VSCode Plugin

The Gomboc VS Code Plugin delivers real-time, context-aware fixes powered by Gomboc’s deterministic AI. It applies precise remediations with clear explanations, helping you secure new infrastructure and clean up legacy code without slowing down development.

0. Prerequisites

Before you start, make sure you have:

• VS Code version 1.63.0 or greater https://code.visualstudio.com/download

• Docker is installed and running (Docker Desktop or Docker Engine) https://www.docker.com/products/docker-desktop/

Why Docker? The VS Code extension runs the ORL remediation engine locally inside a Docker container when you scan. If Docker isn’t running, scans/fixes won’t start.

1. Generate a personal token

• Here's how to create a Gomboc personal access token.

2. Set up the Gomboc VSCode plugin

• Install the Gomboc Plugin via the marketplace or direct in the IDE:

  • VS Code Marketplace (click "Install") gomboc-vscode-extension

• VSCode Extensions tab. Search for "Gomboc" and click "Install":

  
• When you install the extension, be sure to enable "Auto Update".

• Once installed, open the product settings by doing one of the following:

  • click the gear icon and select "Settings":

    
  • Open Settings > Extensions and search for "Gomboc."

    

    
• Paste your Personal Access Token into the Api Key field. Run Gomboc: Test Api Key from the command and enable "Scan on File Save".\

  

3. Run your first scan

Choose your path before running your scan

• Option 1 (Recommended): Checkout the Gomboc Reviewer guide

• Option 2 (Quick): Problems panel → Apply Fix

  • Create a project with a Terraform file.

    • In your IDE, create a new folder called "gomboc-quickstart" and create a new file, main.tf

      

      • Populate that file with the following content:

      • Alternatively, check out https://github.com/Gomboc-AI/rattleback with the following command

  • Save the file, triggering Gomboc to scan it

    • Alternatively, click on the search bar and select "Show and Run Commands":

      

      • Type "Gomboc" into the search and select "Gomboc: Scan current file or scenario":

        

4. Apply the fixes

• Review the Problems panel → click Apply Fix (or Apply All).

• Save, test, and commit your changes.

Don’t have a Terraform file handy? go to the dedicated VS Code user docs page get an example code.

If you have questions or feedback, reach out at [email protected] -we’re here to help!