Fortly Security Scanner — VS Code Extension

Scan your web applications for security vulnerabilities directly from VS Code. Get inline findings, AI-powered quick fixes, and a vulnerability dashboard — all without leaving your editor.

Features

Inline Diagnostics — Vulnerabilities appear as squiggly underlines (like ESLint) with severity-based colors
Vulnerability Panel — Side panel showing all findings grouped by severity (Critical, High, Medium, Low)
AI Quick Fixes — One-click AI-powered remediation suggestions via Fortly's remediation API
Command Palette — Trigger scans, view reports, and configure settings from Cmd+Shift+P
Scan on Save — Optionally re-scan your target every time you save a file

Commands

Command	Description
`Fortly: Scan Workspace`	Scan your configured target URL
`Fortly: Scan Current File`	Scan from the active editor context
`Fortly: Show Scan Report`	Display the last scan results in an output channel
`Fortly: Configure API Key`	Set your Fortly API key
`Fortly: Clear Diagnostics`	Remove all Fortly findings from the editor

Getting Started

Install the extension from the VS Code Marketplace
Open the Command Palette (Cmd+Shift+P) and run Fortly: Configure API Key
Enter your API key (get one at fortly.io)
Run Fortly: Scan Workspace and enter your target URL

Alternatively, if you use the Fortly CLI, the extension automatically reads your API key from fortly config.

Settings

Setting	Default	Description
`fortly.apiKey`	—	Your Fortly API key
`fortly.apiUrl`	`https://api.fortly.io`	API base URL
`fortly.targetUrl`	—	Default scan target URL
`fortly.autoScan`	`false`	Auto-scan on workspace open
`fortly.scanOnSave`	`false`	Re-scan on file save

LSP Server

For Neovim, JetBrains, or other LSP-compatible editors, use the CLI's built-in Language Server:

fortly lsp

This starts an LSP server on stdin/stdout that provides diagnostics and code actions.

Requirements

VS Code 1.85.0 or later (also works with Cursor, VSCodium via Open VSX)
A Fortly API key (sign up free)

License

MIT