What is VSCan?
Hundreds of malicious extensions are released on the VSCode Marketplace. VSCan analyzes these extensions to determine if they are malicious or vulnerable. Powered by LLMs, ASTs, and static analysis, it has already found hundreds of compromised extensions.
Problem
Developers and organizations rely on manual reviews or basic tools to detect malicious VSCode extensions, leading to potential security risks and inefficiency in identifying vulnerabilities
Solution
AI-powered security tool that analyzes VSCode extensions using LLMs, ASTs, and static analysis to detect malicious code or vulnerabilities, e.g., scanning extensions for suspicious behavior or compromised code
Customers
Software developers, cybersecurity professionals, and DevOps engineers working with VSCode extensions
Unique Features
Combines LLM-based code interpretation with abstract syntax tree (AST) analysis and static code scanning for higher accuracy in detecting threats
User Comments
Identifies previously undetected malicious extensions
Simplifies security auditing for VSCode ecosystems
Provides actionable insights into code vulnerabilities
Reduces manual review time significantly
Enhances trust in extension marketplace usage
Traction
Launched on ProductHunt with 380+ upvotes
Detected hundreds of malicious extensions as claimed in its description
No explicit MRR/user metrics disclosed yet
Market Size
Global cybersecurity AI market projected to reach $60.6 billion by 2028 (MarketsandMarkets)
VSCode has over 15 million monthly active users (2023 Microsoft data)
