VS Code Extension

The Oculum VS Code extension brings real-time security scanning directly into your editor. Get instant feedback as you code, with inline diagnostics and quick fixes.

Installation

From VS Code Marketplace

1. Open VS Code
2. Go to Extensions (Cmd/Ctrl+Shift+X)
3. Search for "Oculum"
4. Click Install

From Command Line

code --install-extension oculum.oculum

---

Features

Real-Time Scanning

Scan files as you edit with instant feedback:

• Scan on Save — Automatically scan when you save
• Manual Scan — Scan the current file on demand
• Workspace Scan — Scan your entire project

Inline Diagnostics

See security issues directly in your code:

• Squiggly underlines on vulnerable code
• Hover for details and remediation
• Quick fix actions
• Problems panel integration

Three Scan Depths

---

Commands

Access commands via Command Palette (Cmd/Ctrl+Shift+P):

---

Configuration

Configure the extension in VS Code Settings (Cmd/Ctrl+,):

settings.json Example

{
  "oculum.scanDepth": "verified",
  "oculum.autoScanOnSave": true,
  "oculum.severityThreshold": "medium",
  "oculum.failOn": "high"
}

---

Authentication

For verified and deep scans, you need to authenticate.

Set API Key

1. Open Command Palette (Cmd/Ctrl+Shift+P)
2. Run "Oculum: Set API Key"
3. Enter your API key from Dashboard Settings

API keys are stored securely in VS Code's Secret Storage.

Verify API Key

Run "Oculum: Verify API Key" to check your authentication status.

---

Status Bar

The Oculum status bar shows:

• Current state — Idle, scanning, or error
• Subscription tier — Free, Starter, Pro, or Max
• Issue count — Quick view of findings

Click the status bar for quick actions.

---

Findings Panel

The Findings panel (Activity Bar → Oculum icon) shows:

• Findings grouped by file
• Severity badges
• Click to navigate to code
• Expand for details

Finding Details

Each finding shows:

• Severity — Critical, High, Medium, Low, Info
• Title — What was found
• Location — File and line
• Description — Why it's a problem
• Remediation — How to fix it

---

Quick Fixes

Click the lightbulb or press Cmd/Ctrl+. on a finding for quick actions:

• View Details — See full finding information
• View Suggested Fix — See remediation guidance
• Add Ignore Comment — Suppress this finding
• Copy to Clipboard — Copy finding details
• Learn More — Open documentation for this rule

---

Pre-Commit Scanning

Scan staged files before committing:

1. Stage your changes: git add .
2. Run "Oculum: Scan Before Commit"
3. Review any findings
4. Commit when clear

Block Commits on Issues

Configure failOn to block commits with high-severity issues:

{
  "oculum.failOn": "high"
}

---

Severity Mapping

Oculum severities map to VS Code diagnostics:

---

Project Configuration

For project-specific settings, create oculum.config.json:

{
  "depth": "verified",
  "failOn": "high",
  "ignore": [
    "**/test/**",
    "**/vendor/**"
  ]
}

The extension respects this configuration.

---

Supported Languages

• JavaScript / TypeScript (JSX/TSX)
• Python
• Go
• Java
• Ruby
• PHP
• YAML / JSON
• Dockerfile

---

Troubleshooting

Extension Not Working

1. Check the Output panel (View → Output → Oculum)
2. Verify API key: "Oculum: Verify API Key"
3. Check network connectivity

No Findings Shown

1. Verify the file type is supported
2. Check severity threshold setting
3. Try running "Oculum: Scan Current File"

Authentication Errors

1. Run "Oculum: Clear API Key"
2. Run "Oculum: Set API Key" with a fresh key
3. Verify key at Dashboard Settings

---

Related

• Scan Depths — Understanding local vs verified vs deep
• AI Assistants — Cursor, Windsurf, Claude Code
• Configuration — Full config reference