Visual Studio Code

The GitGuardian Visual Studio Code extension enhances code security by detecting and preventing the inclusion of sensitive information, such as API keys and credentials, directly within your development environment. This tool integrates seamlessly into the VS Code editor, providing real-time feedback to developers and promoting secure coding practices.

The extension leverages the bundled GitGuardian CLI (ggshield) to scan your code for over 500 types of secrets as you write or modify it, ensuring immediate awareness and action when potential security issues are detected.

The GitGuardian extension detecting a GitHub token in VS Code, showing detailed information about the secret when hovering.

Key Features

Real-Time Secret Detection

Automatically scans your code as you type, highlighting secrets instantly with clear visual indicators.

Guided Remediation

Provides actionable recommendations to fix detected secrets directly within VS Code.

Developer-Friendly Integration

Simple one-click installation with built-in CLI and automatic scanning on save.

False Positive Management

Easily mark false positives through .gitguardian.yaml configuration.

Installation

From VS Code Marketplace

1. Open Visual Studio Code
2. Go to the Extensions view (Ctrl+Shift+X or Cmd+Shift+X)
3. Search for "GitGuardian"
4. Click "Install" on the "GitGuardian Secret Security" extension
5. Restart VS Code if prompted

Alternatively, you can install directly from the VS Code Marketplace.

Configuration

Authentication

After installation, you'll need to authenticate with GitGuardian:

1. Open the Command Palette (Ctrl+Shift+P or Cmd+Shift+P)
2. Type "GitGuardian: Authenticate" and select it
3. Follow the authentication flow to connect your GitGuardian account

Settings

The extension can be configured through VS Code settings:

1. Go to File → Preferences → Settings (or Ctrl+, / Cmd+,)
2. Search for "GitGuardian"
3. Configure the available options:

For SaaS Users

• API URL: Uses GitGuardian's default API endpoint
• Authentication: Use the built-in authentication flow

For Self-Hosted Users

• API URL: Enter your custom GitGuardian instance URL
• API Key: Enter your Personal Access Token from your self-hosted instance

To configure for self-hosted instances:

{
  "gitguardian.apiUrl": "https://your-gitguardian-instance.com",
  "gitguardian.apiKey": "your-personal-access-token"
}

Usage and Results

The extension automatically scans files on save and displays results in three ways:

• Highlights secrets directly in your code
• Shows warning icons in the status bar
• Lists issues in the Problems panel (Ctrl+Shift+M or Cmd+Shift+M)

To ignore false positives, add paths to .gitguardian.yaml:

paths-ignore:
  - "tests/samples/*"
  - "docs/examples.md"

version: 2

Troubleshooting

Common solutions:

• Verify authentication and internet connection
• For self-hosted instances, check API key and URL
• Restart VS Code if issues persist
• Exclude large directories in .gitguardian.yaml for better performance

Need help? Check our documentation, GitHub repository, or contact support.

Related Documentation

• GitGuardian CLI Getting Started
• Custom Remediation Messages