-
Notifications
You must be signed in to change notification settings - Fork 0
Configuration
Caspian-Explorer edited this page Mar 28, 2026
·
3 revisions
Open VS Code Settings (Ctrl+,) and search for "Caspian Security" to configure the extension.
| Setting | Type | Default | Description |
|---|---|---|---|
caspianSecurity.autoCheck |
boolean | true |
Automatically run security checks as you type |
caspianSecurity.checkOnSave |
boolean | true |
Run security checks when files are saved |
caspianSecurity.severity |
string | warning |
Minimum severity level to report (error, warning, info) |
caspianSecurity.enabledLanguages |
array | All 8 | Languages to include in security checks |
caspianSecurity.includeDependencyCheck |
boolean | true |
Include dependency checks during workspace scans |
caspianSecurity.autoVerify |
boolean | true |
Automatically verify findings as resolved when they disappear from scan results |
caspianSecurity.skipGeneratedFiles |
boolean | true |
Skip scanning auto-generated and minified files |
caspianSecurity.maxFileSize |
number | 500000 |
Maximum file size in characters to scan (0 = no limit) |
caspianSecurity.skipUnchangedFiles |
boolean | true |
Skip re-scanning files that haven't changed since last scan |
| Setting | Type | Default | Description |
|---|---|---|---|
caspianSecurity.aiProvider |
string | anthropic |
AI provider for fix generation (anthropic, openai, gemini) |
caspianSecurity.aiModel |
string | "" |
Optional model override (leave empty for provider default) |
| Provider | Default Model |
|---|---|
| Anthropic | claude-sonnet-4-20250514 |
| OpenAI | gpt-4o |
gemini-2.0-flash |
API keys are stored securely in the OS keychain via VS Code's SecretStorage API -- they never appear in settings.json.
To configure:
- Command Palette > "Caspian Security: Configure AI Fix Provider"
- Select your provider (Anthropic, OpenAI, or Google)
- Enter your API key when prompted
- The key is stored in the OS keychain and persists across sessions
Each of the 14 security categories can be independently enabled or disabled:
| Setting | Default | Category |
|---|---|---|
caspianSecurity.enableAuthAccessControl |
true |
Authentication & Access Control |
caspianSecurity.enableInputValidationXss |
true |
Input Validation & XSS |
caspianSecurity.enableCsrfProtection |
true |
CSRF Protection |
caspianSecurity.enableCorsConfiguration |
true |
CORS Configuration |
caspianSecurity.enableEncryptionDataProtection |
true |
Encryption & Data Protection |
caspianSecurity.enableApiSecurity |
true |
API Security |
caspianSecurity.enableDatabaseSecurity |
true |
Database Security |
caspianSecurity.enableFileHandling |
true |
File Handling |
caspianSecurity.enableSecretsCredentials |
true |
Secrets & Credentials |
caspianSecurity.enableFrontendSecurity |
true |
Frontend Security |
caspianSecurity.enableBusinessLogicPayment |
true |
Business Logic & Payment Security |
caspianSecurity.enableLoggingMonitoring |
true |
Logging & Monitoring |
caspianSecurity.enableDependenciesSupplyChain |
true |
Dependencies & Supply Chain |
caspianSecurity.enableInfrastructureDeployment |
true |
Infrastructure & Deployment |
{
"caspianSecurity.autoCheck": true,
"caspianSecurity.checkOnSave": true,
"caspianSecurity.severity": "warning",
"caspianSecurity.enabledLanguages": ["javascript", "typescript", "python"],
"caspianSecurity.aiProvider": "anthropic",
"caspianSecurity.enableCsrfProtection": false,
"caspianSecurity.enableLoggingMonitoring": false
}This configuration:
- Enables real-time and on-save checking
- Reports warnings and errors (suppresses info)
- Only scans JavaScript, TypeScript, and Python files
- Uses Anthropic Claude for AI fixes
- Disables CSRF and Logging categories
- AI Fixes -- learn how smart context AI fixes work
- Confidence Scoring -- understand Critical / Safe / Verify Needed badges
- Rule Reference -- browse all 133 security rules
Caspian Security
Run Anywhere
Features
Reference