● Live Product

BEYLIM VSC Scanner

Your extensions have keys to everything.
We make sure they deserve them.

Scan. Score. Govern. — all without leaving VS Code.

A security scanner that lives in your VS Code IDE. Each developer runs scans locally, reviews risk scores with full transparency, and exports reports to share with the wider team. Evidence-based. Explainable. Actionable.

Install Free from MarketplaceDeep Dive ↓

Why BEYLIM

Security that explains itself

🔬

4-Layer Scanning

Static analysis, live CVE intelligence, behavioral detection, and trust enrichment — all in one pass.

📊

Explainable Scores

Every extension gets a 0–100 risk score with a full weighted breakdown. No black boxes.

🔐

Policy Governance

Allow/block lists, timed suppressions, blocklist precedence, and risk-threshold alerts.

📈

Trend Tracking

Compare scans over time. See which extensions improved, worsened, or are newly high-risk.

4
Scanning Layers
5
Finding Types
6
Report Formats
8
Detection Categories
19
Commands
<1%
CPU Impact

Who it's for

Runs on your IDE. Reports reach your team.

👤

Individual Developers

  • Audit extensions before trusting them
  • Identify credential-accessing extensions
  • Monitor external service communication
  • Stay ahead of newly discovered CVEs
🛡️

Security Teams

  • Export and share reports across the team
  • Allow/block list enforcement per developer
  • Track compliance with exportable evidence
  • Spot rogue extensions in shared reports
🏢

Organizations

  • Standardize extension policies across teams
  • Executive security reports you can export and circulate
  • Flag extensions that reference AI service endpoints
  • Audit extension permissions at the individual level

Quick start

Up and running in 60 seconds

1

Install

Open VSCode → Extensions (Ctrl+Shift+X) → Search "BEYLIM VSC Scanner" → Install

2

Activate

The extension activates automatically. Open the BEYLIM VSC Scanner view in the Explorer sidebar.

3

Scan

Click "Scan All Extensions" or press Ctrl+Shift+P"BEYLIM VSC Scanner: Scan All Extensions"

4

Review & Act

Explore risk scores, drill into extension details, check risk trends, and enforce policies.

Ready to see what your extensions are really doing?

Install BEYLIM VSC Scanner and run your first scan in under a minute.

Install Now — It's Free
Deep Dive

Scoring

Explainable risk scoring — not a black box

Every extension receives a normalized 0–100 risk score with a full breakdown. Five finding types each carry a calibrated evidence weight — all configurable. The Score Analysis panel in every extension detail view shows the exact weighted finding sum, characteristics multiplier, category bonus, and final score so every number is traceable.

Finding Type Weights

TypeWeightDescription
Known CVEs1.6×Dependency matches a known vulnerable range with a CVE identifier
Behavioral1.3×Obfuscation, credential access, exfiltration indicators, AI-service transmission
Vulnerabilities1.2×Risky dependency/security issues that may not have a CVE identifier
Over-Privileged0.75×Broad capabilities — always-active, terminal/debugger access
Reputation0.5×Marketplace and repo trust/freshness context signals

Scoring Formula

  • Severity Weight: Critical (25), High (15), Medium (8), Low (3), Info (1)
  • Confidence: Each finding's confidence score (0–1)
  • Characteristics Multiplier: Built-in (×0.5), trusted publisher (strict 0.85 / normal 0.7 / lenient 0.6), pre-release (×1.2)
  • Category Bonuses: Network + file (+10), network + credentials (+15), repeated high-risk (+5). Scaled by trust multiplier.
  • Trusted Vendor Cap: Without CVEs or HIGH/CRITICAL behavioral findings, capped at HIGH (79)
  • Final: round(min(100, max(0, Σ(sev × conf × typeWeight) × charMult + scaledBonus)))

Classification

Risk levels

Risk levels are based on finding drivers — CVEs, over-privileged permissions, vulnerabilities, and behavioral indicators — not a single severity label.

