soteria vscode

Soteria is a Visual Studio Code extension that automatically analyzes GitHub Actions workflow files (.yaml / .yml) for misconfigurations and potential issues.

It integrates the Soteria tool to provide real-time diagnostics and visualization, helping developers maintain secure and robust CI/CD workflows.

Features

• Automatic workflow scanning: Misconfigurations in .github/workflows files are detected automatically and displayed as warnings via the VS Code diagnostics system. The files are checked on save.
• Manual file checking: Run analysis on any open .yaml or .yml file using the button in the Top Bar or clicking the "Untracked" button in the Status Bar.
• Detector toggles: Enable or disable individual detectors or detector categories via the "Toggle Detectors" sidebar panel.
• Statistics view:
  • Misconfigurations by Detector — Understand which checks are flagging most issues.
  • Misconfigurations by Severity — Quickly grasp criticality of current problems.
  • New Misconfigurations Over Time — Track progress and catch regressions.
• Remote stats sync (optional): Collected stats can be sent to a remote server for analysis. This feature is disabled by default.
• Fully configurable: Tweak behavior via user/workspace settings.

Requirements

This extension bundles platform-specific Soteria binaries for:

• Windows (x64 and arm64)
• Linux (x64 and arm64)
• macOS (x64 and arm64)

No manual installation of Soteria is needed — the extension selects the correct binary automatically.

Extension Settings

You can customize the extension through VS Code's Settings UI or settings.json.

Sidebar Views

The extension adds a custom soteria activity bar view with:

• Toggle Detectors: Manage active analysis rules
• Statistics: Interactive charts showing live and historical data

Installation

Install from the VS Code Marketplace.

License

MIT

Author

Eduard Bilous — Email

Enjoy using soteria and stay secure! 🚀