We Built a VS Code Extension That Triple-Checks AI-Generated Code for Security Vulnerabilities

Source: Dev.to

How It Works

CodeVigil uses a three‑layer scanning approach:

• Regex pattern matching – catches common vulnerability signatures.
• AST structural analysis – understands code context and data flow.
• GitHub Copilot LLM verification – reasons about whether a finding is a real risk.

This triple‑check approach catches issues that single‑pass scanners miss. Findings appear as native VS Code diagnostics, just like TypeScript errors or ESLint warnings.

What You Get

• 100+ vulnerability patterns across 10 languages (JavaScript/TypeScript, Python, Java, C#, Go, PHP, Ruby, C/C++, Kotlin).
• Copilot Chat integration with @codevigil for natural‑language security questions.
• Local CVE database with 130,000+ known vulnerabilities for dependency scanning.
• Secret detection to catch hard‑coded API keys and credentials.
• Severity‑ranked diagnostics so you know what to fix first.

Zero Config

Install it and it works. No accounts, no API keys, no configuration files. CodeVigil detects your project’s languages and applies the right patterns automatically.

Try It

1. Search “CodeVigil” in the VS Code Extensions panel and click Install.
2. Open any project – scanning starts immediately.

The free tier covers everything listed above. A Pro tier with additional features like SARIF export and a security dashboard is coming soon.

We’d love your feedback. Try it out and let us know what you think.

• Marketplace:
• More info: