ButterFence Security Scanner

Scan IaC (Terraform, CloudFormation), Python code, and AWS IAM policies for security vulnerabilities — without leaving VS Code.

Features

• Scan Current File — run ButterFence on whatever file is open; findings appear as squiggly underlines with detailed tooltips
• Scan Workspace — scan all Terraform, CloudFormation, YAML, JSON, and Python files in one go
• Severity-grouped findings panel — Explorer sidebar panel showing CRITICAL → HIGH → MEDIUM → LOW with click-to-navigate
• GitHub-style annotations — each finding shows file, line, severity, resource, and a one-line fix hint
• Optional scan on save — auto-scan every time you save a supported file
• Status bar indicator — animated spinner while scanning, dismisses cleanly

Requirements

A running ButterFence Cloud API server. Default: http://localhost:8000 (works with the local dev setup).

Getting Started

1. Install the extension from the VS Code Marketplace
2. Open Settings (Ctrl+,) → search ButterFence
3. Set:
   • butterfence.apiBaseUrl — your server URL (default http://localhost:8000)
   • butterfence.apiKey — your API key (leave blank for local dev)
4. Open any .tf, .yaml, .json, or .py file
5. Press Ctrl+Shift+P → ButterFence: Scan Current File

Extension Settings

Commands

Supported File Types

.tf (Terraform), .yaml / .yml (CloudFormation), .json, .py (Python)

Known Limitations

• Requires a running ButterFence server (the extension calls the remote API; it does not run scanners locally)
• Maximum 200 files per workspace scan (configurable in future releases)
• The detail field is truncated to 200 characters by the API

License

MIT