RepoScopeCompliance intelligence for your codebase. find • fix • report. Scan your code for security risks, map findings to 5 compliance frameworks, and generate audit-ready evidence — all from your IDE, with one command. Local-first: your code never leaves your machine. 👉 See a real sample report — the exact branded, audit-ready package RepoScope generates (from a demo repo). Or drive the interactive demo →
Why RepoScopeEnterprise compliance automation costs $10K–50K/year. RepoScope delivers compliance intelligence directly in your IDE for $14.99/month. Free on every install: a 44-detector security scanner with file:line findings, a token-ranked repo map, and a Code Provenance Engine for EU AI Act Article 12 readiness. All three run locally — your source never leaves your machine. Upgrade to Pro for the full compliance engine: Compliance (maps security findings to OWASP Top 10, SOC 2 Type II, PCI-DSS v4.0, ISO/IEC 42001, and EU AI Act Article 12 — posture score, per-control PASS/FAIL/PARTIAL, and 4 audit-ready templates with one command), Cost (model-agnostic token cost per file), Budget (Token Budget Intelligence — per-prompt context overhead, rules audit, subscription runway), Game Plan (AI-powered goal tracking), and Audit Prep (1-click evidence package). Code-level controls only, a development aid, not a certification tool.
Two Groups. One Sidebar.Free: Security · Repo Map · Provenance | Pro: Cost · Budget · Compliance · Game Plan · Audit Prep 🔒 Security — FreeProactive, local scanning before Cursor's AI agent touches your code. 44 detectors across 14 languages surface committed secrets and API/cloud keys (GitHub, Slack, Google, Stripe, JWTs, private keys, DB connection strings, Every finding carries a confidence level and CWE ID, and the scan produces a 0–100 security score with a letter grade and per-workspace trend. Filter, search, and group findings; suppress noise with
🗺️ Repo Map — FreeYour whole repo at a glance: every source file ranked by estimated token cost with a color-coded cost bar, alongside the current branch, your last commits, and the files changed in the most recent commit. Click any file to open it instantly. Orient in an unfamiliar codebase in seconds, and see at a glance what changed before a PR review. Refreshes automatically on save.
🔗 Provenance — FreeTracks the origin of AI-generated code in your repo for EU AI Act Article 12 readiness — entirely locally, without sending your code anywhere. A heuristic AI detector identifies AI-generated files using workspace tooling signals ( The Provenance tab shows:
Run RepoScope: Scan Provenance from the Command Palette for an on-demand scan. Run RepoScope: Export Provenance Report to write a structured JSON report (
💰 Cost — ProModel-agnostic token cost per file, ranked — works across GPT, Claude, and Gemini without locking you into a single provider's tokenizer. Every source file ranked by token cost with a color-coded cost bar, a breakdown of unused imports / dead code / oversized strings (click a category to see the worst file), and cumulative recovered-token tracking via the built-in Tokens Recovered tracker (optional status-bar total, and a In a typical 40K-line TypeScript repo, 4 files often account for 60–70% of the total estimated token budget — usually auto-generated code or config blobs.
💸 Budget — Pro (Token Budget Intelligence)See exactly what your IDE sends to AI on every prompt — and how fast you're burning through your subscription.
All token figures are estimates (~chars/4 heuristic), prefixed with
📋 Compliance — ProMaps your latest Security scan to framework controls — OWASP Top 10 (2021), SOC 2 Type II, PCI-DSS v4.0, ISO/IEC 42001:2023, and EU AI Act Article 12 — and shows a posture score per framework, per-control PASS / FAIL / PARTIAL / not-covered status, the findings behind each control, a posture trend over time, and JSON export + copy-summary. Click a control to jump to its findings in Security; Security findings carry an OWASP badge that jumps back here. Findings you've suppressed with Generate audit-ready templates per framework with one click: Control Matrix, Attestation Memo, Gap Plan, and Auditor Evidence Response. Run RepoScope: Prepare for Audit from the Command Palette to generate the full evidence package across all active frameworks. It's derived from your existing security results — it never re-scans your code. Code-level controls only — a development aid, not a certification tool. Auditors make the final determination. Choose frameworks via
📝 Game Plan — ProPersistent AI agent memory. Write
📦 Audit Prep — ProOne-click evidence package. Run RepoScope: Prepare for Audit from the Command Palette to generate the full set of audit-ready templates — Control Matrix, Attestation Memo, Gap Plan, and Auditor Evidence Response — across all active compliance frameworks simultaneously. Output goes to Browse a real sample package → (generated from a demo repo — the exact output you get). Quick InstallRepoScope is available in the Cursor Marketplace as a native plugin, and as a VS Code extension on VS Marketplace + Open VSX. Same features everywhere. CursorRecommended — Cursor Plugin Marketplace (native agent plugin):
Open the Command Palette ( Also available — VS Code Extension (Open VSX):
Open Extensions ( VS Code
Devin Desktop (formerly Windsurf)
Pricing
Competitive Position
| Persistent agent context | ✅ | ⚠️ session only | ❌ | ❌ | ❌ | | Cursor + Devin Desktop + VS Code | ✅ | ❌ Devin Desktop only | ⚠️ | ✅ | ✅ | RepoScope is the only tool in any IDE marketplace that combines security scanning with compliance posture tracking and model-agnostic token cost intelligence. Security vs SonarQube: RepoScope catches risky patterns before you prompt — locally, in your editor, with file:line findings tied to AI cost context. SonarQube excels at CI/CD SAST and org-wide quality gates. They are complementary, not interchangeable. DocumentationThe user guide at reposcope.app covers:
ContributingRepoScope is in active development. Bug reports, feature requests, and pull requests are welcome.
SupportQuestions, bugs, or feedback? We typically respond within 24 hours on business days. Built by NxGen Tech Solutions · support@reposcope.app The first tool built for the AI era of software development — not just ported to it. |






