Sec Scanner Extension (Minimal)
Simple flow:
- Install extension.
- Run command
Sec Scanner: Set API Key (Secure).
- Set (optional)
secScanner.model.
- Run command:
Sec Scanner: Scan File or Folder.
- Pick a file or folder.
- Vulnerability report appears in the
Sec Scanner output panel.
Commands
Sec Scanner: Scan File or Folder (manual picker, supports multi-select)Sec Scanner: Scan Current WorkspaceSec Scanner: Scan Active FileSec Scanner: Scan This File (Explorer right-click)Sec Scanner: Scan This Folder (Explorer right-click)Sec Scanner: Scan Selected Items (Explorer right-click multi-select)Sec Scanner: Set API Key (Secure)Sec Scanner: Clear API Key
Settings
secScanner.model: model name, default gemini-2.5-flash.secScanner.maxFiles: max files when scanning a folder.secScanner.includeExtensions: comma-separated extensions for folder scans.secScanner.maxFileBytes: per-file size cap.secScanner.maxTotalBytes: folder scan total size cap.secScanner.requestTimeoutMs: timeout per API request.
Dev run
npm install
npm run compile
Then press F5 in VS Code and run command from Command Palette.
Setup And Run Commands (Quick Reference)
First time setup
cd <path-to-your-project>\sec-scanner
python -m pip install -r requirements.txt
cd vscode-extension
npm install
npm run compile
Every time you want to run
cd <path-to-your-project>\sec-scanner\vscode-extension
npm run compile
Then in VS Code:
- Open folder
<path-to-your-project>\sec-scanner\vscode-extension
- Press
F5 (launch Extension Development Host)
- Run command
Sec Scanner: Set API Key (Secure)
- Run command:
Sec Scanner: Scan File or Folder
- Open
Output panel and select Sec Scanner
Optional live compile while editing
cd <path-to-your-project>\sec-scanner\vscode-extension
npm run watch
Security Notes
- Source code selected for scanning is sent to the Google Gemini API for analysis.
- API key is stored using VS Code SecretStorage (not plain text settings).
- Secret-like patterns in code are redacted before sending to Gemini.
- Folder scans skip binaries, large files, and files over configured byte limits.
.env files are excluded by default from extension filter.
| |
