Overview
The CybeDefend VS Code extension brings comprehensive security analysis and AI-powered remediation directly into your development workflow. Identify vulnerabilities, get AI-generated fixes, and manage your security posture — all without leaving Visual Studio Code.Install from Marketplace
Get the CybeDefend extension for VS Code
Key Features
5 Scan Types
SAST, SCA, IaC, Secrets, and CI/CD scanning in one extension
CybeAgent
AI-powered assistant that analyzes and fixes vulnerabilities with full code context
DeepFix
Automated dependency upgrades for SCA vulnerabilities across 9 ecosystems
Security Scanning
| Scan Type | What It Detects |
|---|---|
| SAST | SQL injection, XSS, path traversal, command injection — with taint analysis and data flow tracking |
| SCA | Known CVEs in dependencies (npm, Maven, pip, Go, NuGet, RubyGems, Cargo, Swift, Packagist) |
| IaC | Misconfigurations in Terraform, CloudFormation, Kubernetes, Docker |
| Secrets | Leaked API keys, tokens, passwords, certificates |
| CI/CD | Insecure pipeline configurations and overly permissive permissions |
Editor Integration
- Gutter icons — Severity-colored markers on every vulnerable line (Critical, High, Medium, Low, Info)
- Diagnostics — Native squiggly underlines visible in the Problems panel
- Context menu — Right-click on vulnerable code to view details or trigger AI fix
- Status bar — Live scan progress and result summary
- Code navigation — Click any vulnerability to jump to the exact line of code
CybeAgent — AI-Powered Fix
Click “Fix with CybeAgent” on any vulnerability. The AI agent receives the full vulnerability context — severity, CWE, OWASP classification, data flow, code snippet, and remediation guidance — then proposes a precise code fix that you review and apply.DeepFix — Automated Dependency Upgrades
Automatically resolves safe version upgrades for SCA vulnerabilities. Supports 9 package ecosystems: npm, Maven, pip/PyPI, Go, NuGet, Packagist, RubyGems, Cargo, and SwiftPM.Getting Started
Install
Search for “CybeDefend” in the VS Code Extensions view (
Ctrl+Shift+X / Cmd+Shift+X) and click Install.Alternatively, open Quick Open (Ctrl+P / Cmd+P) and run:Select Your Region
Open VS Code settings and set
cybedefend.region to eu (Europe — default) or us (United States) depending on your CybeDefend instance.Authenticate
Click the CybeDefend icon in the Activity Bar and click Login. Your browser opens for a secure OAuth 2.0 authentication flow. After completing login, you are redirected back to VS Code automatically.
Configure Project
Open your project folder. The extension guides you to select the corresponding CybeDefend Organization and Project. You can also use the command
CybeDefend: Update Project ID (Current Workspace).File Exclusion
Create a.cybedefend file at your project root to exclude files and directories from scans. It uses .gitignore syntax:
Common directories like
node_modules, .git, dist, build, venv, and __pycache__ are excluded by default.Settings
| Setting | Default | Description |
|---|---|---|
cybedefend.region | eu | Region (eu or us) — determines auth and API endpoints |
cybedefend.enableCodeActions | true | Show quick-fix code actions on vulnerabilities |
cybedefend.allowedCommands | ["git log", "git diff", "git show"] | Terminal commands the AI agent can run |
cybedefend.deniedCommands | [] | Blocked terminal commands |
cybedefend.commandExecutionTimeout | 0 | Command timeout in seconds (0 = no limit) |
cybedefend.apiRequestTimeout | 600 | API request timeout in seconds |
cybedefend.debug | false | Enable debug logging |
Vulnerability Management
You can update vulnerability status directly from VS Code:| Status | Meaning |
|---|---|
| To Verify | Needs triage (default) |
| Confirmed | Validated vulnerability |
| Not Exploitable | False positive |
| Resolved | Fixed |
| Ignored | Accepted risk |
Requirements
- VS Code 1.84.0 or later
- A CybeDefend account (create one here)
- Internet connection to the CybeDefend API
Related: JetBrains Plugin · Create Your Account · CybeDefend Ignore File