Configuration

Complete reference for all Agnech VS Code extension settings. Configure scanning behavior, engines, AI providers, and more.

Overview

All settings can be configured in VS Code's settings.json or through the Settings UI. Press Ctrl+, and search for "Agnech" to find all settings.

Scanning

5 settings

Engines

7 settings

AI Setup

5 settings

Reports

4 settings

Scanning Settings

Configure when and how scans are performed.

agnech.scan.autoScanboolean

Automatically scan files when opened or saved.

Default: true

agnech.scan.scanOnSaveboolean

Run a quick scan when files are saved.

Default: true

agnech.scan.debounceMsnumber

Delay in milliseconds before auto-scanning.

Default: 500

agnech.scan.excludePatternsarray

Glob patterns for files to exclude from scanning.

Default: ["node_modules/**", "dist/**", "build/**"]

agnech.scan.maxFileSizenumber

Maximum file size in bytes to scan (default: 1MB).

Default: 1048576

Engine Configuration

Enable or disable individual scanning engines.

agnech.engines.pattern.enabledboolean

Enable Pattern Matching engine for regex-based detection.

Default: true

agnech.engines.sast.enabledboolean

Enable SAST engine for AST-based analysis.

Default: true

agnech.engines.cve.enabledboolean

Enable CVE database scanning for dependencies.

Default: true

agnech.engines.taint.enabledboolean

Enable Taint Analysis for data flow tracking.

Default: true

agnech.engines.symbolic.enabledboolean

Enable Symbolic Execution for edge case detection.

Default: true

agnech.engines.graph.enabledboolean

Enable Graph Analysis for call chain tracking.

Default: true

agnech.engines.ai.enabledboolean

Enable AI Verification (requires API key).

Default: false

AI Provider Setup

Configure AI verification to reduce false positives. Supports multiple providers.

API Keys

Your API keys are stored securely in VS Code's secret storage and are never sent anywhere except to the AI provider you configure.

agnech.ai.providerenum

AI provider for verification engine.

groqopenaianthropicollama

Default: groq

agnech.ai.apiKeystring

API key for the selected AI provider.

Default: (none)

agnech.ai.modelstring

Model to use for AI verification.

Default: llama-3.3-70b-versatile

agnech.ai.maxTokensnumber

Maximum tokens for AI response.

Default: 2048

agnech.ai.timeoutnumber

Timeout in milliseconds for AI requests.

Default: 30000

Provider Examples

settings.json

JSON

1// Groq (Free tier available)
2{
3  "agnech.ai.provider": "groq",
4  "agnech.ai.apiKey": "gsk_your_api_key_here",
5  "agnech.ai.model": "llama-3.3-70b-versatile"
6}
7
8// OpenAI
9{
10  "agnech.ai.provider": "openai",
11  "agnech.ai.apiKey": "sk-your_api_key_here",
12  "agnech.ai.model": "gpt-4o"
13}
14
15// Anthropic
16{
17  "agnech.ai.provider": "anthropic",
18  "agnech.ai.apiKey": "sk-ant-your_api_key_here",
19  "agnech.ai.model": "claude-3-5-sonnet-20241022"
20}
21
22// Ollama (Local)
23{
24  "agnech.ai.provider": "ollama",
25  "agnech.ai.model": "llama3.2"
26}

Report Settings

Configure report generation and export options.

agnech.reports.defaultFormatenum

Default format for generated reports.

htmljsonmarkdown

Default: html

agnech.reports.outputDirectorystring

Directory for saving generated reports.

Default: ./security-reports

agnech.reports.includeRemediationboolean

Include remediation guidance in reports.

Default: true

agnech.reports.includeCodeSnippetsboolean

Include vulnerable code snippets in reports.

Default: true

UI Settings

Configure how findings are displayed in the editor.

agnech.ui.showInlineDecorationsboolean

Show vulnerability indicators inline in the editor.

Default: true

agnech.ui.showStatusBarboolean

Show Shield Score in the status bar.

Default: true

agnech.ui.showGutterIconsboolean

Show severity icons in the editor gutter.

Default: true

agnech.ui.highlightSeverityenum

Minimum severity to highlight in editor.

allhighcritical

Default: all

Complete Example

settings.json

JSON

1{
2  // Scanning
3  "agnech.scan.autoScan": true,
4  "agnech.scan.scanOnSave": true,
5  "agnech.scan.debounceMs": 500,
6  "agnech.scan.excludePatterns": [
7    "node_modules/**",
8    "dist/**",
9    "coverage/**",
10    "**/*.min.js"
11  ],
12
13  // Engines
14  "agnech.engines.pattern.enabled": true,
15  "agnech.engines.sast.enabled": true,
16  "agnech.engines.cve.enabled": true,
17  "agnech.engines.taint.enabled": true,
18  "agnech.engines.symbolic.enabled": true,
19  "agnech.engines.graph.enabled": true,
20  "agnech.engines.ai.enabled": true,
21
22  // AI Provider (Groq)
23  "agnech.ai.provider": "groq",
24  "agnech.ai.apiKey": "gsk_your_api_key",
25  "agnech.ai.model": "llama-3.3-70b-versatile",
26
27  // Reports
28  "agnech.reports.defaultFormat": "html",
29  "agnech.reports.outputDirectory": "./security-reports",
30  "agnech.reports.includeRemediation": true,
31
32  // UI
33  "agnech.ui.showInlineDecorations": true,
34  "agnech.ui.showStatusBar": true,
35  "agnech.ui.showGutterIcons": true
36}