Install the VS Code extension | Fluid Attacks Help

Install the VS Code extension

NotesFluid Attacks' VS Code plugin, along with our entire suite of local tools and extensions, is available free of charge.
Enhance your development workflow with the Fluid Attacks extension for Visual Studio Code (VS Code). This powerful tool helps you identify and address vulnerabilities without leaving the IDE.
These are the key features of this plugin:
  1. View the specific files and lines of code with reported vulnerabilities.
  2. Access detailed documentation on your code's vulnerabilities.
  3. Accept vulnerabilities temporarily.
  4. Leverage Claude Sonnet's AI model to generate custom guides for fixing vulnerabilities or fix vulnerabilities automatically.
  5. Request reattacks.

To learn about these features, read View vulnerable lines, use fix options and more.

Idea
Have questions about Fluid Attacks' use of gen AI for remediation? Read the FAQ.

    Download the extension

    To download the extension, follow these steps:
    1. Open VS Code.

    2. Access the extensions view.

      3. Open extensions on VS Code to search Fluid Attacks

    3. Type Fluid Attacks in the search bar.

    4. Locate the extension and click on Install.

      5. Download the Fluid Attacks VS Code extension

    Connect VS Code with the Fluid Attacks platform

    Configuring the extension requires a valid API token. Generate one before proceeding with the steps below.

    After downloading the extension, you need to configure it to connect the Fluid Attacks platform with VS Code. This can be done in two ways:
    1. Within the extension
    2. Using the terminal

    Configure within the extension

    1. Click the Fluid Attacks extension icon in the VS Code activity bar.

      2. Open the Fluid Attacks VS Code extension

    2. Click Add token.

      3. Add API token on the Fluid Attacks VS Code extension

    3. Paste your API token and press Enter.

      4. Install the Fluid Attacks VS Code extension

    4. Click the Refresh button to apply the changes.

    Configure using the terminal

    1. Open the terminal in VS Code.

    2. Use the following command to set the FLUID_API_TOKEN environment variable with your API token:

      3. export FLUID_API_TOKEN=“your_token”

    Verify successful installation

    The extension analyzes the files you provide as input, so ensure you include all relevant files for comprehensive vulnerability management.
    Once you have the VS Code extension set up, verify that it functions correctly:
    1. Open the base folder of your Git repository in VS Code.

    2. Ensure the base folder's name matches the repository nickname or that the remote URL is set for the local repository.

    3. You should see the Fluid Attacks extension icon in the IDE's activity bar and red dots on files with identified vulnerabilities. This confirms successful configuration.

      4. Extension activation on VS Code

    Note on Git repositoryNote: Some extension features require Git history. Ensure your project is a Git repository cloned using Git.

    Troubleshooting

    If the Fluid Attacks VS Code extension does not function correctly, try the troubleshooting steps.

    Telemetry

    The Fluid Attacks extension collects error data, which Fluid Attacks analyzes to improve functionality and performance. This data collection respects your VS Code telemetry settings. To opt out, you can disable VS Code's telemetry.