VS Code Extension
Real-time security scanning inside your editor
Installation
# Search "Fortly" in VS Code Extensions panel (Ctrl+Shift+X)# Or install from command line:code --install-extension fortly.fortly-security5 Modules
CodeLens
Inline annotations above functions with security issues. Click to see details and apply fixes. Shows vulnerability count and severity.
SecretWatcher
Detects hardcoded secrets as you type. Highlights API keys, tokens, passwords, and connection strings in real time with squiggly underlines.
FileScanner
SAST scanner with 24 rules for JS/TS, Python, Java, and Go. Runs on file save. Results appear in the Problems panel with severity levels.
Onboarding
Interactive wizard that walks you through setup: API key configuration, workspace scanning preferences, and git hook installation.
Telemetry
Optional anonymous usage telemetry to help improve the extension. Tracks scan counts, fix acceptance rates, and feature usage. Can be disabled in settings.
10 Commands
Access via Command Palette (Ctrl+Shift+P / Cmd+Shift+P)
| Command | Description |
|---|---|
| Fortly: Scan Workspace | Run full SAST + secrets scan on the entire workspace |
| Fortly: Scan Current File | Scan only the currently open file |
| Fortly: Fix All | Apply AI fixes to all vulnerabilities in the file |
| Fortly: Ignore Vulnerability | Add inline ignore comment for a specific finding |
| Fortly: Open Dashboard | Open the Fortly web dashboard in your browser |
| Fortly: Generate SBOM | Generate Software Bill of Materials for the workspace |
| Fortly: Show Onboarding | Launch the interactive setup wizard |
| Fortly: Show Report | Display the latest scan report in a webview panel |
| Fortly: Configure | Open extension settings (API key, preferences) |
| Fortly: Clear Diagnostics | Clear all security warnings from the editor |
Configuration
// VS Code settings.json{ // Enable real-time secrets detection (default: true) "fortly.secretsRealtime": true, // Show CodeLens annotations above functions (default: true) "fortly.codeLens": true, // Filter by minimum severity: "info" | "low" | "medium" | "high" | "critical" "fortly.severityFilter": "low", // Enable anonymous usage telemetry (default: true) "fortly.telemetry": true}What It Looks Like
Squiggly Lines by Severity
Critical and high severity issues show red squiggly underlines. Medium shows yellow. Low and info show blue. Hover to see vulnerability details and CWE reference.
CodeLens Above Functions
Inline text appears above functions that have security issues: "2 vulnerabilities (1 high, 1 medium)". Click to jump to the Issues panel with filtered results.
Tree View in Sidebar
A dedicated "Fortly Security" panel in the sidebar shows all findings grouped by file and severity. Expand each finding to see details, affected line, and one-click fix.
AI Quick Fix Lightbulb
The yellow lightbulb icon appears next to vulnerable code. Click it to see AI-generated fix suggestions. Preview the diff before applying. Works for XSS, SQLi, path traversal, and more.