studio
- Sign in with your Google account
- Create a new API key
- Copy the key
- In VS Code:
Ctrl+Shift+P → "Scratch: Configure API Key"
- Paste your key and press Enter
Why You Need Your Own Key
- Rate Limits: Personal keys have higher rate limits
- Privacy: Your code analysis stays private to your account
- Reliability: Avoid potential service interruptions
- Features: Access to latest AI model improvements
Privacy & Security
- Local Processing: File scanning happens locally on your machine
- Secure Storage: API keys are stored securely using VS Code's secret storage
- No Data Collection: We don't collect or store your code or analysis results
- Optional Cloud: AI analysis requires sending code to Google's Gemini API
Troubleshooting
Common Issues
"API key not configured" error
- Solution: Run "Scratch: Configure API Key" command and enter your key
"File too large to analyze" error
- Solution: Increase max file size in settings or exclude large files
Analysis takes too long
- Solution: Exclude unnecessary directories (node_modules, dist, build)
No issues found but expecting some
- Solution: Check if file type is supported and try analyzing a different file
Getting Help
- Check the GitHub Issues page
- Review the troubleshooting section above
- Create a new issue with:
- VS Code version
- Extension version
- Error messages
- Steps to reproduce
Contributing
We welcome contributions! Please see our Contributing Guide for details.
License
This extension is licensed under the MIT License.
Changelog
1.0.0
- Initial release
- AI-powered security analysis
- VS Code integration
- Security dashboard
- Export functionality
- Multi-language support
Enjoy secure coding with Scratch Security! 🛡️
| |
