coderisk

CodeRisk is a Visual Studio Code extension that performs static application security testing in real time as developers write code. It scans source files for common vulnerabilities such as SQL injection, cross‑site scripting, command injection and other flaw patterns, reporting findings directly within the editor. The analysis runs entirely on the local machine, without sending code to external services, and does not rely on artificial‑intelligence models or telemetry.

The tool is intended for developers who need immediate feedback on security issues while coding, especially in environments where data privacy and offline operation are required. Because it executes deterministically and locally, it can be used in isolated or regulated settings where external network calls are prohibited.

CodeRisk is positioned as an experimental, privacy‑focused alternative to cloud‑based scanners, offering a deterministic, on‑device approach to identifying security defects during the development workflow.