Shift-Left Security Extension
LLM-assisted VS Code extension that surfaces vulnerabilities early and recommends secure fixes across a unified scanning pipeline.
Impact
Shifted security left with IDE-native workflows and faster remediation
Reduced manual triage by automating common fixes and lint recommendations
Scaled secure scanning with parallel job queues and resilient retry logic
Improved auditability with consistent severity and policy mapping
Improved developer productivity by keeping remediation inside the IDE
Metrics
What we built
A security-first developer experience that runs multiple scanners in a single pipeline, normalizes findings, streams results in real time, and recommends fixes inside the IDE. The system is built to scale with parallel jobs, consistent severity models, and traceable audit logs for compliance.
Challenge
Security scanning was fragmented across tools and delayed until late pipeline stages, creating bottlenecks and inconsistent remediation quality. Results lacked a common schema, and developers had to jump across dashboards to understand and fix issues.
Solution
Designed a unified scanning orchestrator, event-driven job processing, and LLM-assisted patch suggestions with consistent risk scoring. Streaming UI updates inside VS Code keep developers in flow while the backend aggregates findings into a single source of truth.
Responsibilities
- Architected the end-to-end extension user experience, created backend APIs, and security workflow
- Built a multi-scanner orchestration layer with normalized findings and policies
- Implemented LLM-assisted patch generation for common vulnerability classes
- Designed real-time event streaming using WebSockets and Redis queues
- Coordinated deployment on IBM Cloud with secure auth and service isolation
- Standardized severity mapping and audit logging for compliance reporting
- Defined secure authentication flows using JWT and IBM App ID
Technology stack
Continue exploring
Compare other case studies or start a collaboration conversation.