-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Context-aware security analysis for Visual Studio Code — and a standalone caspian CLI you can run anywhere.
Caspian Security detects vulnerabilities, insecure coding patterns, and security best practice violations as you write code. It provides 295+ security rules across 14 categories, covering SQL injection, XSS, hardcoded secrets, business logic flaws, infrastructure misconfiguration, and more.
What sets it apart: context-aware intelligence. The scanner classifies issues with confidence scores, AI fixes understand full function scope, teams share ignore decisions via .caspianignore, and results export to SARIF v2.1.0 for GitHub Security Alerts. The same engine runs as a VS Code extension, a standalone terminal command, and an MCP server for AI agents.
| Rules | 295+ across 14 categories |
| Languages | JavaScript, TypeScript, Python, Java, C#, PHP, Go, Rust (+ Docker, Terraform, Kubernetes) |
| AI Providers | Anthropic Claude, OpenAI GPT-4, Google Gemini |
| Export Formats | JSON, CSV, SARIF v2.1.0 |
| Distribution | VS Code Marketplace, Open VSX, npm (caspian CLI) |
| Page | Description |
|---|---|
| Getting Started | Installation, first scan, scan modes |
| User Guide | Complete reference — CLI, VS Code, AI agents, CI/CD, configuration |
| Terminal Usage | The standalone caspian CLI — PowerShell / cmd / bash, exit codes, JSON |
| AI Agent Integration | Run Caspian from Claude Code, Cursor, Antigravity, Claude Desktop, Cline |
| Configuration | Settings, AI providers, category toggles |
| AI Fixes | Smart context AI fix generation |
| Confidence Scoring | Critical / Safe / Verify Needed classification |
| Caspianignore |
.caspianignore file format and team workflow |
| SARIF Export | SARIF v2.1.0 export and GitHub Security integration |
| PR Scanning | Scan only files changed on your branch |
| Security Score | Real-time 0-100 security score with A-F grading |
| Triage Mode | Guided walkthrough for reviewing pending issues |
| Rule Reference | Complete list of all rules |
| FAQ | Troubleshooting and common questions |
-
Run anywhere -- standalone
caspiancommand for PowerShell / cmd / bash, no VS Code needed -
AI-agent integration -- one line in
CLAUDE.md/ rules, or the MCP server, wires Caspian into Claude Code, Cursor, Antigravity, Claude Desktop, and Cline (nothing is written into your repo) - Security Score -- real-time 0-100 score in the status bar with A-F grading
- Triage Mode -- guided walkthrough of all pending issues with one-click actions
- PR-Scoped Scanning -- scan only files changed on your branch vs main
- Context-aware analysis -- classifies issues by variable source with confidence badges
- AI fixes with function-level understanding -- sends the entire enclosing function to the AI
- One-click quick-fix lightbulb -- deterministic mechanical remediations via Ctrl+.
- 295+ security rules across 14 categories with actionable fix suggestions
- Real-time analysis -- checks code as you type with a 1-second debounce
- Full workspace scanning -- scans all project files, not just open tabs
- 8 languages + IaC -- JS, TS, Python, Java, C#, PHP, Go, Rust, Dockerfile, Terraform, Kubernetes
-
Team-shareable
.caspianignore-- version-controlled ignore decisions - SARIF v2.1.0 export -- upload to GitHub Security Alerts
- Baseline support -- adopt Caspian into an existing codebase without a big-bang cleanup
- 3 AI providers -- Claude, GPT-4, Gemini
- Configurable severity -- filter by error, warning, or info threshold
Caspian Security
Run Anywhere
Features
Reference