IDE extensions

Last updated: May 22, 2026

To streamline your remediation process, Fluid Attacks offers extensions for popular integrated development environments (IDEs). These integrations allow your developers to manage vulnerabilities without leaving their coding environment. We currently support three IDEs: Cursor, Visual Studio Code (VS Code), and IntelliJ IDEA (the latter also covers other JetBrains IDEs, such as Android Studio, AppCode, and Aqua).

All three extensions share most of the core capabilities needed to find and fix vulnerabilities from the IDE. The main differences today affect the IntelliJ IDEA extension, which does not yet support update options for vulnerable dependencies detected with software composition analysis (SCA), nor the refresh button and color-coded status indicators available in Cursor and VS Code.

Key capabilities

Visualization of vulnerabilities

All three extensions allow developers to view vulnerabilities reported by Fluid Attacks directly in the IDE. After logging in with an API token, the extension displays a comprehensive list of weaknesses detected in your code, marks vulnerable files in the explorer, and underlines the specific lines of code where each vulnerability is present.

AI-generated remediation

All three extensions leverage AI to help developers fix vulnerabilities faster:

Custom Fix: Generates a step-by-step guide explaining how to fix the vulnerable code.
Autofix: Automatically generates suggested code fixes (delivered as a suggested pull request in Cursor and VS Code, or applied directly to the file in IntelliJ IDEA).

Requesting reattacks

All three extensions support requesting reattacks to verify the effectiveness of applied fixes, without leaving the IDE. Reattacks can be requested directly from a vulnerable file (via a dedicated icon or a right-click option).

Access to vulnerability documentation and platform links

All three extensions provide direct links to Fluid Attacks' Database (DB/Criteria) and to the vulnerability report on the Fluid Attacks platform. They also include a See Finding description feature that opens documentation inside the IDE, showing attack vector, threat, severity score, and average remediation time.

All three extensions expose a contextual menu when right-clicking a vulnerable line of code, giving developers quick access to the most common actions on that vulnerability:

Apply suggested fix (Autofix)
Go to Criteria (open the vulnerability's entry in Fluid Attacks' DB)
Request reattack
See Finding description

Dependency update options

The ability to view update options for vulnerable dependencies detected with software composition analysis (SCA) is supported in Cursor and VS Code, but not in IntelliJ IDEA.

Cursor and VS Code: Users can hover over a vulnerable dependency and click the wrench icon to view available update options.

Status indicators and refresh

The Cursor and VS Code extensions include a refresh button and update the color of vulnerability underlines to reflect their status (these visual indicators are not currently available for IntelliJ IDEA):

Blue: Reattack requested.
Yellow: "Temporarily accepted" treatment applied.

Comparative summary

The table below outlines the specific functional differences between our current IDE extensions:

Feature	Cursor	VS Code	IntelliJ IDEA
View vulnerable file and code line	✅	✅	✅
Request reattacks	✅	✅	✅
Custom Fix (AI-generated remediation guides)	✅	✅	✅
Autofix (AI-generated automatic fixes)	✅	✅	✅
Link to Fluid Attacks' DB / Criteria	✅	✅	✅
Link to vulnerability on the platform	✅	✅	✅
See Finding description (in-IDE)	✅	✅	✅
Options menu by right-clicking on the vulnerable line	✅	✅	✅
Update options for vulnerable dependencies (SCA)	✅	✅	❌
Refresh button and color-coded status indicators	✅	✅	❌