How to catch vulnerabilities, secrets, and container image issues before your code ever leaves the IDE — and why that changes everything.
The Problem Nobody Talks About
Here is a scenario every developer knows: you push your code, open a pull request, watch the CI pipeline spin up, wait several minutes, and then — red. A security scanner found a critical CVE in a transitive dependency, or worse, a leaked API key in a properties file. Now you context-switch back to code you wrote thirty minutes ago, try to remember what you changed, and start the remediation cycle.
This is the reality of “shift-left” security as it exists in most organisations today. The scanner has moved from production to the CI pipeline, which is an improvement — but the pipeline is still far from the developer’s fingers. The feedback loop remains slow, disruptive, and expensive.
What if the scan happened while you were still looking at the code? What if your AI coding agent — the same one helping you write functions and refactor modules — could also tell you that the dependency you just added has a CVSS 9.8 vulnerability, and offer to fix it on the spot?
That is what shifting way left looks like. Not just left of deployment. Not just left of merge. Left of commit. Left of save. Right there in the IDE, during the act of writing code.
Where Traditional Shift-Left Falls Short
The typical CI/CD security scanning model looks something like this:
Developer writes code
→ Pushes to remote repository
→ CI pipeline triggers
→ Build step runs
→ SCA scanner calls remote server (5–15 min)
→ Results come back
→ Developer context-switches to fix
The gap between writing the code and receiving security feedback can be anywhere from ten minutes to several hours depending on pipeline queues, scanner infrastructure, and how complex the dependency tree is. During that gap, the developer has moved on — to other tasks, other features, or lunch. Every minute of delay increases the cognitive cost of remediation.
Even modern “fast” pipeline scanners like Trivy in CI (which typically complete in under 60 seconds) still require a push, a pipeline trigger, and a round trip. The developer has already committed the code locally and pushed it to the remote. The horse has left the stable.
Tier 0: The IDE as Your First Security Gate
The solution is to add a new tier that runs before everything else — directly in the IDE, powered by the AI coding agent that developers are already talking to.
| Tier | Location | When | Feedback Time |
|---|---|---|---|
| Tier 0 | IDE (AI Agent) | While coding | Instant |
| Tier 1 | CI Pipeline (Trivy) | After push | 10–60 seconds |
| Tier 2 | CI Pipeline (SCA/SAST) | After Tier 1 passes | 5–15+ minutes |
Tier 0 does not replace Tier 1 or Tier 2. Those layers provide depth that a local scan cannot: full transitive dependency resolution, licence policy enforcement, organisation-wide vulnerability management, and compliance reporting. What Tier 0 provides is speed — catching the obvious issues so they never waste time in the pipeline.
Why AI Agents Are the Perfect Delivery Vehicle
Developers in 2026 are already using AI coding agents — GitHub Copilot, Claude Code, Cursor, Codex — as an integral part of their workflow. These agents can execute terminal commands, read and write files, and engage in interactive dialogue. This makes them the ideal carrier for security scanning because:
The agent is already present. There is no new tool for the developer to install, no new tab to open, no new dashboard to check. The security scan is a conversation with the same assistant that just helped refactor a method.
The agent can explain findings in context. A raw CVE number in a CI log means nothing to most developers. An AI agent can explain what the vulnerability does, why it matters for this specific project, and exactly how to fix it — in plain language.
The agent can fix issues interactively. Rather than just reporting “spring-webmvc has CVE-2024-38816,” the agent can show the developer the diff (6.1.6 → 6.1.13 in pom.xml), ask for confirmation, apply the change, and re-run the scan to verify. The entire remediation cycle happens in seconds, not hours.
The agent can scan container images. Developers building Docker images locally can ask the agent to scan the built image before pushing it to a registry. OS-level vulnerabilities in base images (Alpine, Debian, Ubuntu) that CI scanners would catch later get caught immediately.
The agent understands the tech stack. It can detect whether the project uses Maven, npm, pip, or Go modules and configure the scan accordingly — correct skip-directories, correct lock file targets, correct remediation commands.
What Tier 0 Scanning Catches
Trivy as a local filesystem and image scanner covers a remarkable range of security concerns:
Dependency vulnerabilities. Trivy analyses lock files (package-lock.json, pom.xml, go.sum, Cargo.lock, and many more) against the National Vulnerability Database. Any known CVE with a published advisory gets flagged, along with the fixed version if one exists.
Leaked secrets. API keys, access tokens, private keys, database passwords, cloud credentials — Trivy detects these using built-in rules that cover AWS, GCP, Azure, GitHub, GitLab, Slack, and dozens of other services. Custom patterns can be added for organisation-specific secrets.
Container image vulnerabilities. Both OS-level packages (curl, openssl, libc) and application-level packages inside Docker images are scanned. The scanner identifies which vulnerabilities have fixes available and which are currently unfixable upstream.
Misconfigurations. Dockerfiles running as root, Kubernetes manifests without resource limits, Terraform configurations exposing public S3 buckets — Trivy checks infrastructure-as-code files against hundreds of security rules.
The Developer Experience
Here is what the workflow looks like in practice. The developer is working on a Spring Boot application and asks the AI agent to scan before committing:
The agent detects the tech stack (Java/Maven), runs Trivy with the appropriate configuration, and presents a structured report:
╔══════════════════════════════════════════════════════════╗
║ TRIVY SECURITY SCAN REPORT ║
╠══════════════════════════════════════════════════════════╣
║ 🔴 CRITICAL: 2 ║
║ 🟠 HIGH: 3 ║
║ 🔑 SECRETS: 1 ║
╠══════════════════════════════════════════════════════════╣
║ VERDICT: FAIL ❌ ║
╚══════════════════════════════════════════════════════════╝
Each finding includes the CVE ID, affected package, installed and fixed versions, a plain-English description, and the exact fix command. Secrets include the file and line number plus rotation guidance.
