SANGKUR — AI Security Scanner for VSCode
Find vulnerabilities in your code as you type. Powered by a 7-engine security analysis pipeline.
Features
- Scan on Save — Automatically detect vulnerabilities when you save a file
- Inline Diagnostics — See findings as squiggly underlines in your editor
- Quick Fix — One-click fix suggestions (Ctrl+.)
- Hover Details — Hover over findings to see description, CWE, OWASP mapping, and fix code
- Sidebar Panel — Browse all findings by file with severity indicators
- Folder Scan — Right-click a folder to scan all files
Supported Languages
Python, JavaScript, TypeScript, PHP, Java, Go, Ruby, C#, Rust, Dockerfile, Kubernetes YAML, and more.
What It Detects
- SQL Injection, XSS, CSRF, SSRF
- Command Injection, Path Traversal
- Insecure Deserialization, SSTI
- JWT Issues, OAuth Misconfig
- Race Conditions, Business Logic Flaws
- Hardcoded Secrets (50+ patterns)
- Dependency CVEs
- Docker/Kubernetes misconfigurations
- And 40+ more vulnerability types
Getting Started
- Install the extension
- Get a free API key at sangkur.com
- Run command:
SANGKUR: Set API Key
- Start coding — findings appear automatically on save
Configuration
| Setting |
Default |
Description |
sangkur.scanOnSave |
true |
Auto-scan on file save |
sangkur.scanProfile |
quick |
quick (0.5 credit) or deep (1 credit) |
sangkur.maxFileSize |
100000 |
Skip files larger than 100KB |
sangkur.excludePatterns |
node_modules, vendor, dist |
Glob patterns to exclude |
Credits
- Free tier: 30 credits/month (~60 file scans)
- Pro: 200 credits/month
- Team: 2,000 credits/month
Links
| |
