Skip to main content

VS Code extension

Fluid Attacks' has an extension in the Visual Studio Code (VScode) editor. With this extension, you can see reported vulnerabilities in the ARM platform pointing you to the specific file and line of code where the vulnerability was reported and redirect you to criteria documentation. Remember that depending on the files you have as analysis input, these are the ones that will reflect this information.

Download extension

To download the extension, go to the extension section, and type Fluid Attacks in the search bar.

Find extension

Configure the editor with the ARM

Once you have downloaded the extension, it is necessary to configure it to connect the ARM with your editor. Go to configuration => settings.


In the search bar, enter the name of the Fluid Attacks extension; there, you must enter your ARM API token once you have entered it, close and reopen your editor to update this change.

ARM api token


Once you have the extension and the configuration, you can use this tool. The functions you will find in this tool are:

File and code line pointing

To visualize the vulnerabilities reported in the ARM from the editor, you have to open the project in which it is active in the vulnerability analysis. You can detect the files since they have red dots or open them directly by file line by clicking on the X symbol.

visualize vulnerabilities

You will see a list of vulnerabilities where you will be redirected to the file and the vulnerable line of code.

line vulnerabilities

Redirection to the ARM platform

Once you have the line of code where the vulnerability is reported, put the cursor of your mouse over it, and you will get a pop-up window where it will give you the definition and the redirection link.

redirection ARM

Clicking on the link will open the ARM where this reported vulnerability is located.

Temporarily accepted treatment

You can apply the Accept Vulnerability Temporary treatment by right-clicking on the line of code.

Accepted treatment

There you put the justification and the date of the treatment application.

Go to criteria

Clicking on criteria will take you to the documentation.

Go criteria

Request reattack

You can also request a reattack by clicking on this one, where you will put the justification.



If some repositories are not detected when downloading the extension, you have to go to the settings section of the Fluid Attacks extension and add the groups that are part of it.

Fluid Attacks settings

There you will click where it says Edit in settings.json.

settings json

It will open a .json file where you can add the groups where those repositories are not activated.

add groups