← All Docs

Getting Started

Install CodeVigil and run your first security scan in under a minute.

Installation

CodeVigil is available on the VS Code Marketplace. There are three ways to install it:

From the Marketplace

  1. Open VS Code
  2. Click the Extensions icon in the sidebar (or press Ctrl+Shift+X / Cmd+Shift+X)
  3. Search for CodeVigil
  4. Click Install

From the Command Line

code --install-extension BitsPlus.codevigil

From the VS Code Quick Open

Press Ctrl+P / Cmd+P and paste:

ext install BitsPlus.codevigil

Once installed, CodeVigil activates automatically. There is no configuration required to start scanning.

Your First Scan

CodeVigil scans files automatically when you open or edit them. To see it in action:

  1. Open any project in VS Code
  2. Open a source file in a supported language (JavaScript, TypeScript, Python, Java, Go, etc.)
  3. CodeVigil will analyze the file and show any findings as inline diagnostics

Vulnerabilities appear as squiggly underlines in your editor, just like TypeScript errors or ESLint warnings. The color indicates severity:

  • Red: Critical or High severity
  • Yellow: Medium severity
  • Green: Low severity (informational)

Hover for Details

Hover over any highlighted vulnerability to see:

  • The vulnerability type (e.g., "SQL Injection")
  • The OWASP category (e.g., "A03: Injection")
  • A severity rating (Critical, High, Medium, or Low)
  • A brief explanation of the risk
  • A suggested fix

Quick Fix Actions

For many vulnerability patterns, CodeVigil provides Quick Fix actions. Click the lightbulb icon (or press Ctrl+. / Cmd+.) on a finding to see available fixes.

Using Copilot Chat Integration

If you have GitHub Copilot Chat installed, you can interact with CodeVigil through natural language:

  1. Open the Copilot Chat panel (Ctrl+Shift+I / Cmd+Shift+I)
  2. Type @codevigil followed by your question

Example Queries

  • @codevigil Is this function secure?: Analyzes the function at your cursor position
  • @codevigil Scan this file for vulnerabilities: Runs a full scan on the current file
  • @codevigil What OWASP category is this?: Identifies the OWASP Top 10 category for a highlighted finding
  • @codevigil How do I fix this SQL injection?: Provides a detailed fix with code examples
  • @codevigil Explain CVE-2024-1234: Looks up a specific CVE in the local database

Using with Other AI Assistants (MCP)

CodeVigil includes a built-in MCP (Model Context Protocol) server that works with any MCP-compatible AI assistant, including Cursor, Claude Code, and Windsurf. This means you can scan code, explain findings, and get fix suggestions from whichever AI assistant you prefer.

To get started, point your AI assistant's MCP configuration at CodeVigil's server. See the full MCP Integration guide for setup instructions and example prompts for each assistant.

Understanding the Problems Panel

All CodeVigil findings also appear in VS Code's Problems panel (Ctrl+Shift+M / Cmd+Shift+M). Findings are prefixed with [CodeVigil] and sorted by severity.

You can filter the Problems panel to show only CodeVigil findings by typing "CodeVigil" in the filter box.

Status Bar

The CodeVigil status bar item (bottom of VS Code) shows:

  • A shield icon with the current scan status
  • The number of open findings in the current file
  • Click to open the CodeVigil output panel for detailed scan logs

Next Steps

  • Read the Configuration guide to customize CodeVigil's behavior
  • Browse the Supported Languages page to see all detection patterns
  • Learn about the CVE Database and how local dependency scanning works
  • Upgrade to Pro for advanced features like SARIF export and the security dashboard