Harness SAST and SCAFind and fix security vulnerabilities as you write code. The extension runs security analysis in your editor and shows results in the Problems panel. Supported languages (analyze / language server): JavaScript, TypeScript, Python, C/C++, C#, Go, Java, PHP, Ruby. Secure AI Coding (aka Local Analysis)The hooks integration (e.g. Cursor afterFileEdit) runs analysis on AI edits only. Hooks support these languages: Java, JavaScript, Python, C, and PHP. Findings appear in the Problems panel; optional follow-up in Cursor can prompt the AI to address issues after edits. The main extension flow (scans, language server, save) uses the full Supported languages list above. Features: SAST, dependency vulnerability analysis (SCA), and secrets detection. RequirementsInstall
Sign in
SettingsPreferences → Settings → Harness SAST and SCA. Viewing resultsOpen the Problems panel or the Harness SAST and SCA tab in the sidebar for scan results and details. Dependency scanning (SCA)The extension scans dependency manifest files for known vulnerabilities when you open a workspace or edit a manifest (e.g. Secrets detectionThe extension runs local, pre-commit-style secrets detection to help prevent committing secrets. Results may differ from full application scans in the Harness SAST and SCA platform, which can be configured separately. |