Levo Lens (VS Code Plugin)

Detect API vulnerabilities directly in your code editor, powered by Levo.ai.

Features

• API Endpoint Detection: Automatically detects API endpoints in your code using intelligent pattern matching
• Vulnerability Overlays: See security vulnerabilities directly in your editor with gutter icons and hover details
• Workspace Scanning: Scan your entire workspace to find all API endpoints and vulnerabilities in one go
• Problems Panel Integration: Vulnerabilities appear in VS Code's Problems panel for easy navigation
• Multi-Framework Support: Works with Express.js, Flask, Django, FastAPI, and Spring Boot
• Smart Caching: Results are cached for fast subsequent scans

Supported Editors

This extension works in:

• VS Code
• Cursor
• Antigravity

Prerequisites

1. Levo Account: You need a Levo.ai account to fetch vulnerability data
   • Sign up at Levo.ai
   • Get your Refresh Token (CLI Authorization Key) from the Levo dashboard. How to generate a key
   • Identify your Application Name and Environment Name in Levo to map vulnerabilities correctly.

Installation

From VS Code Marketplace

1. Open VS Code.
2. Go to the Extensions view (Ctrl+Shift+X or Cmd+Shift+X).
3. Search for "Levo Lens".
4. Click Install.

Getting Started

1. Set your authentication token:

   • Press Ctrl+Shift+P / Cmd+Shift+P
   • Run "Levo: Set Authentication Token"
   • Paste your Levo refresh token

2. Scan a file:

   • Open a file containing API endpoints (JavaScript, TypeScript, Python, or Java)
   • Press Ctrl+Shift+P / Cmd+Shift+P
   • Run "Levo: Scan Current File for API Vulnerabilities"

3. Scan entire workspace:

   • Press Ctrl+Shift+P / Cmd+Shift+P
   • Run "Levo: Scan Workspace"
   • A summary view will open showing all detected endpoints and vulnerabilities across your project

4. View results:

   • Gutter icons indicate severity (Red = Critical, Orange = High, Yellow = Medium, Blue = Low).
   • Hover over endpoints to see vulnerability details
   • Check the Problems panel for a list of all issues

Commands

Command	Description
Levo: Scan Current File for API Vulnerabilities	Scan the current file for API endpoints and vulnerabilities
Levo: Scan Workspace	Scan the entire workspace and show a summary report
Levo: Clear Vulnerability Overlays	Remove all vulnerability decorations from the current file
Levo: Set Authentication Token	Configure your Levo refresh token
Levo: Logout	Clear stored authentication tokens
Levo: Show Connection Status	View extension status and diagnostics

Configuration

Configure the extension in VS Code settings (Ctrl+, / Cmd+,):

Setting	Default	Description
levo.apiBaseUrl	<ApiUrl />	Levo API base URL
levo.applicationName	""	(Required) Levo Application Name to fetch vulnerabilities for
levo.environmentName	""	(Required) Levo Environment Name (e.g., "staging", "prod")
levo.organizationId	""	(Optional) Organization ID. Auto-detected if empty. Find your ID
levo.autoScanOnOpen	true	Automatically scan files when opened
levo.autoScanOnSave	false	Automatically scan files when saved
levo.cacheTtlSeconds	300	Cache duration for scan results (seconds)
levo.showInProblemsPanel	true	Show vulnerabilities in Problems panel
levo.showGutterIcons	true	Show severity icons in editor gutter
levo.maxFileSizeKb	500	Maximum file size to scan (KB)
levo.workspaceScanDirectory	""	Specific directory to scan (relative to root). Leave empty to scan all.
levo.workspaceScanExcludePatterns	["**/node_modules/**", ...]	Glob patterns to exclude from workspace scan

Severity Levels

Icon	Severity	Problems Panel
Red	CRITICAL	Error
Orange	HIGH	Error
Yellow	MEDIUM	Warning
Blue	LOW	Information
Gray	INFO	Information

Supported Frameworks

The extension detects API endpoints from:

• JavaScript/TypeScript: Express.js
• Python: Flask, Django, FastAPI
• Java: Spring Boot

Support

If you encounter any issues or have questions, please:

• Email us at support@levo.ai
• Visit our Documentation Center