Install the VS Code extension | Fluid Attacks Help

Install the VS Code extension

Fluid Attacks has a powerful extension for the Visual Studio Code (VScode) editor. With this extension, you can see reported vulnerabilities in the platform by pointing you to the specific file and line of code where the vulnerability was reported and redirect you to criteria documentation. Also, in this plugin, you can see how to fix reported vulnerabilities in your code, getting customized fixes or solutions for these with the two features of our plugin that work with GPT-4 called Custom fix and Autofix.

Remember that depending on the files you have as analysis input, these are the ones that will reflect this information.

Download the extension

To download the extension, navigate to the extensions section on VS Code and search for Fluid Attacks in the search bar.

Find extension on VS Code

Configure the editor with Fluid Attacks platform

After downloading the extension, you must configure the connectivity between the editor and the platform. This can be done in two ways.

The first way is to add the token through the extension icon by clicking on it.

Fluid Attacks icon on VS Code

A window will open where you can enter your API TOKEN. Select the Add token button to add it.

Adding token on VS Code

A box will appear at the top. Enter your token and press Enter to add it, or press Escape to cancel.

Adding token box on VS Code

Remember that you will be prompted to refresh for the changes to be applied. Click on Reload button.

After refreshing the changes, you'll have the configuration ready.

Now the second way to add the token is by exporting the variable. You go to the terminal and create the following variable:

export FLUID_API_TOKEN= “your token”

After that, you added the token and established the connection.

Once you have the extension and the configuration set up, open the editor in the base folder of your repository. Make sure that either the base folder's name is also the repository nickname or the remote URL for the local repository is set. To be sure that the extension was successfully configured you should see the symbol extension and also notice the files with red dots, indicating that they contain vulnerabilities.

Extension activation on VS Code

Note on Git repositoryNote: For certain functions, the extension relies on the Git history, requiring a repository cloned with Git.


In order to improve the extension we are constantly collecting and analyzing errors in order to enhance our product and service, so that we can make improvements and optimize its performance. Remember this extension respects the VS Code telemetry setting, meaning you can opt-out by disabling VSCode's telemetry as shown here.