Skip to main content

AI Code Editors: Security Considerations, Our Experience

· One min read

Introduction

Artificial Intelligence (AI) code editors have revolutionized the way we write code, offering unprecedented productivity gains. However, as with any powerful tool, they come with their own set of security considerations. This blog post explores the potential risks associated with AI code editors and provides guidance on how to use them safely, inspired by a recent experience with GitHub Copilot.

The Power of AI Code Editors

AI-powered code editors have become increasingly popular due to their ability to:

  • Autocomplete code snippets

  • Suggest function names and parameters

  • Provide real-time code analysis

  • Offer context-aware coding assistance

These features can significantly boost a developer's productivity, often by a factor of 10 or more. However, this increased efficiency comes with potential security risks that need to be carefully managed.

A Cautionary Tale: Our Experience with GitHub Copilot

Recently, we encountered a situation that highlighted the importance of vigilance when using AI code editors. While using GitHub Copilot with a team license, we noticed it was attempting to autocomplete code in a sensitive file, despite our configured rules to prevent this.

Upon investigation, I discovered that I was logged into VS Code with two user accounts - one with our security policies applied and another without. Unfortunately, the account without the policies took priority, leading to this situation.

It's important to note that this was not a security breach or a large incident. Rather, it was a precautionary wake-up call that prompted us to take action. As a precautionary measure, we decided to rotate our API keys in our services. Although we trust GitHub's practices not to train on sensitive items, we wanted to be extra diligent.

This experience inspired us to write this post because while AI code editors are important and highly beneficial, it's crucial to remain vigilant in their use.

Security Risks and Considerations

1. Sensitive Information Exposure

One of the most critical risks associated with AI code editors is the potential exposure of sensitive information. As these tools analyze your code in real-time, they may inadvertently capture and process sensitive data such as:

  • API keys

  • Database credentials

  • Authentication tokens

  • Proprietary algorithms

Our experience with GitHub Copilot attempting to autocomplete in a sensitive code file underscores this risk. It's important to note that unlike your GitHub repo that typically doesn't store API keys, your editor and terminal may have access to files or variables containing this sensitive information.

2. Data Transmission and Storage

AI code editors often rely on cloud-based services to provide their advanced features. This means that your code, or portions of it, may be transmitted to and stored on external servers. It's crucial to understand:

  • What data is being sent to these services

  • How this data is protected during transmission and storage

3. Conflicting User Accounts and Policies

As we learned, having multiple user accounts in your development environment can lead to unexpected behavior. If one account doesn't have the proper security policies applied, it may override the intended security measures.

Best Practices for Secure Usage

To mitigate these risks and enjoy the benefits of AI code editors safely, consider the following best practices:

  1. Rotate API Keys Regularly: As a precautionary measure, regularly rotate your API keys and credentials, especially if you suspect they might have been exposed.

  2. Use .gitignore and Environment Variables: Keep sensitive information out of your code files by using .gitignore and storing secrets in environment variables.

  3. Review AI Suggestions Carefully: Always review and understand the code suggested by AI before incorporating it into your project.

  4. Use Local AI Models When Possible: Some AI code editors offer options to run models locally, which can provide an additional layer of security for sensitive projects.

  5. Keep Your AI Code Editor Updated: Ensure you're using the latest version of your AI code editor to benefit from the most recent security patches and improvements.

  6. Understand the Privacy Policy: Familiarize yourself with the privacy policy of your AI code editor to understand how your data is handled.

  7. Verify User Accounts and Policies: Regularly check your development environment to ensure you're logged in with the correct account and that all necessary security policies are applied.

  8. Implement and Enforce Team-Wide Security Policies: Establish clear guidelines for using AI code editors within your team, including how to handle sensitive code and data. If you are GitHub use their content-exclusion policies.

Conclusion

AI code editors are powerful tools that can significantly enhance developer productivity. However, as our recent experience showed, they require careful handling to ensure the security of sensitive information. By being aware of these risks and implementing appropriate safeguards, we can harness the power of AI in our development processes while maintaining robust security practices.

Remember, while AI tools can multiply our productivity tenfold, it's crucial to remain vigilant and prioritize security. Our experience serves as a reminder that even with trusted tools like GitHub Copilot, it's important to stay alert and proactive in managing potential security risks.

We want to emphasize that this incident did not result in any security breach, and no action is needed for users of our service. By sharing this experience, we hope to inspire other developers to maintain a security-first mindset when leveraging AI in their development workflows. Stay vigilant, prioritize security, and make the most of these revolutionary tools responsibly.

Protect your .env in Cursor

· One min read

Protect your .env in Cursor

  On May 7, 2025, 4 min

Inspiration for this post

Recently we started using cursor in addition to GitHub copilot, and I was personally impressed with how much more productive I could be coding with in addition to GitHub copilot.

However there were some things I did not love that I recently ran into so I thought I would share my experience, specifically around .env variables. I recently started a new pet project, and that would specifically leverage a GitHub token, so I created a .env variable and a .gitignore. To my shock AI autocomplete was trying to guess or generate an answer. Despite still having Cursor privacy mode turned on, having a .gitignore with .env file, and even messing with a .cursorignore I expected the AI to ignore my .env similar to GitHub copilot. Apparently, from what I read Cursor has an edge case where is a file is open in the active editor it can still be a target for AI request. I will say Cursor does point out that all data/context/code in privacy mode should be promptly deleted after the request, but this still stressed me out. Luckily I did not open any important project .env files in Cursor, but it did make inspire me to be proactive and rotate all major API secrets for any key projects that I opened with Cursor just in case, because it is always better to be safe than sorry?

So how do I fix it?

