DerScanner SAST

DerScanner SAST — start static analysis from the VS Code workspace.

Features

Start scan — build a ZIP from configurable include/exclude globs and POST it to your server.
Sidebar — quick access under the DerScanner SAST activity bar (Commands view).
Status bar — shortcut to the main menu when a workspace folder is open.
Explorer context — “Start scan / upload ZIP” on folders (when a workspace is open).

Scan progress and findings are shown in your DerScanner SAST web UI; this extension does not render issues inside the editor.

Visual Studio Code 1.80 or newer.
Required settings: derscanner.apiUrl and derscanner.token must be set before starting a scan.
A reachable DerScanner SAST (or compatible) API and network access (VPN/DNS if your host is internal).

Open Settings and search for derscanner, or edit settings.json.

derscanner.apiUrl and derscanner.token are required; the extension will not run a scan until both are configured.

Setting	Description
`derscanner.apiUrl` (required)	API base URL with a trailing slash, e.g. `https://your-host/app/api/v1/`
`derscanner.token` (required)	Bearer token for `Authorization`
`derscanner.disableSslVerification`	Skip TLS certificate verification (use only if your policy allows it)
`derscanner.startScanRelativePath`	Path appended to `apiUrl` for StartScan (default: `scan/start`)
`derscanner.projectUuid`	Existing project UUID, or empty for a new project each run
`derscanner.projectName`	Project name when UUID is empty
`derscanner.projectDirectory`	Root to zip; empty = workspace root (or pick folder if multi-root)
`derscanner.includeGlob`	Semicolon-separated globs to include
`derscanner.excludeGlob`	Semicolon-separated globs to exclude
`derscanner.languagesCsvOverride`	Optional override for the comma-separated `languages` field sent to the API

Run them from the Command Palette (DerScanner SAST category), the sidebar, or the status bar entry.

For product documentation, licensing, and support, contact DerScanner.