Studies show roughly 40% of AI-generated code contains at least one exploitable vulnerability. We accept Copilot suggestions with a quick Tab press and move on. But who's checking the code your AI writes?
That's why I built CodeVigil, a VS Code extension that scans your code for security vulnerabilities in real time, right inside your editor.
How It Works
CodeVigil uses a three-layer scanning approach:
- Regex pattern matching catches common vulnerability signatures
- AST structural analysis understands code context and data flow
- GitHub Copilot LLM verification reasons about whether a finding is a real risk
This triple-check approach catches issues that single-pass scanners miss. Findings show up as native VS Code diagnostics, just like TypeScript errors or ESLint warnings.
What You Get
- 100+ vulnerability patterns across 10 languages (JS/TS, Python, Java, C#, Go, PHP, Ruby, C/C++, Kotlin)
- Copilot Chat integration with @codevigil for natural-language security questions
- Local CVE database with 130,000+ known vulnerabilities for dependency scanning
- Secret detection to catch hardcoded API keys and credentials
- Severity-ranked diagnostics so you know what to fix first
Zero Config
Install it and it works. No accounts, no API keys, no configuration files. CodeVigil detects your project's languages and applies the right patterns automatically.
Try It
Search "CodeVigil" in the VS Code Extensions panel and hit Install. Open any project and it starts scanning immediately.
The free tier covers everything above. A Pro tier with additional features like SARIF export and a security dashboard is coming soon.
We'd love your feedback. Try it out and let us know what you think.
https://marketplace.visualstudio.com/items?itemName=BitsPlus.codevigil
More
Top comments (0)