Overview
The ZeroPath Security extension integrates the ZeroPath platform directly into VS Code. View security scans, browse vulnerabilities, and apply AI-generated patches without leaving your development environment.Installation
Prerequisites
- VS Code version 1.74.0 or higher
- Git installed and on your
PATH - Your workspace must be a Git repository with a remote named
origin - The
originremote URL must match a repository that has been added to and scanned by ZeroPath - A ZeroPath account with API credentials (obtain from Settings → API Tokens)
Authentication
- Click the ZeroPath icon in the Activity Bar (left sidebar).
- Click “Configure Credentials” in the welcome screen.
- Enter your API Token ID and API Token Secret (from the ZeroPath dashboard under Settings → API Tokens).
- Select your VCS provider (GitHub, GitLab, Bitbucket, or Generic).
settings.json.
The extension automatically detects your organization from your API token and matches your workspace to the corresponding ZeroPath repository using your Git remote URL.
Sidebar
The extension adds a dedicated sidebar panel accessible via the ZeroPath icon in the Activity Bar.Scans Section
- View the 5 most recent scans for your repository
- Filter by scan type: Full Scans, PR Scans, or Both
- Each scan shows:
- Status badge (completed, running, failed)
- Open issue count
- Scan type and timestamp
- Click a scan to load its associated issues
Issues Section
- Search issues by title, description, file, vulnerability class, or severity
- Issues sorted by priority score, then severity, then confidence
- Each issue shows:
- Title, severity badge (color-coded), and status
- Affected file and line number
- Patch availability indicator
- Expand any issue to see:
- Full description and remediation guidance
- Score, severity, confidence, CWEs
- Affected code snippet
- Patch diff (if available)
- Link to the ZeroPath dashboard
Severity Colors
| Level | Color |
|---|---|
| Critical | Red |
| High | Orange |
| Medium | Yellow |
| Low | Green |
| Info | Blue |
Commands
All commands are accessible via the Command Palette (Cmd/Ctrl+Shift+P):
| Command | Description |
|---|---|
Zeropath: Configure | Set up or update your API credentials |
Zeropath: Configure Zeropath Credentials | Update API tokens and VCS provider |
Zeropath: List Zeropath Scans (Current Repo) | Browse scans via Command Palette picker |
Zeropath: Show Zeropath Issues (Active) | View open issues for the current repository |
Zeropath: Apply Zeropath Patch for Issue | Paste and apply a raw git diff |
Zeropath: View Scans | Open the sidebar scan view |
Applying Patches
The extension supports three patch workflows:- One-Click Apply
- Open PR
- Manual Apply
When a finding has an AI-generated patch, the expanded issue view shows an “Apply This Patch” button alongside a syntax-highlighted diff preview. Clicking it applies the patch locally via
git apply.Configuration
Configure the extension through VS Code Settings (Cmd/Ctrl+,):
| Setting | Default | Description |
|---|---|---|
zeropath.vcs | github | VCS provider (github, gitlab, bitbucket, generic) |
zeropath.apiBaseUrl | https://zeropath.com | API base URL (change for enterprise deployments) |
zeropath.organizationId | Auto-detected | Organization ID (auto-populated from your API token) |
zeropath.defaultScanType | FullScan | Default scan type filter (FullScan or PrScan) |
Troubleshooting
"No workspace folder found"
"No workspace folder found"
Ensure you have a folder open in VS Code with an initialized
.git directory."Could not determine git remote URL"
"Could not determine git remote URL"
Verify your repository has a remote origin: run
git remote -v."ZeroPath organization not found"
"ZeroPath organization not found"
Check your API credentials are correct and your token has access to at least one organization. Set
zeropath.organizationId manually in settings if auto-detection fails."Failed to apply patch"
"Failed to apply patch"
Ensure you have no uncommitted changes that conflict with the patch. Try pulling the latest changes first.