Secure your code with the power of Google's Gemini-Pro LLM!
CodeSecGPT-Enterprise is a VSCode extension that leverages the advanced capabilities of Google's Gemini-Pro language model to help you identify and fix security vulnerabilities in your code. With its intuitive interface and seamless integration, CodeSecGPT-Enterprise empowers you to write more secure code and streamline your development workflow.
-
AI-powered vulnerability detection: CodeSecGPT-Enterprise analyzes your code using Gemini-Pro, pinpointing potential security issues based on its vast knowledge of code patterns and common vulnerabilities.
-
Actionable suggestions: CodeSecGPT-Enterprise doesn't just highlight vulnerabilities; it provides tailored suggestions for fixing them, guiding you towards more secure coding practices.
-
Seamless integration: CodeSecGPT-Enterprise works directly within your VSCode environment, offering real-time feedback as you code.
-
Customization options: You can fine-tune the extension's behavior to match your specific coding style and preferences.
-
Change logging: All code modifications suggested by CodeSecGPT-Enterprise and applied by the user are automatically logged for traceability and audit purposes.
- Visual Studio Code: Ensure you have the latest version of VSCode installed.
- Gemini API access: You'll need an Gemini API key to enable communication with the Gemini-Pro model.
Prerequisites:
- Node.js, npm, and TypeScript installed on your system.
- Change the Google Gemini API Keys to your own in the source code.
- Visual Studio Code or Visual Studio Code Insider on system.
Steps:
-
Clone the repository:
git clone https://github.com/riftsandroses/CodeSecGPT
-
Navigate to the project directory:
cd CodeSecGPT -
Install dependencies:
npm install
-
Build the VSIX package:
tsc -p . && vsce package
-
Install the VSIX package:
- Open the VSCode Extensions view (Ctrl+Shift+X or Cmd+Shift+X on macOS).
- Click the three dots (...) in the top right corner and select "Install from VSIX...".
- Select the VSIX file you created in step 4.
Step-1: Open your code file in VSCode.
Step-2: Select the line(s) of code that you want to fix.
Step-3: Right click the selected line(s) of code. A menu with various options will appear.
Step-4: Click on the option that says "Fix using CodeSecGPT"
Step-5: Review the suggested changes in the QuickPick Menu that appears.
Step-6: Click on "Replace" Button to replace with the current suggestion or click on "Cancel".
Accuracy may vary: While Gemini-Pro is highly advanced, it's still under development, and its accuracy in detecting vulnerabilities can vary depending on several factors, including:
- Code complexity: The model may struggle with highly complex or obfuscated code, potentially leading to missed vulnerabilities or false positives.
- Data availability: The model's training data plays a significant role in its performance. If the training data lacked specific vulnerabilities or coding styles, the model might be less effective in detecting them.
- Temperature setting: The temperature parameter in Gemini-Pro controls the randomness of its outputs. Higher temperatures can lead to more creative and diverse suggestions, but also potentially increase the risk of inaccurate or irrelevant recommendations. It's crucial to experiment and find the optimal temperature setting for your specific needs and codebase.
This extension adheres to the best practices outlined in the VSCode extension guidelines
Enjoy !