Sec Scanner VS Code Extension

For full repo setup (including the Streamlit web app), see the root README:

• ../README.md

Quick Flow

1. Install/build the extension.
2. Run command Sec Scanner: Set API Key (Secure).
3. Optional: set secScanner.model.
4. Run Sec Scanner: Scan File or Folder.
5. Review results in the Sec Scanner output panel.

Commands

• Sec Scanner: Scan File or Folder (manual picker, supports multi-select)
• Sec Scanner: Scan Current Workspace
• Sec Scanner: Scan Active File
• Sec Scanner: Scan This File (Explorer right-click)
• Sec Scanner: Scan This Folder (Explorer right-click)
• Sec Scanner: Scan Selected Items (Explorer right-click multi-select)
• Sec Scanner: Set API Key (Secure)
• Sec Scanner: Clear API Key

Settings

• secScanner.model: model name, default gemini-2.5-flash-lite.
• secScanner.maxFiles: max files when scanning a folder.
• secScanner.includeExtensions: comma-separated extensions for folder scans.
• secScanner.maxFileBytes: per-file size cap.
• secScanner.maxTotalBytes: folder scan total size cap.
• secScanner.requestTimeoutMs: timeout per API request.

Development Run

npm install
npm run compile

Then press F5 in VS Code and run command from Command Palette.

Security Notes

• Source code selected for scanning is sent to the Google Gemini API for analysis.
• API key is stored using VS Code SecretStorage (not plain text settings).
• Secret-like patterns in code are redacted before sending to Gemini.
• Folder scans skip binaries, large files, and files over configured byte limits.
• .env files are excluded by default from extension filter.