← All Docs

Configuration

Customize CodeVigil settings to fit your workflow.

Settings Overview

CodeVigil works out of the box with sensible defaults. All settings can be customized through VS Code's settings UI (Ctrl+, / Cmd+,) or by editing your settings.json directly.

All settings use the codeVigil. prefix.

Scanning Settings

codeVigil.enabled

  • Type: boolean
  • Default: true
  • Description: Enable or disable CodeVigil scanning globally. When disabled, no diagnostics will be shown and no background scanning will occur.
{
  "codeVigil.enabled": true
}

codeVigil.scanOnOpen

  • Type: boolean
  • Default: true
  • Description: Automatically scan files when they are opened. When disabled, files will only be scanned when edited or when a manual scan is triggered.

codeVigil.scanOnSave

  • Type: boolean
  • Default: true
  • Description: Automatically scan files when they are saved. This is useful if you prefer not to see diagnostics while actively editing.

codeVigil.scanOnType

  • Type: boolean
  • Default: true
  • Description: Scan files in real-time as you type. This provides the fastest feedback but uses more CPU. Set to false if you experience performance issues on large files.

codeVigil.scanDelay

  • Type: number
  • Default: 500
  • Description: Delay in milliseconds before scanning after a change (when scanOnType is enabled). Increase this value on slower machines to reduce CPU usage.
{
  "codeVigil.scanDelay": 1000
}

Severity Settings

codeVigil.minimumSeverity

  • Type: string
  • Default: "low"
  • Options: "critical", "high", "medium", "low"
  • Description: The minimum severity level to report. Set to "high" to only see Critical and High findings, or "medium" to filter out informational Low findings.
{
  "codeVigil.minimumSeverity": "medium"
}

codeVigil.severityAsError

  • Type: string
  • Default: "high"
  • Options: "critical", "high", "medium", "low"
  • Description: Findings at this severity or above will be shown as errors (red underline) in VS Code. Findings below this level are shown as warnings (yellow) or information (blue).

Language Settings

codeVigil.languages

  • Type: array of strings
  • Default: [] (all languages enabled)
  • Description: Limit scanning to specific languages. When empty, CodeVigil auto-detects and scans all supported languages. Use language identifiers like "javascript", "python", "java", etc.
{
  "codeVigil.languages": ["javascript", "typescript", "python"]
}

codeVigil.excludePatterns

  • Type: array of strings
  • Default: ["/node_modules/", "/dist/", "/build/", "/.git/"]
  • Description: Glob patterns for files and directories to exclude from scanning. These are in addition to files excluded by your .gitignore.
{
  "codeVigil.excludePatterns": [
    "**/node_modules/**",
    "**/dist/**",
    "**/vendor/**",
    "**/*.test.ts"
  ]
}

CVE Database Settings

codeVigil.cveDatabase.enabled

  • Type: boolean
  • Default: true
  • Description: Enable or disable the local CVE database. When enabled, CodeVigil maintains a local database of known CVEs for dependency checking.

codeVigil.cveDatabase.autoSync

  • Type: boolean
  • Default: true
  • Description: Automatically sync the CVE database in the background when an internet connection is available. Syncs are incremental and bandwidth-friendly.

codeVigil.cveDatabase.syncInterval

  • Type: number
  • Default: 24
  • Description: Hours between automatic CVE database syncs. The default of 24 means the database checks for updates once per day.
{
  "codeVigil.cveDatabase.syncInterval": 12
}

Display Settings

codeVigil.showInlineHints

  • Type: boolean
  • Default: true
  • Description: Show inline hints (decorations) next to vulnerable lines with a brief description of the finding.

codeVigil.showCodelens

  • Type: boolean
  • Default: false
  • Description: Show CodeLens actions above functions and classes with security findings. Enables one-click navigation to fix suggestions.

codeVigil.diagnosticTag

  • Type: boolean
  • Default: true
  • Description: Prefix all diagnostic messages with [CodeVigil] to distinguish them from other extensions' diagnostics.

Pro Settings

These settings are only available with a CodeVigil Pro license.

codeVigil.pro.licenseKey

  • Type: string
  • Default: ""
  • Description: Your CodeVigil Pro license key. Enter your key here to activate Pro features. You can also activate through the command palette: CodeVigil: Activate Pro License.

codeVigil.pro.dashboard

  • Type: boolean
  • Default: true
  • Description: Enable the CodeVigil security dashboard, which shows historical trends, finding statistics, and security score over time.

codeVigil.pro.sarifExport

  • Type: boolean
  • Default: false
  • Description: Automatically export scan results in SARIF format to the .codevigil/ directory in your project root. Useful for CI/CD integration.

codeVigil.pro.sarifPath

  • Type: string
  • Default: ".codevigil/results.sarif"
  • Description: Path for SARIF export output, relative to the workspace root.

Workspace vs User Settings

CodeVigil settings can be configured at both the User level (global) and Workspace level (per-project). Workspace settings take precedence over User settings.

This is particularly useful for:

  • Enabling specific languages per project
  • Setting different exclude patterns for different repositories
  • Adjusting severity thresholds based on project maturity

Command Palette Commands

In addition to settings, CodeVigil provides several commands accessible via the Command Palette (Ctrl+Shift+P / Cmd+Shift+P):

  • CodeVigil: Scan Current File: Manually trigger a scan of the active file
  • CodeVigil: Scan Workspace: Scan all files in the current workspace
  • CodeVigil: Sync CVE Database: Manually trigger a CVE database update
  • CodeVigil: Show Dashboard: Open the security dashboard (Pro)
  • CodeVigil: Export SARIF: Export current findings as SARIF (Pro)
  • CodeVigil: Activate Pro License: Enter your Pro license key
  • CodeVigil: Show Output Log: Open the CodeVigil output channel for debugging