Documentation

IDE Plugin — Overview

How the VS Code extension scans and surfaces vulnerabilities.

The CodeSentinel VS Code extension integrates directly into your editing workflow. It scans files locally on your machine — no network call is made during a scan — and surfaces findings in the same way TypeScript surfaces type errors: inline, as you type.

Scanning lifecycle

  1. 1

    You save a file (⌘ S).

  2. 2

    The extension passes the file buffer to the local rules engine (WebAssembly, < 50 ms).

  3. 3

    Findings are mapped to line ranges and pushed to VS Code's Diagnostic API.

  4. 4

    Inline decorations appear immediately — no reload required.

Core features

Inline highlighting

Vulnerable lines are decorated with a coloured left border and a squiggly underline. Hovering displays a tooltip with the rule ID, severity, a plain-English explanation, and action buttons.

Issues panel

The CodeSentinel panel (available from the Activity Bar or via ⌘ ⇧ P → *CodeSentinel: Show Issues*) lists all findings grouped by severity. Click any issue to jump to the affected line.

AI fix suggestions

For every finding, the extension generates a context-aware fix. The fix is shown as a diff — you can review the change before accepting. Fixes are applied as a single atomic edit, leaving the rest of the file unchanged.

AI fixes require a Pro or Team plan

Local scanning and inline highlighting are free forever. AI-generated fix suggestions require a paid plan.

Supported languages

  • JavaScript (.js, .mjs, .cjs)

  • TypeScript (.ts, .tsx)

  • Python (.py)

  • Go (.go)

  • Rust (.rs)

  • Java (.java)

  • C / C++ (.c, .cpp, .h)

  • Ruby (.rb)

  • PHP (.php)

  • Swift (.swift)

Previous

Quick Start

Next

Installation