Skip to content
CaspianTools edited this page Jul 1, 2026 · 6 revisions

Caspian Security

Context-aware security analysis for Visual Studio Code — and a standalone caspian CLI you can run anywhere.

Version License VS Code


Caspian Security detects vulnerabilities, insecure coding patterns, and security best practice violations as you write code. It provides 295+ security rules across 14 categories, covering SQL injection, XSS, hardcoded secrets, business logic flaws, infrastructure misconfiguration, and more.

What sets it apart: context-aware intelligence. The scanner classifies issues with confidence scores, AI fixes understand full function scope, teams share ignore decisions via .caspianignore, and results export to SARIF v2.1.0 for GitHub Security Alerts. The same engine runs as a VS Code extension, a standalone terminal command, and an MCP server for AI agents.

At a Glance

Rules 295+ across 14 categories
Languages JavaScript, TypeScript, Python, Java, C#, PHP, Go, Rust (+ Docker, Terraform, Kubernetes)
AI Providers Anthropic Claude, OpenAI GPT-4, Google Gemini
Export Formats JSON, CSV, SARIF v2.1.0
Distribution VS Code Marketplace, Open VSX, npm (caspian CLI)

Documentation

Page Description
Getting Started Installation, first scan, scan modes
Terminal Usage The standalone caspian CLI — PowerShell / cmd / bash, exit codes, JSON
AI Agent Integration Run Caspian from Claude Code, Cursor, Antigravity, Claude Desktop, Cline
Configuration Settings, AI providers, category toggles
AI Fixes Smart context AI fix generation
Confidence Scoring Critical / Safe / Verify Needed classification
Caspianignore .caspianignore file format and team workflow
SARIF Export SARIF v2.1.0 export and GitHub Security integration
PR Scanning Scan only files changed on your branch
Security Score Real-time 0-100 security score with A-F grading
Triage Mode Guided walkthrough for reviewing pending issues
Rule Reference Complete list of all rules
FAQ Troubleshooting and common questions

Key Capabilities

  • Run anywhere -- standalone caspian command for PowerShell / cmd / bash, no VS Code needed
  • AI-agent integration -- one line in CLAUDE.md / rules, or the MCP server, wires Caspian into Claude Code, Cursor, Antigravity, Claude Desktop, and Cline (nothing is written into your repo)
  • Security Score -- real-time 0-100 score in the status bar with A-F grading
  • Triage Mode -- guided walkthrough of all pending issues with one-click actions
  • PR-Scoped Scanning -- scan only files changed on your branch vs main
  • Context-aware analysis -- classifies issues by variable source with confidence badges
  • AI fixes with function-level understanding -- sends the entire enclosing function to the AI
  • One-click quick-fix lightbulb -- deterministic mechanical remediations via Ctrl+.
  • 295+ security rules across 14 categories with actionable fix suggestions
  • Real-time analysis -- checks code as you type with a 1-second debounce
  • Full workspace scanning -- scans all project files, not just open tabs
  • 8 languages + IaC -- JS, TS, Python, Java, C#, PHP, Go, Rust, Dockerfile, Terraform, Kubernetes
  • Team-shareable .caspianignore -- version-controlled ignore decisions
  • SARIF v2.1.0 export -- upload to GitHub Security Alerts
  • Baseline support -- adopt Caspian into an existing codebase without a big-bang cleanup
  • 3 AI providers -- Claude, GPT-4, Gemini
  • Configurable severity -- filter by error, warning, or info threshold

Links

Clone this wiki locally