Patchd Security
Real-time AI-powered security scanning for VS Code. Patchd analyzes your code for vulnerabilities and surfaces actionable findings — directly in your editor.
Features
- Three scan modes — scan the full file, only git-changed lines (diff), or a selected snippet
- Inline diagnostics — findings appear as squiggles and CodeLens annotations at the affected lines
- Security Findings panel — a dedicated sidebar view grouping findings by severity with expandable detail fields
- Finding detail view — opens beside the editor with structured sections: What, How it can be exploited, Impact, Suggested fix, and Verify
- Hover tooltips — hover over any flagged line to see a quick summary
- Status bar indicator — shows scan state and a running count of critical/high findings
- Auto-scan on save — optionally trigger a scan every time you save a supported file
Supported Languages
Python · JavaScript · TypeScript · Go · Java · PHP · Ruby (+ JSX/TSX variants)
Severity Levels
| Level |
Description |
| Critical |
Exploitable vulnerabilities requiring immediate attention |
| High |
Serious issues with significant security impact |
| Medium |
Warnings and potential weaknesses |
| Low |
Best-practice violations |
| Info |
Informational notes |
Getting Started
1. Get an API Key
Sign up at patchd.dev to obtain an API key.
2. Add Your API Key
Open the Command Palette (Ctrl+Shift+P / Cmd+Shift+P) and run:
Patchd: Set API Key
Your key is stored securely in VS Code's secret storage — never in settings files.
3. Scan Your Code
| Method |
How |
| Command Palette |
Patchd: Scan Current File |
| Keyboard shortcut |
Ctrl+Shift+P S (while editor is focused) |
| Editor title bar |
Click the shield icon ($(shield)) |
| Right-click menu |
Patchd: Scan Current File or Patchd: Scan Selection |
| Auto-scan |
Enable patchd.scanOnSave in settings |
Commands
| Command |
Description |
Patchd: Scan Current File |
Scan the entire active file |
Patchd: Scan Git Changes |
Scan only lines changed since the last commit |
Patchd: Scan Selection |
Scan the currently selected code |
Patchd: Clear Findings |
Remove all findings for the active file |
Patchd: Set API Key |
Store or update your Patchd API key |
Patchd: Focus Findings Panel |
Bring the Security Findings sidebar into view |
Security Findings Panel
The Patchd Security view (activity bar) groups findings by severity. Each finding can be expanded to show:
- What — description of the issue
- How — how an attacker could exploit it
- Impact — potential consequences
- Fix — suggested code change
- Verify — how to confirm the fix is effective
Clicking a finding opens the detail panel beside your editor. The Go to Code button in the detail panel jumps directly to the affected line.
Settings
| Setting |
Default |
Description |
patchd.apiUrl |
https://api.patchd.dev |
Patchd API base URL |
patchd.scanMode |
diff |
Default scan mode: diff, file, or selection |
patchd.scanOnSave |
false |
Automatically scan on file save (uses API credits) |
patchd.blockOnCritical |
true |
Show a prominent error message when critical findings are detected |
patchd.minSeverity |
low |
Minimum severity to surface as a diagnostic (low, medium, high, critical) |
Scan Modes
diff (recommended) — sends only git-changed lines to the API. Fastest and most credit-efficient. Falls back to full-file scan if no diff is found.
file — sends the entire file contents. Use this for a full audit of a file.
selection — sends only the highlighted text. Useful for reviewing a specific function or block.
Requirements
- VS Code 1.85 or later
- A Patchd API key (patchd.dev)
- Git installed (required for
diff scan mode)
Privacy
Only the code you explicitly scan is sent to the Patchd API. No telemetry or background data collection occurs.
License
MIT
