🛡️ DeployShield

Deployment safety assistant for VS Code — prevent accidental commits of API keys, secrets, debug code, and insecure configurations before they ever reach production.

✨ Features

Feature	Description
🔑 API Key Detection	Stripe, GitHub, AWS, OpenAI, Google, Twilio, SendGrid & more
🔒 Secret Detection	JWT secrets, DB passwords, private keys, tokens
🐛 Debug Statement Detection	`debugger`, `var_dump`, `breakpoint()`, `System.out.println`
📝 Console Statement Detection	`console.log/warn/debug` with quick-fix removal
🌐 Localhost Detection	Hardcoded `localhost`, `127.0.0.1` URLs
⚙️ Dev Config Detection	`APP_DEBUG=true`, `NODE_ENV=development`, disabled SSL
📋 TODO/FIXME Detection	Unresolved annotations
🧪 Test Data Detection	Sample emails, test passwords, Stripe test cards
🔐 Permission Detection	`chmod 777`, NOPASSWD sudoers
💬 Comment Risk Detection	Security bypass comments, "remove later" notes
📊 Safety Score	0–100 score with real-time updates
🚦 Status Bar	Live safety status at a glance
📋 Sidebar	Grouped findings tree view
🖥️ Dashboard	Rich webview with charts and issue breakdown
📄 Reports	HTML, JSON, and Markdown export
🔗 Git Hooks	pre-commit and pre-push integration
🚀 Deployment Check	Single command to verify deployment readiness
⚡ Quick Fixes	One-click fixes for console.log, debugger, TODOs
🙈 Ignore Rules	Per-folder and per-rule ignore list via `.deployshield.json`

🚀 Getting Started

Installation

Open VS Code
Press Ctrl+P (or Cmd+P on Mac)
Type ext install deployshield
Press Enter

Or search for DeployShield in the VS Code Marketplace.

First Scan

Open any workspace/project folder
Press Ctrl+Shift+P to open the Command Palette
Type DeployShield: Scan Workspace and press Enter
View results in the Problems panel, sidebar, or dashboard

📖 Usage

Command Palette Commands

Command	Description
`DeployShield: Scan Workspace`	Full workspace security scan
`DeployShield: Scan Current File`	Scan only the active editor file
`DeployShield: Scan Before Commit`	Scan + block if critical issues exist
`DeployShield: Scan Before Push`	Scan + block push if critical
`DeployShield: Deployment Readiness Check`	Full check with pass/block verdict
`DeployShield: Open Dashboard`	Open the visual dashboard
`DeployShield: Generate Report`	Export HTML/JSON/Markdown report
`DeployShield: Install Git Hooks`	Auto-scan on every commit/push
`DeployShield: Remove Git Hooks`	Remove installed Git hooks
`DeployShield: Open Ignore Config`	Edit `.deployshield.json`
`DeployShield: Clear All Diagnostics`	Clear findings and reset

Click the shield icon in the Activity Bar (left side of VS Code) to open the DeployShield sidebar. It shows:

Safety Score (click to open dashboard)
Critical / High / Medium / Low grouped findings
Recent Scans history
Quick-action buttons

Status Bar

The status bar shows your current safety status:

DeployShield: SAFE ✅ — no issues
DeployShield: 5 Issues ⚠️ — non-critical issues
DeployShield: 3 Issues 🚨 — critical issues detected

Click it to open the dashboard.

⚙️ Configuration

Open VS Code settings (Ctrl+,) and search for deployshield:

{
  "deployshield.autoScan": true,
  "deployshield.blockCritical": true,
  "deployshield.enableGitHooks": false,
  "deployshield.showStatusBar": true,
  "deployshield.ignoreNodeModules": true,
  "deployshield.scanOnSave": true,
  "deployshield.customPatterns": []
}

Custom Patterns

Add your own regex patterns to detect proprietary secrets:

{
  "deployshield.customPatterns": [
    {
      "id": "MY001",
      "name": "Internal API Token",
      "pattern": "mycompany_api_[a-zA-Z0-9]{32}",
      "severity": "critical",
      "description": "Internal API token detected"
    }
  ]
}

🙈 Ignore Rules

Create .deployshield.json in your workspace root to configure ignores:

{
  "ignorePatterns": [
    "tests/**",
    "sandbox/**",
    "mock-data/**",
    "**/*.test.ts",
    "**/*.spec.js"
  ],
  "ignoreRuleIds": [],
  "customPatterns": []
}

You can also right-click any issue in the Problems panel and choose Ignore rule DS004 (for example) to add it to the ignore list via quick fix.

🔗 Git Hooks

Run DeployShield: Install Git Hooks to automatically scan before every commit and push.

If critical issues are found, the commit/push is blocked with a clear message.

To bypass (unsafe): git commit --no-verify

To remove hooks: DeployShield: Remove Git Hooks

📊 Safety Score

Score	Status	Meaning
100	✅ Perfect	No issues at all
90–99	✅ Safe	Only low-severity issues
70–89	⚠️ Warning	Medium/high issues exist
< 70	🚨 Dangerous	Critical/high issues block deployment

Scoring:

Critical finding: -25 points
High finding: -10 points
Medium finding: -5 points
Low finding: -1 point

🛡️ Detection Rules

ID	Rule	Severity
DS001	API Key Detection	Critical
DS002	Secret & Token Detection	Critical
DS003	Hardcoded Credentials	High
DS004	Console Statement Detection	Medium
DS005	Debug Statement Detection	Medium/High
DS006	Localhost URL Detection	High
DS007	Development Configuration	High
DS008	TODO/FIXME Detection	Low/Medium
DS009	Test Data Detection	Medium
DS010	Dangerous Permission Detection	High
DS011	Comment Risk Detection	Medium/High

🔒 Privacy

DeployShield is 100% offline:

No data leaves your machine
No accounts or sign-up required
No telemetry or analytics
No cloud processing
Works without internet

🛠️ Development

git clone https://github.com/vetrisuriya/deployshield-vscode
cd deployshield-vscode
npm install
npm run compile
# Press F5 in VS Code to launch the Extension Development Host

Running Tests

npm test

See CONTRIBUTING.md for full contribution guidelines.

📄 License

MIT — see LICENSE

🙌 Contributing

Contributions are welcome! Please read CONTRIBUTING.md before submitting pull requests.

To request a new detection rule or report a false positive, open an issue on GitHub.

DeployShield

Vetri Suriya