Visual Studio Code extension

Scan early, fix as you develop: elevate your security posture

Integrating security checks early in your development lifecycle helps you pass security reviews seamlessly and avoid expensive fixes down the line.

The Snyk Visual Studio Code extension allows you to analyze your code, open-source dependencies, and Infrastructure as Code (IaC) configurations. With actionable insights directly in your IDE, you can address issues as they arise.

Key features:

• In-line issue highlighting: Security issues are flagged directly within your code, categorized by type and severity for quick identification and resolution.

• Comprehensive scanning: The extension scans for a wide range of security issues, including:

  • Open Source Security: Detects vulnerabilities and license issues in both direct and transitive open-source dependencies. Automated fix suggestions simplify remediation. Explore more in the Snyk Open Source documentation.

  • Code Security: Identifies security vulnerabilities in your custom code. Explore more in the Snyk Code documentation.

  • IaC Security: Uncovers configuration issues in your Infrastructure as Code templates (Terraform, Kubernetes, CloudFormation, Azure Resource Manager). Explore more in the IaC documentation.

• Broad language and framework support: Snyk Open Source and Snyk Code cover a wide array of package managers, programming languages, and frameworks, with ongoing updates to support the latest technologies. For the most up-to-date information on supported languages, package managers, and frameworks, see the supported language technologies pages.

How to install and set up the extension

You can use the Snyk Visual Studio Code extension in the following environments:

• Linux: AMD64 and ARM64

• Windows: 386, AMD64, and ARM64

• macOS: AMD64 and ARM64

Snyk Visual Studio Code extension does not support remote and containerized environments:

• Visual Studio Code for the Web

• VS Code Remote Development

• Developing inside a Container

Install the plugin at any time free of charge from the Visual Studio Code marketplace and use it with any Snyk account, including a Free account. For more information, see the VS Code extension installation guide.

When the extension is installed, it automatically downloads the Snyk CLI, which includes the Language Server.

Continue by following the instructions in the other Visual Studio Code extension docs:

• Visual Studio Code extension configuration, environment variables, and proxy

• Authentication for Visual Studio Code extension

• Visual Studio Code Workspace trust

• Create a .dcignore file

• Run an analysis with Visual Studio Code extension

• View analysis results from Visual Studio Code extension

When the VS Code extension is installed for the first time, a modal will pop up asking users if they want to enable Secure at Inception capabilities via Snyk Studio. With Secure at Inception enabled, a file such as snyk_rules.mdc may be written to the directory.

For more information, see the Snyk Studio quickstart guides for Cursor, Windsurf, and Copilot.

Support

For troubleshooting and known issues, see Troubleshooting for Visual Studio Code extension.

If you need help, submit a request to Snyk Support.