Then the agent asks:
Would you like me to fix these issues?
[A] Fix ALL issues automatically
[B] Fix only CRITICAL issues
[C] Walk through each fix one-by-one
[D] Skip — I just needed the report
If the developer chooses [C], the agent walks through each finding, shows the before/after diff, waits for approval, and applies the change. After all fixes, it re-runs the scan to confirm everything is clean.
Total time: under two minutes, without leaving the IDE. Compare that to a 15-minute CI pipeline feedback loop.
Container Image Scanning at the Source
One of the most underutilised capabilities is scanning container images locally. Most teams only scan images in CI after they have been built and pushed. But base image vulnerabilities (e.g., an outdated version of curl in Alpine) can be caught the moment the developer builds locally.
The agent can:
- Detect the Dockerfile in the workspace
- Check if the image has been built locally
- Run
trivy image <name:tag>against it - Show OS-level and application-level findings separately
- Suggest base image upgrades or Dockerfile patches
- Apply changes with the developer’s approval
This catches vulnerabilities that filesystem scanning would miss — because the vulnerable package (say, libcurl) is not in the application’s dependency tree but in the container’s operating system layer.
Making It Stick: The Pre-Commit Safety Net
For teams that want an automated gate, the skill includes a Git pre-commit hook that runs a fast CRITICAL-only scan before every commit. If critical vulnerabilities or leaked secrets are detected, the commit is blocked with a clear message pointing the developer to the full scan.
This creates a three-layer defence even before code reaches the remote repository:
- Proactive: Developer asks the AI agent to scan (interactive)
- Automatic: Pre-commit hook blocks commits with critical issues
- Verification: CI pipeline runs the full Trivy + SCA scan
Why Local Scanning Is More Resilient Than You Think
In early March 2026, something remarkable happened: the Trivy GitHub repository — the most popular open-source vulnerability scanner on the planet, with 32,000+ stars — was itself compromised. An autonomous AI bot exploited a misconfigured pull_request_target GitHub Actions workflow, stole a Personal Access Token, deleted all GitHub releases, and published a malicious VS Code extension to the OpenVSX marketplace.
The irony is impossible to miss. A security scanner was taken down through its own CI/CD pipeline.
This incident highlights a truth that the shift-way-left model embraces by design: CI/CD pipelines are infrastructure, and infrastructure is an attack surface. When your security scanning depends on a remote server, a GitHub Actions workflow, or a marketplace extension, you inherit the attack surface of each of those systems.
Local scanning sidesteps this entirely. When Trivy runs on the developer’s machine via an AI agent:
- There is no Actions workflow to exploit
- There is no remote server to compromise
- The vulnerability database is cached locally
- Scan output never leaves the workstation
- The developer sees results directly in the IDE, not through a third-party integration
This does not mean CI/CD-based scanning should be abandoned — pipeline enforcement and compliance scanning remain essential. But it does mean that local Tier 0 scanning provides a resilient baseline that continues to function even when upstream infrastructure is under attack.
Getting Started
The skill is open-source and works with any AI coding agent that supports SKILL.md, AGENTS.md, or .agent.md conventions. Adding it to a repository is as simple as copying the skill files and ensuring Trivy is installed on the developer’s machine.
There is no server to configure, no licence to manage, and no infrastructure to maintain. Trivy runs entirely locally, the vulnerability database is cached on the machine, and the AI agent provides the interface.
For teams already running Trivy in CI, this is a natural extension of the same tool to an earlier point in the workflow. For teams not yet using Trivy, it is the fastest path to measurable improvement in security feedback time.
The Numbers That Matter
The shift from Tier 1 (CI) to Tier 0 (IDE) changes three metrics dramatically:
Time to feedback: From 10–60 minutes to under 2 minutes. This is the difference between a fix costing 30 seconds of thought and 30 minutes of context-switching.
Fix rate: When the agent suggests the fix and offers to apply it, developers fix immediately rather than creating a backlog ticket. The path of least resistance becomes the secure path.
Pipeline efficiency: Issues caught at Tier 0 never reach the CI pipeline. Deep SCA scanners spend their time on genuine edge cases rather than processing the same critical CVEs that could have been caught locally.
Conclusion
The industry conversation about shift-left security has been focused on CI/CD pipelines for a decade. But the pipeline is not the leftmost point in the workflow — the IDE is. With AI coding agents now capable of running commands, reading output, and applying fixes interactively, there is no reason to wait for a pipeline to tell developers what Trivy could tell them in seconds.
Shifting way left is not about replacing your existing security infrastructure. It is about extending it to where developers actually write code, using the AI agents they are already working with, and making the secure path the fastest path.
The best time to find a vulnerability is before it is committed. The second best time is now.
Acknowledgements
Everything in this skill is powered by Trivy, an open-source vulnerability scanner created and maintained by Aqua Security and its community. This project is an integration layer — it wraps Trivy’s CLI with AI-agent-native instructions, structured reporting, and interactive remediation. It does not reinvent scanning; it makes an already excellent tool accessible from the new generation of AI coding assistants.
If you find value in local security scanning, consider supporting the Trivy project that makes it all possible.
The agent skill described in this post is available on GitHub under the MIT licence.