VS Code extension error and solution catalog

This guide provides troubleshooting steps for common issues with the Fluid Attacks VS Code extension , such as incorrect functionality or failure to show vulnerabilities. If you encounter any problems, carefully follow the steps below to resolve them.

1. Ensure you have the latest version: Verify that you have the latest version of the Fluid Attacks extension installed in your VS Code IDE. You can check for updates within the Extensions tab in VS Code.

2. Local environment required: The extension currently only functions in local development environments; it does not support remote development setups.

3. Verify API token: Validate that you have added a valid API token in the extension configuration. If necessary, you can get a new one from the platform .

4. Git required: Ensure Git is installed on your system. If you need to install or update this version control system, you can download it from git-scm.com/downloads . Note that Linux and Mac OS have Git installed by default. Also, make sure that the repository is initialized with Git and that it has a remote URL associated with it (which you can verify by running the command git config --local --get remote.origin.url on the repository).

5. Verify group and scope: On Fluid Attacks’ platform , ensure you have access to the group  where your repository should be registered and that the repository is indeed added to the corresponding scope of the group .

6. Open the editor in the correct directory: Open VS Code from the root directory of your local Git repository, i.e., from the base folder where your local repository is hosted. The extension relies on the repository’s structure, so opening the editor from a parent directory or a different location prevents it from functioning correctly.

7. Verify repository name and URL: To ensure proper functionality, it is recommended that the local folder containing your repository matches the nickname you provided when adding the repository to the scope within your group  on the Fluid Attacks platform. Alternatively, ensure the remote URL configured in your Git repository matches the URL registered in the scope on the platform.

   

8. Sometimes, even after properly configuring the token in the extension, no vulnerabilities are displayed upon opening the extension — even when vulnerabilities are reported in the platform: Occasionally, the Git history becomes corrupted, which can affect how vulnerabilities are shown. Performing a fresh clone of the target repository can help resolve this issue.

If you have followed the steps above, and the extension still does not work correctly, please contact the Fluid Attacks support team at help@fluidattacks.com. To help the team quickly diagnose the problem, include the following information in your email:

• Current version of the extension
• Current IDE version
• Operating system under which the IDE is running
• Name of the group and name of the repository you are working on
• Entire text log obtained from the extension (as shown in the example screenshot below, open the Output tab in VS Code’s panel and select Fluid Attacks in the drop-down menu; there you have the log you need)