LevelScoreDescription
SAFE0–19No significant security concerns
LOW20–39Minor concerns, generally safe
MEDIUM40–59Moderate concerns, review recommended
HIGH60–79Significant concerns, careful review required
CRITICAL80–100Severe security risks, immediate action required

Visibility

Visual extension detail view

Every extension opens a rich technical breakdown panel.

🎯

Risk Ring

Colour-coded ring with risk level and score at a glance.

🏷️

Severity Chips

Critical / High / Medium / Low / Info finding counts in one row.

📊

Score Analysis

Weighted-findings breakdown with per-type contribution bar chart.

🌐

Community Intel

Side-by-side Marketplace and GitHub signal cards.

📋

Grouped Findings

Severity badges, CVE advisory links, confidence indicators, remediation.

🏆

Top Contributors

Mini-table showing the highest-weighted findings driving the score.

Reporting

Six formats. Every stakeholder covered.

Security Report (JSON)

Tooling / CI

Machine-readable full findings, registries, score breakdowns

Security Report (Markdown)

Developers

Full findings with all five finding-type sections

Security Report (HTML)

Developers

Interactive visual report with the same five sections

Executive View (Markdown)

Management

One-page risk snapshot, distribution table, recommendations

Executive View (HTML)

Management

Styled one-page summary ready to share

Extension Breakdown

Per-extension audit

Score analysis, all five finding sections, trust assessment

All reports managed from Dashboard → Reports Center with search, format filtering, sort, archive, and delete.

Coverage

Detection categories

🎭

Obfuscation

  • Base64 encoding/decoding
  • Hex-encoded strings
  • Dynamic eval / Function
  • Minified or packed code
🌐

Network Activity

  • HTTP/HTTPS & WebSocket
  • Paste site communication
  • Hardcoded IPs
  • Suspicious endpoints
📁

File Access

  • Sensitive directories (.ssh, .aws)
  • Home directory access
  • Unusual file permissions
⚙️

Code Execution

  • Command / shell execution
  • Process spawning
  • Dynamic script loading
🔑

Credential Access

  • Env variable access
  • VSCode secret storage
  • Keychain / credential manager
  • API keys and tokens
🤖

AI Service References

  • OpenAI / Anthropic endpoint references
  • Code transmission patterns in source
  • Third-party AI data-sharing signals
⚠️

Malicious Patterns

  • Crypto mining
  • Reverse shells / backdoors
  • Data exfiltration patterns
  • Known malware signatures
📡

Telemetry

  • Analytics tracking
  • Telemetry reporters
  • Usage data collection

Control

19 commands at your fingertips

Access via Command Palette (Ctrl+Shift+P or Cmd+Shift+P).

BEYLIM VSC Scanner: Scan All ExtensionsScan all installed extensions
BEYLIM VSC Scanner: Scan Specific ExtensionScan a single extension
BEYLIM VSC Scanner: Open DashboardFocus the sidebar UI
BEYLIM VSC Scanner: Show Security ReportIn-editor security report panel
BEYLIM VSC Scanner: Show Executive ViewOne-page executive summary
BEYLIM VSC Scanner: Show Extension BreakdownFull report for one extension
BEYLIM VSC Scanner: Export ReportExport (JSON / Markdown / HTML)
BEYLIM VSC Scanner: Export Executive ViewSave executive summary
BEYLIM VSC Scanner: Export Extension BreakdownSave one-extension report
BEYLIM VSC Scanner: View Extension DetailsRisk ring, community intel, grouped findings
BEYLIM VSC Scanner: Block ExtensionChecklist add/remove blocked extensions
BEYLIM VSC Scanner: Allow ExtensionChecklist add/remove allowed extensions
BEYLIM VSC Scanner: Show Risk Trend ViewMovement and deltas since prior scans
BEYLIM VSC Scanner: Suppress Finding (Timed)Suppress false positives until expiry
BEYLIM VSC Scanner: How Scanning WorksDeep-dive pipeline and scoring explainer
BEYLIM VSC Scanner: Verify Settings EffectivenessRuntime evidence of setting impact
BEYLIM VSC Scanner: About BEYLIMProduct and platform information
BEYLIM VSC Scanner: Refresh Extension ListRefresh the extension list
BEYLIM VSC Scanner: Open SettingsOpen scanner settings

Customise

Configuration

Fine-tune via VSCode settings (File → Preferences → Settings).

