Introduction

CodeSentinel is a real-time security scanner built for developers. It catches vulnerabilities as you write code — inside VS Code — and blocks insecure code from merging into your repository via the GitHub App.

Two components, one workflow

CodeSentinel ships as two tightly integrated tools that cover your full development lifecycle:

• VS Code Plugin — scans files on save, highlights issues inline, and offers one-click AI-generated fixes.

• GitHub App — installs on your repository and scans every pull request, adding status checks and inline review comments.

Key capabilities

• 150+ built-in security rules covering OWASP Top 10, CWE, and SANS Top 25.

• Critical vulnerabilities like SQL Injection, XSS, path traversal, insecure deserialization, and weak cryptography.

• AI-generated fix suggestions reviewed and applied without leaving your editor.

• Configurable merge policies — block PRs that introduce Critical or High severity issues.

• Support for JavaScript, TypeScript, Python, Go, Rust, Java, C/C++, Ruby, PHP, and Swift.

How scanning works

When you save a file in VS Code, the plugin passes the file through the local rules engine. Issues are highlighted inline with a colored border — red for Critical, amber for High, teal for Medium — and a tooltip explains the vulnerability and shows the suggested fix.

On GitHub, when a pull request is opened or updated, the App fetches the diff, scans changed lines through the same rules engine running on CodeSentinel infrastructure, and posts the results as a GitHub Checks status. Blocking is enforced at the branch protection level, so no critical code can be merged until issues are resolved or explicitly overridden.