> ## Documentation Index
> Fetch the complete documentation index at: https://zeropath.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# VS Code Extension
> Browse vulnerabilities, view scan results, and apply fixes directly in Visual Studio Code
## Overview
The ZeroPath Security extension integrates the ZeroPath platform directly into VS Code. View security scans, browse vulnerabilities, and apply AI-generated patches without leaving your development environment.
## Installation
In VS Code, press `Ctrl+Shift+X` (Windows/Linux) or `Cmd+Shift+X` (macOS).
Search for **"ZeroPath Security"** and click **Install**.
Click the ZeroPath icon in the Activity Bar (left sidebar) to open the setup panel.
### Prerequisites
* VS Code version **1.74.0** or higher
* **Git** installed and on your `PATH`
* Your workspace must be a **Git repository** with a remote named `origin`
* The `origin` remote URL must match a repository that has been added to and scanned by ZeroPath
* A **ZeroPath account** with API credentials (obtain from [Settings → API Tokens](https://zeropath.com/app/settings/api))
## Authentication
1. Click the **ZeroPath icon** in the Activity Bar (left sidebar).
2. Click **"Configure Credentials"** in the welcome screen.
3. Enter your **API Token ID** and **API Token Secret** (from the ZeroPath dashboard under Settings → API Tokens).
4. Select your **VCS provider** (GitHub, GitLab, Bitbucket, or Generic).
Credentials are stored securely in **VS Code's Secret Storage** (OS-level encrypted storage — Keychain on macOS, Credential Manager on Windows, libsecret on Linux). They are never written to `settings.json`.
The extension automatically detects your organization from your API token and matches your workspace to the corresponding ZeroPath repository using your Git remote URL.
## Sidebar
The extension adds a dedicated sidebar panel accessible via the ZeroPath icon in the Activity Bar.
### Scans Section
* View the **5 most recent scans** for your repository
* Filter by scan type: **Full Scans**, **PR Scans**, or **Both**
* Each scan shows:
* Status badge (completed, running, failed)
* Open issue count
* Scan type and timestamp
* Click a scan to load its associated issues
### Issues Section
* **Search** issues by title, description, file, vulnerability class, or severity
* Issues sorted by priority score, then severity, then confidence
* Each issue shows:
* Title, severity badge (color-coded), and status
* Affected file and line number
* Patch availability indicator
* Expand any issue to see:
* Full description and remediation guidance
* Score, severity, confidence, CWEs
* Affected code snippet
* Patch diff (if available)
* Link to the ZeroPath dashboard
### Severity Colors
| Level | Color |
| -------- | ------ |
| Critical | Red |
| High | Orange |
| Medium | Yellow |
| Low | Green |
| Info | Blue |
## Commands
All commands are accessible via the **Command Palette** (`Cmd/Ctrl+Shift+P`):
| Command | Description |
| ---------------------------------------------- | ------------------------------------------- |
| `Zeropath: Configure` | Set up or update your API credentials |
| `Zeropath: Configure Zeropath Credentials` | Update API tokens and VCS provider |
| `Zeropath: List Zeropath Scans (Current Repo)` | Browse scans via Command Palette picker |
| `Zeropath: Show Zeropath Issues (Active)` | View open issues for the current repository |
| `Zeropath: Apply Zeropath Patch for Issue` | Paste and apply a raw git diff |
| `Zeropath: View Scans` | Open the sidebar scan view |
## Applying Patches
The extension supports three patch workflows:
When a finding has an AI-generated patch, the expanded issue view shows an **"Apply This Patch"** button alongside a syntax-highlighted diff preview. Clicking it applies the patch locally via `git apply`.
If a fix PR has been created on your repository, the issue shows a **"View PR"** button that opens the pull request in your browser for collaborative review.
Use `Zeropath: Apply Zeropath Patch for Issue` from the Command Palette to paste a raw `git diff` and apply it to your workspace. Useful for patches copied from the ZeroPath dashboard.
For issues without an existing patch, click **"Request Patch"** in the sidebar. ZeroPath will generate a fix server-side, and the sidebar will update when the patch is ready.
## Configuration
Configure the extension through VS Code Settings (`Cmd/Ctrl+,`):
| Setting | Default | Description |
| -------------------------- | ---------------------- | ---------------------------------------------------- |
| `zeropath.vcs` | `github` | VCS provider (github, gitlab, bitbucket, generic) |
| `zeropath.apiBaseUrl` | `https://zeropath.com` | API base URL (change for enterprise deployments) |
| `zeropath.organizationId` | Auto-detected | Organization ID (auto-populated from your API token) |
| `zeropath.defaultScanType` | `FullScan` | Default scan type filter (FullScan or PrScan) |
## Troubleshooting
Ensure you have a folder open in VS Code with an initialized `.git` directory.
Verify your repository has a remote origin: run `git remote -v`.
Check your API credentials are correct and your token has access to at least one organization. Set `zeropath.organizationId` manually in settings if auto-detection fails.
Ensure you have no uncommitted changes that conflict with the patch. Try pulling the latest changes first.