SecureFlag Analyzer

A VSCode plugin that scans your code with LLMs (ChatGPT/Anthropic) and highlights potential vulnerabilities. It also links to SecureFlag learning labs for deeper insight.

Commands

• SecureFlag: Analyze Code
• SecureFlag: Open Settings

Configuration

• secureflag.GPTApi Key: Your ChatGPT API key
• secureflag.Anthropic Api Key: Your Anthropic API key
• secureflag.apiType: LLM provider (chatgpt or anthropic)
• secureflag.autoAnalysis: Enable or disable auto analysis

How It Works

When triggered, the plugin sends nearby lines of code to the LLM along with a list of known vulnerability names. It parses the response, matches it with SecureFlag's JSON, and shows the result in a side panel with links to relevant labs.

Privacy

The SecureFlag Analyzer IDE plugin does not transmit any customer data to SecureFlag. All communication involving customer code or prompts occurs exclusively between the customer's IDE and their selected generative AI provider (e.g., OpenAI, Anthropic), using API keys configured by the customer. SecureFlag does not access, process, or store any customer data.

The only interaction with SecureFlag systems is a read-only HTTP fetch to a public endpoint, performed by the IDE to retrieve enrichment content (e.g., vulnerability references, articles, labs). This request is unauthenticated, does not refer to the customer in any way, and does not include any customer data.