SecureFlag Findings2Training

A VS Code extension that transforms security problems in your workspace into learning opportunities with instant access to SecureFlag training content and hands-on labs.

What It Does

SecureFlag Findings2Training automatically detects security issues from security tools running in your workspace (like Snyk, Semgrep, etc.), and matches them to:

SecureFlag Training Content - Learn what the vulnerabilities are and how to fix them.
SecureFlag Practice labs - Get hands-on experience fixing the vulnerabilities.

Quick Start

1. Install & Configure

Install the extension from VS Code Marketplace.
Get your API token from the SecureFlag Management Portal.
Open VS Code Settings.
Search for "Findings2Training".
Paste your API token in Findings2Training: Api Access Token

2. Usage

Option A: Right-click on any security problem in the Problems panel

Select "View Training: [Vulnerability] (SecureFlag Findings2Training)" to learn about the vulnerability.
Select "Practice Lab: [Vulnerability] (SecureFlag Findings2Training)" to practice fixing it in SecureFlag Portal.

Option B: Quick Fix menu

Click the lightbulb icon on highlighted security issues in code.
Select "View Training" or "Practice Lab" options.

Option C: Manual analysis

Open Command Palette (Ctrl/Cmd + Shift + P).
Run "SecureFlag Findings2Training: Analyze Security Problems".
View a summary of all detected vulnerabilities with links to training content and practice labs.

When clicking any "View Training" option, training content appears in a side panel next to your code.

Settings

Setting	What It Does	Required
`API Access Token`	Your SecureFlag API token generated from the Management Portal	Yes
`Proxy`	Proxy URL (e.g., `http://proxy:8080`)	No

Troubleshooting

"Please configure your API Access Token"
Add your token in SecureFlag Findings2Training Settings.
"No security issues detected"
Ensure you have a security tool installed (Snyk, Semgrep, etc.) and it's detecting issues in your workspace. Check the Problems panel.
Behind a proxy?
Set the Proxy field in SecureFlag Findings2Training Settings to your proxy URL.

Privacy

Only diagnostic messages from the Problems panel are sent to SecureFlag API (your source code is never transmitted).
API token stored locally in VS Code settings (never shared).