General

{
  "securityAuditor.autoScanOnStartup": true,
  "securityAuditor.scanInterval": 3600000,
  "securityAuditor.riskThreshold": "medium",
  "securityAuditor.alertOnHighRisk": true,
  "securityAuditor.alertOnAllowlistedHighRisk": true,
  "securityAuditor.staleScanDays": 3,
  "securityAuditor.scanCacheMaxAgeMinutes": 120,
  "securityAuditor.trustedVendorSensitivity": "normal",
  "securityAuditor.enableTrustedVendorScoring": true
}

Intelligence & Monitoring

{
  "securityAuditor.enableRuntimeMonitoring": true,
  "securityAuditor.enableAIMonitoring": true,
  "securityAuditor.enableLiveCveChecks": true,
  "securityAuditor.enableNvdCrossCheck": true,
  "securityAuditor.enableOnlineReputation": true,
  "securityAuditor.enableGitHubReputation": true
}

Policy

{
  "securityAuditor.allowedExtensions": [
    "ms-vscode.cpptools",
    "ms-python.python"
  ],
  "securityAuditor.blockedExtensions": [
    "suspicious-publisher.extension-id"
  ]
}

Scoring Weights

{
  "securityAuditor.findingTypeWeights": {
    "cve": 1.6,
    "vulnerability": 1.2,
    "overPrivileged": 0.75,
    "reputation": 0.5,
    "behavioral": 1.3
  }
}

Reports

{
  "securityAuditor.reportHistoryFolders": [
    "C:\\SecurityReports"
  ],
  "securityAuditor.reportArchiveFolder":
    "security-report-archive",
  "securityAuditor.reportDetailedFindingTypes": [
    "cve", "vulnerability",
    "over-privileged", "reputation",
    "behavioral"
  ]
}

Under the hood

Technical details

Scanning Pipeline

  1. Discovery: Enumerate all installed extensions and collect metadata
  2. Static Analysis: Scan code for suspicious patterns via regex and AST
  3. Live CVE Check: Match deps against OSV + optional NIST NVD
  4. Behavioral Detection: Identify runtime-oriented suspicious patterns
  5. Trust Enrichment: Pull Marketplace and GitHub signals
  6. Risk Calculation: Weighted scoring with characteristics multiplier
  7. Policy Evaluation: Allow/block lists and risk thresholds
  8. Reporting: Detailed findings with context and recommendations

Performance

  • Static scanning runs in the background
  • Runtime monitoring: <1% CPU impact
  • Incremental cache with configurable TTL
  • Results cached to avoid redundant scans
  • Scan lock recovery prevents stale deadlocks

Limitations

  • Cannot detect all types of malicious behavior
  • Some legitimate extensions may trigger false positives
  • Heavily obfuscated code may evade detection
  • Cannot prevent execution — alerts and recommends

Playbook

Best practices

Daily

  • Auto-scan on startup enabled
  • Triage HIGH/CRITICAL immediately
  • Investigate new extensions on-demand

Weekly

  • Review risk trend view for drift
  • Check allowlist escalation alerts
  • Export executive + full reports

Monthly

  • Review suppression entries and expiry
  • Re-evaluate policy lists
  • Archive reports for compliance evidence

The future of extension security starts here.

Install BEYLIM VSC Scanner and take control of your development environment.

Install NowContact Us