← All Docs

Pro Features

Unlock advanced security scanning with CodeVigil Pro.

Overview

CodeVigil Pro extends the free extension with advanced features for professional developers and teams. Pro is available as a monthly subscription ($4.99/mo), annual subscription ($39/yr), or a one-time lifetime license ($99).

All core scanning features (100+ vulnerability patterns across 10 languages, the local CVE database, triple-check scanning, real-time diagnostics, and Copilot Chat integration) remain free. Pro adds features for developers who want deeper insights, team workflows, and CI/CD integration.

Activating Your License

Purchase

Visit the CodeVigil pricing page or the VS Code Marketplace listing to purchase a Pro license. After payment, you will receive a license key via email.

Activation

There are two ways to activate your license:

Via Command Palette:

  1. Press Ctrl+Shift+P / Cmd+Shift+P
  2. Type CodeVigil: Activate Pro License
  3. Paste your license key and press Enter

Via Settings:

{
  "codeVigil.pro.licenseKey": "CV-PRO-XXXX-XXXX-XXXX-XXXX"
}

Once activated, Pro features are available immediately. The license is validated locally and does not require an internet connection after initial activation.

License Management

  • Monthly/Annual: Your license is tied to your email address and can be used on up to 3 machines simultaneously
  • Lifetime: Same as above, with no expiration date
  • Deactivation: Run CodeVigil: Deactivate Pro License from the command palette to remove the license from a machine

Security Dashboard

The security dashboard provides a comprehensive overview of your project's security posture.

Opening the Dashboard

  • Click the CodeVigil icon in the VS Code sidebar
  • Or run CodeVigil: Show Dashboard from the command palette

Dashboard Panels

Security Score: A 0-100 score based on the number and severity of open findings relative to your codebase size. The score updates in real-time as you fix vulnerabilities.

Findings Over Time: A chart showing how the number of open findings has changed over the past 30 days. Tracks Critical, High, Medium, and Low findings separately.

Top Vulnerability Types: A breakdown of the most common vulnerability types in your project, helping you identify patterns in your code that need attention.

Language Breakdown: Shows which languages in your project have the most findings, helping you prioritize code review efforts.

Recent Activity: A timeline of recently introduced and fixed findings, showing your security improvement trend.

SARIF Export

SARIF (Static Analysis Results Interchange Format) is an OASIS standard for the output of static analysis tools. CodeVigil Pro can export findings in SARIF format for integration with CI/CD pipelines and other security tools.

Automatic Export

Enable automatic SARIF export in your settings:

{
  "codeVigil.pro.sarifExport": true,
  "codeVigil.pro.sarifPath": ".codevigil/results.sarif"
}

When enabled, CodeVigil writes a SARIF file after every workspace scan. The file is updated incrementally as you fix issues.

Manual Export

Run CodeVigil: Export SARIF from the command palette to generate a SARIF file on demand.

CI/CD Integration

The SARIF export integrates with popular CI/CD platforms:

GitHub Actions:

- name: Upload SARIF
  uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: .codevigil/results.sarif

Azure DevOps:

SARIF files can be published as build artifacts and viewed in the Azure DevOps Security tab.

GitLab CI:

security_scan:
  artifacts:
    reports:
      sast: .codevigil/results.sarif

Priority Pattern Updates

Pro subscribers receive new vulnerability patterns before they are released to the free tier. When a new high-profile vulnerability is disclosed (like Log4Shell or Spring4Shell), we create detection patterns and push them to Pro users within 48 hours.

Pattern updates are delivered automatically through VS Code's extension update mechanism. No manual action is required.

Team Features

Shared Configuration

Pro enables project-level CodeVigil configuration that can be committed to version control:

// .codevigil/config.json
{
  "minimumSeverity": "medium",
  "excludePatterns": ["**/test/**", "**/migrations/**"],
  "requiredPatterns": ["sql-injection", "xss", "command-injection"],
  "blockCommitOnCritical": true
}

When this file is present in a repository, all team members using CodeVigil will share the same configuration.

Pre-Commit Hook

CodeVigil Pro can install a Git pre-commit hook that blocks commits containing Critical or High severity findings:

  1. Run CodeVigil: Install Pre-Commit Hook from the command palette
  2. The hook will run a quick scan before each commit
  3. If Critical findings are detected, the commit is blocked with a list of findings

Baseline File

For existing projects with known issues, you can create a baseline that suppresses existing findings:

  1. Run CodeVigil: Create Baseline from the command palette
  2. This creates .codevigil/baseline.json with all current findings
  3. Only new findings (introduced after the baseline) will be shown as diagnostics

This lets teams adopt CodeVigil gradually without being overwhelmed by existing technical debt.

Comparison: Free vs Pro

Free (included with CodeVigil):

  • 100+ vulnerability patterns across 10 languages
  • Real-time scanning in VS Code
  • Local CVE database with 130,000+ entries
  • Copilot Chat integration
  • Severity-ranked diagnostics
  • Quick Fix suggestions

Pro ($4.99/mo, $39/yr, or $99 lifetime):

  • Everything in Free
  • Security dashboard with trends and scoring
  • SARIF export for CI/CD integration
  • Priority pattern updates (48-hour SLA)
  • Shared team configuration
  • Pre-commit hook integration
  • Baseline file for gradual adoption
  • Priority email support