Skip to content
| Marketplace
Sign in
Visual Studio Code>Programming Languages>Blacklock SecurityNew to Visual Studio Code? Get it now.
Blacklock Security

Blacklock Security

Blacklock.io

|
1 install
| (0) | Free
Security scanning powered by Blacklock Shield
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

Blacklock SAST Security Scan

Perform a security scan on your source code as you write. Find vulnerabilities in source code, dependencies, and infrastructure configs -- all without leaving your editor.

Works with: VS Code | Claude Code | OpenAI Codex CLI

What It Does

  • Scans source code for SQL injection, XSS, hardcoded secrets, logic flaws, and more
  • Scans dependencies for known CVEs and suggests fixed versions
  • Scans infrastructure configs (Dockerfiles, Kubernetes, Terraform) for misconfigurations
  • Gives you a health score (0-100) for your project's security posture
  • Auto-installs scanning tools (opengrep, trivy) on first use -- no manual setup
  • Caches results per-file with content hashing -- only re-scans files that actually changed
  • AI assistants (Claude/Codex) can fix findings and verify the fix in one shot

Quick Start

Download the latest bl-codescan binary from Releases, then follow the setup for your tool below.


VS Code Extension

Real-time security scanning with inline diagnostics, a dedicated findings panel, and dependency vulnerability detection.

Install

  1. Build the extension:

    git clone https://github.com/blacklock-security/block-ide-plugins.git
    cd block-ide-plugins
    npm install && npm run compile && npx vsce package
    
  2. In VS Code: Ctrl+Shift+X > ... menu > Install from VSIX > select the .vsix file.

How to Use

The extension scans automatically on save. You can also run scans manually from the Command Palette (Ctrl+Shift+P):

  • Blacklock SAST: Scan Current File
  • Blacklock SAST: Scan Entire Workspace
  • Blacklock SAST: Scan Dependencies

Findings show up as inline squiggly underlines, in the Problems panel, and in the Blacklock sidebar.

Settings

Search "Blacklock" in VS Code Settings (Ctrl+,):

Setting Default What it does
runOnSave true Scan when you save a file
debounceDelay 1000 Wait time (ms) before scanning after edits
configPath "auto" Custom rule config path, or "auto" for defaults
maxFileSize 500000 Skip files larger than this (bytes)

Claude Code Plugin

An MCP server that gives Claude 9 security scanning tools, plus a post-edit hook that automatically scans every file Claude touches.

Install

mkdir -p ~/.claude/plugins/blacklock-codescan
cp -r claude-code-plugin/{bin,hooks,commands,mcp.json,shield.config.json} ~/.claude/plugins/blacklock-codescan/
chmod +x ~/.claude/plugins/blacklock-shield/bin/blacklock-codescan

Restart Claude Code.

Commands

/bl-codescan:audit                    Full audit (source + deps + infra + health score)
/bl-codescan:source                   Source code scan only
/bl-codescan:deps                     Dependency CVE scan
/bl-codescan:infra                    Infrastructure config scan (Docker, K8s, Terraform)
/bl-codescan:triage                   Filter findings by severity/category/engine
/bl-codescan:details <file>           Scan a specific file (or show cached results)
/bl-codescan:verify <finding-id>      Check if a finding was fixed
/bl-codescan:autoscan on|off          Toggle auto-scan after every edit
/bl-codescan:health                   Quick health score (0-100)

Triage Options

/bl-codescan:triage severity=CRITICAL
/bl-codescan:triage severity=HIGH,CRITICAL category=injection
/bl-codescan:triage engine=SOURCE

Example Prompts

/bl-codescan:audit
"Fix all critical and high findings, then re-run the audit"

/bl-codescan:deps
"Upgrade all vulnerable packages to their fixed versions"

/bl-codescan:details src/auth/login.py
"Is the SQL query on line 42 actually vulnerable?"

/bl-codescan:infra
"Fix the Dockerfile issues and add a non-root USER"

/bl-codescan:autoscan on
"Now write me a new API endpoint for user registration"
(Claude auto-scans after every edit)

"Run a security audit, fix anything critical, and verify the fixes"
(Claude runs audit, makes fixes, then verifies -- all automatically)

Codex CLI Plugin

An MCP skill that registers 9 security tools Codex can call on its own. Supports text, json, and sarif output formats.

Install

cd block-ide-plugins/codex-plugin
bash setup.sh

This copies the skill to ~/.codex/skills/blacklock-codescan/, registers the MCP server in ~/.codex/config.toml, and installs scanning tools if missing. Restart Codex CLI.

Commands

$bl-codescan audit          Full audit (source + deps + infra + health score)
$bl-codescan source         Source code scan only
$$bl-codescan source         Source code scan only deps           Dependency CVE scan
$$bl-codescan source         Source code scan only infra          Infrastructure config scan
$$bl-codescan source         Source code scan only triage         Filter findings by severity/category/engine
$$bl-codescan source         Source code scan only details <file> Scan a specific file (or show cached results)
$$bl-codescan source         Source code scan only verify <id>    Check if a finding was fixed
$$bl-codescan source         Source code scan only autoscan on|off Toggle auto-scan after every edit
$$bl-codescan source         Source code scan only health         Quick health score (0-100)

Triage Options

$$bl-codescan source         Source code scan only triage severity=CRITICAL engine=SOURCE
$$bl-codescan source         Source code scan only triage category=injection

Example Prompts

$$bl-codescan source         Source code scan only audit
"Fix all critical findings and re-run the audit"

$$bl-codescan source         Source code scan only deps
"Upgrade every vulnerable package to the fixed version"

$$bl-codescan source         Source code scan only details src/api/handler.go
"Is this actually exploitable?"

$$bl-codescan source         Source code scan only autoscan on
"Refactor the auth module"
(Codex auto-scans after every edit)

"Check this project for security issues, fix anything critical, then verify"
(Codex picks the right tools automatically)

Building from Source

cd blacklock-shield
cargo build --release
# Binary: target/release/blacklock-codescan

License

MIT -- see LICENSE.

Support

  • GitHub Issues
  • support@blacklock.io
  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2026 Microsoft