Secure Code Analyzer
Multi-Agent AI Security Analysis for VS Code
Secure Code Analyzer is a powerful VS Code extension that uses orchestrated AI agents to perform comprehensive security vulnerability scanning on your codebase. It analyzes your code for security issues, provides detailed explanations, and suggests fixes.
Features
🔒 Multi-Agent AI Analysis - Uses orchestrator pattern with specialized AI agents for in-depth security scanning
🎯 Flexible Scanning Options
- Scan active file
- Scan entire project
- Scan selected files
⚡ Real-Time Analysis - Automatic scanning on file save (configurable)
📊 Detailed Vulnerability Reports
- Severity ratings (Critical, High, Medium, Low)
- Line-by-line issue highlighting
- Detailed descriptions and remediation steps
- Code snippets with vulnerable sections
🎨 Integrated UI
- Dedicated Security Issues panel in the sidebar
- Color-coded severity indicators
- Quick navigation to issues
Installation
- Install from VS Code Marketplace: Search for "Secure Code Analyzer"
- Click Install
- Reload VS Code
Requirements
This extension requires a backend server to perform the AI analysis.
Backend Setup:
- Clone the repository:
git clone https://github.com/ar1701/AI-Grand-Challenge
- Navigate to backend:
cd backend
- Install dependencies:
npm install
- Configure environment variables (API keys for AI services)
- Start the server:
npm start
Usage
Scanning Your Code
Method 1: Command Palette
- Open Command Palette (
Cmd+Shift+P on Mac, Ctrl+Shift+P on Windows/Linux)
- Type "Security Analysis" and choose:
🔒 Security Analysis: Active File - Scan current file🔒 Security Analysis: Entire Project - Scan all files🔒 Security Analysis: Select Files - Choose specific files
Method 2: Automatic Scanning
- Files are automatically scanned on save if
secureScan.autoScanOnSave is enabled
Method 3: Activity Bar
- Click the lock icon in the Activity Bar to open the Security Issues panel
Viewing Results
The Security Issues panel shows:
- Issue Count - Total vulnerabilities found
- Severity Breakdown - Grouped by severity level
- Detailed Issues - Each issue includes:
- Severity badge
- Description
- File location and line number
- Code snippet
- Suggested fix
Click on any issue to navigate directly to the vulnerable code.
Configuration
Configure the extension via VS Code Settings (Cmd+, or Ctrl+,):
{
// Backend API URL (default: http://localhost:8080)
"secureScan.backendUrl": "http://localhost:8080",
// Enable/disable automatic scanning on save (default: true)
"secureScan.autoScanOnSave": true
}
Extension Settings
secureScan.backendUrl: Backend API base URL for security analysissecureScan.autoScanOnSave: Automatically scan files when saving
Supported Languages
The extension can analyze any programming language supported by your backend AI agents, including:
- JavaScript/TypeScript
- Python
- Java
- Go
- C/C++
- Ruby
- PHP
- And many more
How It Works
- File Selection - You select files to scan via commands
- Backend Communication - Extension sends code to backend API
- AI Orchestration - Backend orchestrator coordinates multiple specialized AI agents
- Vulnerability Detection - Agents analyze code for security issues
- Results Display - Extension renders findings in the Issues panel with inline highlights
Security & Privacy
- Code is sent to your configured backend server for analysis
- The backend uses AI services (OpenAI, Google Gemini, etc.) as configured
- Ensure your backend is properly secured if exposed to the internet
- Review your AI service provider's data policies
Troubleshooting
No results appearing?
- Verify backend server is running at the configured URL
- Check VS Code Output panel (View → Output → Secure Code Analyzer) for errors
- Ensure backend has valid API keys configured
Connection errors?
- Confirm
secureScan.backendUrl setting points to your backend
- Check firewall/network settings
- Verify backend server logs for errors
Contributing
Contributions are welcome! Visit the GitHub repository to:
- Report bugs
- Request features
- Submit pull requests
License
This extension is licensed under the MIT License. See LICENSE file for details.
Release Notes
1.0.0
Initial release of Secure Code Analyzer
Features:
- Multi-agent AI security analysis
- Active file, project-wide, and selective file scanning
- Real-time vulnerability detection
- Integrated issues panel with severity indicators
- Auto-scan on save
- Configurable backend URL
Enjoy secure coding! 🔒
For more information and documentation, visit our GitHub repository.
