VS Code Extension
The Veriva extension surfaces governance findings inside your editor before you push. Findings appear as inline diagnostics (squiggly underlines) and in the Teamblems panel. A status-bar badge shows recent finding counts and your active plan.
Current scope
Installation
- Open VS Code
- Go to the Extensions view (
Ctrl+Shift+X/Cmd+Shift+X) - Search for Veriva
- Click Install
Or install from the command line:
code --install-extension veriva.verivaSupported languages
- TypeScript (
.ts) - JavaScript (
.js) - TypeScript React (
.tsx) - JavaScript React (
.jsx) - Python (
.py)
Authentication
The extension works without authentication — static analysis runs locally for free on all plans. To unlock AI-powered code review and auto-fix suggestions, sign in through the browser:
- Open the Command Palette (
Ctrl+Shift+P/Cmd+Shift+P) - Run Veriva: Sign in
- Confirm the matching code in your browser
The token is issued by Veriva after approval and stored through VS Code's authentication provider.
To sign out, run Veriva: Sign out from the Command Palette.
Commands
| Command | Description |
|---|---|
Veriva: Analyze Current File | Run analysis on the active file. Also triggered by clicking the status bar badge. |
Veriva: Analyze Workspace | Scan up to 50 supported files in the workspace, excluding generated/build/test artifacts by default. Shows a progress notification. |
Veriva: Sign in | Sign in with browser-based device authorization. |
Veriva: Sign out | Clear the VS Code authentication session and revert to free-tier analysis. |
How analysis works
Automatic analysis
When veriva.enable is true (the default), Veriva automatically analyzes a file when you:
- Save a file — analysis runs on every save
- Switch editors — analysis runs when you switch to a different file
Findings are also cleared when you close a file.
Manual analysis
Use the Analyze Current File command (or click the status bar badge) to scan on demand. Analyze Workspace scans up to 50 supported files in the project, excluding generated/build/test artifacts by default.
Workspace scan is not CLI scan
veriva scan, which analyzes the current git diff and supports PR scans, JSON/SARIF output, and --fail-on behavior.Diagnostics
Findings appear as VS Code diagnostics with severity-based styling:
| Severity | Appearance |
|---|---|
| Critical / High | Red squiggly underline (Error) |
| Medium | Yellow squiggly underline (Warning) |
| Low | Blue underline (Information) |
| Info | Gray dots (Hint) |
Each diagnostic shows the rule ID, title, and description. You can filter which severities are displayed using the veriva.severity.minimum setting.
Status bar
The status bar badge (right side) shows recent finding counts on the active file colored by highest severity:
- Green — no findings above LOW
- Yellow — at least one MEDIUM finding
- Red — at least one HIGH or CRITICAL finding
The badge also shows your plan name (e.g., "Veriva Team") or "Veriva (Free)" if not signed in.
Plan-based features
Feature status
| Feature | Hobby (Free) | Team | Scale / Enterprise |
|---|---|---|---|
| Static analysis | Yes | Yes | Yes |
| AI code review | — | Yes | Yes |
| Auto-fix suggestions | — | Yes | Yes |
| Cross-PR insights | — | — | Yes |
| Status-bar finding badge | Yes | Yes | Yes |
Settings
Configure the extension in VS Code Settings (Ctrl+, / Cmd+,) under Extensions > Veriva:
| Setting | Type | Default | Description |
|---|---|---|---|
veriva.enable | Boolean | true | Enable automatic analysis on save. |
veriva.severity.minimum | Enum | LOW | Minimum severity to show. Options: INFO, LOW, MEDIUM, HIGH, CRITICAL. |
veriva.apiUrl | String | https://api.veriva.dev | API URL for self-hosted deployments. |
veriva.workspace.includeTests | Boolean | false | Include test and fixture files in workspace analysis. |
Offline / self-hosted
Always works offline
For self-hosted Veriva deployments, set veriva.apiUrl to your server's URL.