Vigil by SecureOS

Real-time AI security scanning for VS Code and Cursor

Vigil catches security vulnerabilities as you type — before they reach production. Built for developers using AI coding tools like Cursor, Claude Code, GitHub Copilot, and Lovable.

What Vigil catches

🆓 Free — Local, instant, no account needed

Category	What's detected
🔑 Secrets	Hardcoded API keys — OpenAI, Anthropic, Stripe, AWS, GitHub tokens
🗄️ SQL Injection	String interpolation in queries, raw SQL with variables
🌐 CORS	Wildcard origins (`Access-Control-Allow-Origin: *`)
🐛 Debug mode	`debug: true` / `DEBUG = True` in source
⚠️ Dangerous functions	`eval()`, `dangerouslySetInnerHTML`, shell injection
🤖 PromptGuard	LLM prompt injection risks, unsafe LLM response handling

🚀 Pro — Full Sentinel via SecureOS

40+ security rules from the SecureOS Sentinel engine
PromptGuard — LLM-specific vulnerabilities
- User input injected into LLM context
- Unsafe streaming without error handling
- LLM tool calls without argument validation
- System prompts logged to console
Sync findings to your SecureOS dashboard
Real-time security score for your codebase

Getting started

Install Vigil from the VS Code Marketplace
Open any file — scanning starts immediately, no setup needed
Red underlines = critical/high issues · Yellow = medium · Blue = low
Hover over any underline to see the issue and exactly how to fix it

Connect your account (Pro)

Go to app.secureos.dev/settings
Generate an API key
In VS Code: Cmd+Shift+P → Vigil: Connect SecureOS Account
Paste your API key

Commands

Command	What it does
`Vigil: Connect SecureOS Account`	Link your Pro account
`Vigil: Run Full Sentinel Scan`	Deep scan via SecureOS API
`Vigil: Show Security Findings`	Open the findings panel
`Vigil: Disconnect Account`	Remove your API key

Settings

Setting	Default	Description
`vigil.enableLocalScan`	`true`	Scan locally on every save (free)
`vigil.enableFullScan`	`true`	Run Sentinel scan via API (Pro)
`vigil.scanOnSave`	`true`	Auto-scan when a file is saved

Works in Cursor too

Vigil works in any VS Code-compatible editor including Cursor. If you're using AI-generated code, Vigil is especially useful — it catches the security mistakes AI tools commonly introduce.

Example: What gets caught

// ❌ VIGIL-001: Hardcoded OpenAI key
const client = new OpenAI({ apiKey: "sk-abc123..." });

// ✅ Fixed
const client = new OpenAI({ apiKey: process.env.OPENAI_API_KEY });

// ❌ VIGIL-013: User input in LLM prompt (PromptGuard)
const response = await openai.chat.completions.create({
  messages: [{ role: "user", content: req.body.message }]
});

// ✅ Fixed — sanitize first
const safe = sanitize(req.body.message);
const response = await openai.chat.completions.create({
  messages: [{ role: "user", content: safe }]
});

Vigil by SecureOS

secureos

Vigil by SecureOS

What Vigil catches

🆓 Free — Local, instant, no account needed

🚀 Pro — Full Sentinel via SecureOS

Getting started

Connect your account (Pro)

Commands

Settings

Works in Cursor too

Example: What gets caught

Links