Scrutin for VS Code
AI-powered code review directly in your editor. Scrutin analyses your files on save (or on demand) using the scrutin CLI binary and surfaces bugs, security issues, secrets, IaC misconfigurations, and code smells as native VS Code diagnostics — no cloud required, no slow CI loop.
Features
Analysis & Diagnostics
- Diagnostics on save — issues appear inline as warnings/errors as soon as you save
- Workspace analysis — scan your entire project with one command
- Quick fixes — one-click suggestions from the 268+ auto-fix patterns
- Hover details — full description, suggestion, confidence, and OWASP/CWE reference on hover
- Severity filtering — show only critical, high, medium, low, or info issues
UI & Navigation
- Status bar — shows
✓ Scrutin, ⚠ Scrutin: 3, or ⟳ Scrutin at a glance
- Issues sidebar — tree view grouped by file with issue counts and severity icons
- File decorations — badge counts on files in the Explorer
- Project dashboard — WebView panel with severity breakdown, file-grouped issues, expandable details, auto-fix suggestions, and code snippets
Cloud & Collaboration (Pro/Business)
- Cloud rule sync — fetch custom workspace rules from the Scrutin dashboard (auto-synced with 1-hour TTL cache)
- PR review annotations — see review comments from your team inline in the editor
- Authentication — login via browser or agent token, stored in system keychain
Setup & Maintenance
- Auto-download — the 3 MB Rust binary is fetched automatically on first use
- Auto-update — background check notifies you when a new version is available
- Guided setup — sidebar welcome view walks you through binary install, login, and first analysis
- LSP mode — optional Language Server Protocol mode for real-time diagnostics (experimental)
- Offline — static analysis and secret detection work entirely without internet
- Marketplace onboarding — walkthrough, PAT setup, findings panel, and AutoFix commands are available from the Command Palette
Supported Languages
C#, TypeScript, JavaScript, Python, Java, Go, Rust, PHP, Kotlin, Ruby, C++, Swift, Scala, Apex, OCaml, JSP, JSON, Terraform, Dockerfile, CI/CD, Shell, and more — 27 languages with 12,500+ rules via the analysis engine.
Requirements
- VS Code 1.85+
- The
scrutin CLI binary (auto-downloaded on first use, or set scrutin.binaryPath)
Getting Started
- Install the extension from the Marketplace
- Run
Scrutin: Configure and set your API URL, PAT, auto-analysis mode, and minimum severity
- Download the binary from the Scrutin sidebar, or let it auto-download on first analysis
- Run
Scrutin: Analyze File or save a supported file
- Open
Scrutin: View Findings Panel to inspect grouped findings and apply AutoFix actions
Commands
| Command |
Description |
Scrutin: Analyze File |
Run analysis on the active file |
Scrutin: Apply AutoFix |
Apply the best available AutoFix for the active finding |
Scrutin: View Findings Panel |
Open the Scrutin activity bar findings tree |
Scrutin: Configure |
Configure API URL, PAT, auto-analysis, severity, and LSP |
Scrutin: Analyze Workspace |
Run analysis on the entire workspace |
Scrutin: Project Dashboard |
Open the interactive dashboard panel |
Scrutin: Clear All Diagnostics |
Remove all Scrutin diagnostics |
Scrutin: Login |
Authenticate with your Scrutin account via browser |
Scrutin: Logout |
Remove stored credentials |
Scrutin: Enter Agent Token |
Manually enter agent credentials |
Scrutin: Sync Cloud Rules |
Manually re-sync custom rules from the cloud |
Scrutin: Load PR Review Annotations |
Fetch and display PR review comments inline |
Scrutin: Download / Update Agent |
Download or update the Scrutin CLI binary |
Scrutin: Show Setup Guide |
Re-open the setup welcome view |
Scrutin: Show Output Panel |
Open the Scrutin log output |
Settings
| Setting |
Default |
Description |
scrutin.enabled |
true |
Enable/disable the extension |
scrutin.binaryPath |
"" |
Custom path to the scrutin binary |
scrutin.analysisOnSave |
true |
Analyse automatically on file save |
scrutin.autoAnalyze |
onSave |
Use onSave, onType, or manual |
scrutin.debounceMs |
500 |
Delay (ms) before triggering analysis on save |
scrutin.severity |
low |
Minimum severity to display |
scrutin.severityFilter |
all |
Issue severities to show |
scrutin.disabledLanguages |
[] |
Language IDs to skip |
scrutin.ignoredRules |
[] |
Rule titles hidden in the current workspace |
scrutin.showHoverDetails |
true |
Show extended info on hover |
scrutin.apiUrl |
https://api.scrutin.com.br |
API base URL (change for self-hosted) |
scrutin.pat |
"" |
Machine-scoped PAT fallback; prefer Scrutin: Configure |
scrutin.cloudSync.enabled |
false |
Fetch custom rules from Scrutin cloud |
scrutin.cloudSync.autoSync |
true |
Auto re-sync when cache is older than 1 hour |
scrutin.prReviews.enabled |
false |
Show PR review annotations inline |
scrutin.lsp.enabled |
false |
Use LSP mode instead of CLI-bridge (experimental) |
Screenshots
Plans
| Plan |
Features |
Price |
| Community |
Full SAST engine (12,500+ rules, 27 languages), secret detection, Dockerfile analysis, LSP + VS Code extension, unlimited repos/analyses/members |
Free forever |
| Pro |
+ AI analysis (BYOK), auto-fix suggestions, PR review comments, Scrutin portal, full IaC (K8s, Terraform, Docker, CI/CD), SCA/CVE (35k+ advisories), Azure DevOps |
$19/dev/mo ($15 annual) |
| Business |
+ SSO/SAML/OIDC, quality gates (block merge), custom YAML rules, custom secret patterns, Bitbucket + JIRA, SLA 99.5% |
$39/dev/mo ($31 annual) |
| Enterprise |
+ On-premise, unlimited agents, 24/7 support, SLA 99.9%, custom contracts |
Contact us |
License
MIT — © Scrutin
| |
