SecureFlag Analyzer

A VSCode plugin that scans your code with LLMs (ChatGPT/Anthropic) and highlights potential vulnerabilities. It also links to SecureFlag learning labs for deeper insight.

Commands

• SecureFlag: Analyze Code
• SecureFlag: Open Settings

Configuration

• secureflag.GPTApi Key: Your ChatGPT API key
• secureflag.Anthropic Api Key: Your Anthropic API key
• secureflag.apiType: LLM provider (chatgpt or anthropic)
• secureflag.autoAnalysis: Enable or disable auto analysis

How It Works

When triggered, the plugin sends nearby lines of code to the LLM along with a list of known vulnerability names. It parses the response, matches it with SecureFlag's JSON, and shows the result in a side panel with links to relevant labs.