CodeProbe
AI-powered code security and quality analysis, right inside VS Code.
CodeProbe scans your workspace using Claude AI to detect security vulnerabilities, code quality issues, and potential bugs — then surfaces them in a clean, interactive sidebar without leaving your editor.
Features
- AI Security Scanning — Analyzes your codebase with Claude (Haiku, Sonnet, or Opus) for vulnerabilities, secrets exposure, injection risks, and more
- Parallel Analysis — Processes files in concurrent batches for fast results even on large codebases
- Real-time Progress — Live scan progress shown in the sidebar and VS Code notification toast
- Issue Explorer — Browse issues by severity (Critical / Warning / Info), filter by category, and view exact file locations with code snippets
- Scan History — Full history of past scans per project with issue counts and timestamps
- Project Dashboard — At-a-glance stats for your current workspace: total issues, critical count, and health trend
- Smart File Exclusions — Respects
.gitignore automatically; configure additional glob patterns to skip generated files, migrations, test fixtures, and more
- Persistent Scans — Scans survive panel close and reopen — no work is ever lost
Requirements
Getting Started
1. Install the extension
Search for CodeProbe in the VS Code Extensions Marketplace and click Install.
2. Sign in
Click the CodeProbe icon in the Activity Bar to open the sidebar, then click Sign In. Your browser opens the CodeProbe login page. After authenticating, the extension is connected automatically.
3. Set your Anthropic API key (API mode)
Open the Command Palette (Cmd+Shift+P / Ctrl+Shift+P) and run:
CodeProbe: Set Anthropic API Key
Paste your sk-ant-... key. It is stored securely in VS Code's encrypted SecretStorage — never written to disk or sent anywhere except the Anthropic API.
Alternatively, if you have the Claude Code CLI installed and authenticated, switch to CLI mode in Settings and no API key is needed.
4. Run a scan
Open a workspace folder, then either:
- Click Run Scan in the CodeProbe sidebar, or
- Run
CodeProbe: Run Security Scan from the Command Palette
CodeProbe will collect your workspace files, run AI analysis in parallel batches, submit results to the server, and notify you when complete.
Extension Settings
| Setting |
Default |
Description |
codeprobe.serverUrl |
https://dev-api-security.learnitpal.com |
CodeProbe backend API URL |
codeprobe.webUrl |
https://dev-security.learnitpal.com |
CodeProbe web app URL |
codeprobe.model |
claude-sonnet-4-6 |
Claude model used for analysis (claude-haiku-4-5-20251001 / claude-sonnet-4-6 / claude-opus-4-6) |
codeprobe.excludePatterns |
[] |
Glob patterns for files/folders to skip (e.g. src/generated/**, prisma/migrations/**) |
Built-in ignores (applied automatically): node_modules, .git, dist, .next, __pycache__, .venv, and other common build/dependency directories.
Commands
| Command |
Description |
CodeProbe: Open Sidebar |
Focus the CodeProbe sidebar panel |
CodeProbe: Open Dashboard |
Open the dashboard in a full tab |
CodeProbe: Open Scans |
Open scan history in a full tab |
CodeProbe: Open Issues |
Open the issues explorer in a full tab |
CodeProbe: Open Settings |
Open extension settings |
CodeProbe: Run Security Scan |
Start a new scan on the current workspace |
CodeProbe: Sign In |
Authenticate with your CodeProbe account |
CodeProbe: Sign Out |
Sign out and clear stored credentials |
CodeProbe: Set Anthropic API Key |
Store your Anthropic API key securely |
CodeProbe: Configure Scan Exclusions |
Interactively pick glob patterns to exclude from scans |
Analysis Modes
API mode (default) — CodeProbe calls the Anthropic API directly using your API key. Choose your preferred model (Haiku for speed, Sonnet for balance, Opus for depth) in the Settings panel.
CLI mode — Uses the locally installed claude CLI (Claude Code). No API key needed — authentication is handled by the CLI. Switch modes in the Settings panel.
Configuring Scan Exclusions
Run CodeProbe: Configure Scan Exclusions from the Command Palette. A quick-pick menu shows:
- Currently excluded patterns (select to remove)
- Suggested patterns based on your workspace directories
- An option to enter a custom glob pattern
Exclusions are saved to your workspace settings (.vscode/settings.json) and only apply to that workspace.
Privacy & Security
- Your source code is sent to the Anthropic API (or processed locally via the Claude Code CLI) for analysis. Review Anthropic's privacy policy for details.
- Your Anthropic API key and session token are stored in VS Code's SecretStorage (OS-level encrypted credential store) — never in plain text.
- Scan results (issue descriptions, file paths, line numbers) are stored on the CodeProbe server tied to your account.
Known Issues
- Very large workspaces (5 000+ files) may take several minutes to scan. Use
codeprobe.excludePatterns to skip directories that don't need analysis.
- CLI mode requires the
claude binary to be on your PATH. If the CLI is installed but not found, restart VS Code after installation.
Release Notes
0.1.0
Initial release:
- AI-powered security scanning via Claude API or Claude Code CLI
- Parallel batch file analysis (4 concurrent × 15 files per batch)
- Real-time scan progress via WebSocket
- Dashboard, Scans, Issues, and Settings panels
.gitignore-aware file collection- Configurable scan exclusion patterns
- 30-day session tokens stored in SecretStorage
Author
Brian Mwangi
License
MIT
