Getting Started
Start free, install the extension, plug in a license key, and scan your first file, about five minutes end to end.
1. Create or open your account
Start with a free account at siteshadow.com/dashboard/signup?plan=free, or sign in at siteshadow.com/dashboard if your team already has access.
2. Download the editor extension
Grab the latest VSIX from the Settings › Extension tab. The download is served by the authenticated product API, not a public static asset URL. The file bundles the signed editor client; analysis itself runs server-side.
3. Install in VS Code or Cursor
- Open VS Code or Cursor.
- Press ⌘⇧P (macOS) or Ctrl+Shift+P (Windows / Linux) to open the Command Palette, type Install from VSIX, and press Enter.
- Select the downloaded
.vsixfile. - Reload the editor if prompted.
Prefer the terminal? Use your editor's packaged extension-install command with the authenticated file you downloaded from the dashboard.
4. Enter your license key
On first activation SiteShadow prompts for a license key. You can find yours at
Settings › Subscription,
click the eye icon to reveal, then copy. Free-tier keys start with SS-FREE-…;
paid keys start with SS-PRO-….
5. Run your first scan
Single file
Open any .py, .js, .ts, .go, .java, or .cs file and save it. SiteShadow scans on save and surfaces findings inline as diagnostics (squiggles) plus a status-bar summary.
Whole project
Open the Command Palette and run SiteShadow: Analyze Project. The extension walks your workspace (respecting .gitignore), POSTs to /analyze-project, and renders a full Markdown report covering cross-file taint, secrets, and IaC issues that single-file scans can't see. Click Export as PDF in the completion toast to download the same report as a PDF.
6. Explore your results
- Dashboard, org-wide totals, trends, and per-finding detail across every scan.
- Findings, filter, sort, and search every open issue; sortable columns.
- Trends, weekly activity, top rules, critical-issue trajectory.
What's next?
- Standards & methodology, how SiteShadow prioritizes risk and picks checks.
- Vulnerability library, every rule with an explanation and remediation guidance.
- Coverage report, checks, CWE mapping, heuristic checks, and AI/LLM rule families.
- Contact support, questions, bug reports, feature requests.