Ophan for VS Code

ECLIPSE FOUNDATION NAME REQUEST: https://github.com/EclipseFdn/open-vsx.org/issues/8132#issuecomment-3916477594

Find security vulnerabilities in your code before they reach production.

Ophan scans every function in your codebase using AI and gives you results right where you write code — no context switching, no separate dashboards to check.

What It Does

• Security scanning — finds SQL injection, XSS, hardcoded secrets, path traversal, command injection, and more
• Data flow tracking — shows which functions handle user input, PII, credentials, and sensitive data
• Inline documentation — every function gets a plain-English description, parameter docs, and return type docs

All results appear inline in your editor as you work.

Getting Started

1. Install the extension from the VS Code Marketplace
2. Add your Anthropic API key in VS Code Settings (search "Ophan")
3. Click "Analyze Now" when prompted

That's it. Ophan parses your code, runs analysis, and starts showing results immediately. After the first run, it watches for file saves and re-analyzes only what changed.

How You See Results

CodeLens annotations — a one-liner above each function with its description, security warnings, and data flow tags. Click to expand.

Hover tooltips — hover any function name for a quick summary of parameters, return type, and flags.

Detail panel — click any annotation to open the full breakdown: documentation, security explanations, data flow classifications, and a link back to the source.

Cloud Sync

Sign in to sync your analysis across machines and access the web dashboard for a birds-eye view of security issues across all your repos. Team plans let everyone share the same analysis — new team members get results instantly without re-running.

Sign in from the Command Palette: Ophan: Sign In

Supported Languages

• TypeScript / JavaScript
• Python
• More coming soon

Links

• Documentation
• Web Dashboard
• CLI for CI/CD
• Security Analysis Guide
• Pricing