Shift all the way Left: S4’s new VS Code Plugin

VS Code with Logos

Find & Fix Vulnerabilities While Coding in your favorite IDE

If you are reading this blog, there’s a strong chance that you are interested in perfecting your DevOps practice by integrating security automation into your SDLC (software development life cycle) and CI/CD pipeline. At DigitSec, our mission is to empower organizations to secure their SaaS data and sensitive information.  We are leading with the idea that DevSecOps must be an integral component of that innovation cycle starting in the IDE.

Our new VS Code Plugin is now available!  Check out the exciting demo video above!

S4’s new VS Code Plugin is a giant step forward in bringing the power of S4 directly into developers’ favorite IDE. Our previous integration gave VS Code and IntelliJ developers the ability to run scans on local files or remote repositories via command line.

Today, our new plugin can be found in Microsoft’s VS Code Extension Marketplace and integrates directly into the Command Palette. But the most important improvement is that vulnerability findings are now surfaced under the Problems pane, allowing developers to quickly position their cursor in the file and on the line number of the vulnerability with one click. Additionally, we push the guidance and remediation steps for a scan directly to the output pane.

Key functions of the new plug-in:

  • Login to S4 – Enter your S4 credentials and your S4 Org ID to associate your project with a particular Salesforce Org in your S4 account. The system automatically generates a file in your project root that will handle authentication and associating your scan reports with the appropriate Org.
  • Run Security Scan – Run a scan on all the code in your repository by using the Command Palette. It’s no longer necessary to switch to the terminal interface or the website to run a scan on your local files and VS Code surfaces progress and status through notification messages.
  • Security Scan Open File – When Developers focus on one file, there’s no need to scan the entire project. This command option allows them to run S4’s scan directly on the file they’ve been working with all day. It’s extremely fast and efficient and allows them to focus their time and attention on making sure that one file is bulletproof.
  • Extension Setting “Scan on Save” – Now, hitting Control-S to save code can also kick off an S4 Security Scan. If it’s not done until it’s secure, now developers can see any potential vulnerability counts grouped by severity before they close-out.
  • Leveraging the VS Code Interface – File Explorer, Editor Workspace, and Data Panels all come together to provide the developer with insight from S4 on their projects. They can quickly integrate their projects to different S4 Orgs and can easily run scans across different work sessions without ever needing to re-authenticate. The Problems panel parses scan findings to drive the editor window quickly to put the vulnerability into direct developer focus. The Output panel delivers a targeted how-to roadmap on how to resolve every finding. Each identified Issue has a unique ID that correlates across panels.

We’ve prepared a short video above that gives you a fast overview of the new functionality. Even better, download the extension from the Microsoft VS Code marketplace today and connect to your S4 account, or a trial account and see how quickly you can start remediating your security vulnerabilities.exciting

Phil Lepanto

Phil Lepanto

Phil Lepanto leads DigitSec's Customer Success Team. His goal is to help developers, administrators and executives to be proactive and engaged on preventing, identifying and remediating security vulnerabilities on SaaS platforms. He is currently lives in Seattle, WA and is formerly of Washington, DC.


DigitSec brings four scans to protect Salesforce: Source Code Analysis, Custom Runtime Testing, Software Composition Analysis, & Cloud Security Configuration Review. #DevOps

Recent Posts

Sign up for our Newsletter

Get security tips sent to your inbox.

Sign up to get updates and security insights from DigitSec