So at this point you are likely wondering how can I avoid any stress and worry around .env files variables in Cursor? So a couple things, one always make sure .gitignore includes .env file. Also add a .cursorignore file as well with .env file.

The biggest thing that will likely save you a lot stress is going into the vscode settings(remember cursor is a vscode fork) and prevent any .env file from being open in Cursor ever.

So this prevents you from opening an .env file in Cursor in general, but it also prevents things like composer and chat from having access to it(at least from what I have seen).

Final notes

Also the last thing I want to do is stress more people out, so if you find yourself stressed that you opened a project in Cursor, it does not appear you have to be too stressed out about your .env, because if you are in private mode they seem to claim to delete your data and your context as mentioned in this thread. But if you are like me and are super paranoid about everything I hope my tips help! Happy coding!

Why a Static Generated Site is the Best Choice for Developer Docs and Landing Pages

· One min read
Andrew Van Beek
Dev-Docs CEO and Co-Founder

Why a Static Generated Site is the Best Choice for Developer Docs and Landing Pages

Andrew Van Beek,  On May 7, 2025, 3 min

Andrew Van Beek

In the fast-paced world of software development, efficient documentation is crucial. Static generated sites, particularly those using Markdown and platforms like GitHub and Docusaurus, offer an optimal solution for developer docs and landing pages. Here's why:

1. Simplicity and Speed with Markdown

Static site generators like Docusaurus leverage Markdown, allowing developers to create lightning-fast documentation. Pages load instantly, enhancing user experience and reducing bounce rates.

2. Cost-Effective Hosting on GitHub or Vercel

Hosting developer docs on platforms like GitHub Pages is incredibly cost-effective, often free. This is perfect for open-source projects and startups looking to minimize expenses.

3. Enhanced Security for Developer Docs

Static sites, including those built with Docusaurus, are inherently more secure. With no dynamic content or databases, there are fewer vulnerabilities for potential attackers to exploit.

4. Version Control with GitHub

Integrating your developer docs with GitHub allows for seamless version control. This makes collaboration easier and provides a comprehensive history of documentation changes.

5. Focus on Content with Markdown

Markdown, the preferred format for many static site generators, allows developers to focus on writing clear, concise documentation without worrying about complex formatting.

6. SEO-Friendly Developer Docs

Static sites built with tools like Docusaurus are easily crawlable by search engines. Their fast load times and structured content contribute to better SEO rankings for your developer docs.

7. Easy Maintenance with Docusaurus

Once set up, maintaining developer docs on a static site is straightforward. Docusaurus makes it easy to update content without dealing with complex CMS systems.

8. Scalability for Growing Projects

Static sites can handle high traffic volumes, making them ideal for popular open-source projects hosted on GitHub with extensive developer docs.

9. Modern Development Workflow

Static site generators like Docusaurus integrate well with modern development tools and practices, facilitating continuous integration and deployment of your developer docs.

10. Flexibility with Markdown and JavaScript

Despite being "static," these sites can incorporate dynamic elements through JavaScript and APIs, giving your developer docs the best of both worlds.

In conclusion, for developer docs and landing pages, a static generated site using Markdown and tools like Docusaurus provides an excellent balance of simplicity, performance, and functionality. It's a powerful approach that can help your project's documentation stand out on platforms like GitHub.

Supercharge Your API and SDK Documentation with AI-Powered Dev-Docs

· One min read
Andrew Van Beek
Dev-Docs CEO and Co-Founder

Supercharge Your API and SDK Documentation with AI-Powered Dev-Docs

Andrew Van Beek,  On May 7, 2025, 3 min

Andrew Van Beek

Are you a developer building APIs, SDKs, or other developer tools? Maintaining comprehensive and up-to-date documentation can be a daunting task, especially as your codebase grows in complexity. Enter Dev-Docs, an AI-powered documentation solution that streamlines the process of generating and managing documentation for your projects.

The Challenges of API and SDK Documentation

Developing APIs, SDKs, and other developer tools require meticulous attention to detail and a deep understanding of the underlying code. However, keeping the documentation in sync with the codebase can be a time-consuming and error-prone process. Manual documentation efforts often lead to inconsistencies, outdated information, and a lack of cohesion across different components.

The Dev-Docs Solution

Dev-Docs is a cutting-edge solution that leverages the power of artificial intelligence to automate the documentation process. By analyzing your codebase and leveraging natural language processing, Dev-Docs can generate comprehensive and accurate documentation for your APIs, SDKs, and other developer tools.

Seamless Integration with Your Workflow

One of the key advantages of Dev-Docs is its seamless integration with your existing development workflow. With the Dev-Docs VS Code extension, you can generate and manage documentation directly within your code editor, ensuring that your documentation stays in sync with your codebase.

AI-Powered Documentation Generation

Dev-Docs utilizes advanced AI algorithms to analyze your code and generate human-readable documentation. Whether it's API endpoints, function definitions, or class structures, Dev-Docs can provide detailed explanations, examples, and usage instructions, making it easier for developers to understand and work with your tools.

Customizable and Extensible

Dev-Docs is highly customizable, allowing you to tailor the documentation generation process to your specific needs. You can define filters, templates, and prompts to ensure that the generated documentation aligns with your project's conventions and standards.

Version Control and Collaboration

With Dev-Docs, your documentation is treated as code, enabling version control and seamless collaboration among team members. You can track changes, review diffs, and merge updates, ensuring that your documentation remains up-to-date and consistent across different branches and releases.

Get Started with Dev-Docs Today

Elevate your API, SDK, and developer tool documentation game with Dev-Docs. By leveraging the power of AI, you can save time, reduce errors, and provide a better developer experience for your users. Visit our website at dev-docs.io to learn more and get started with Dev-Docs today.

Contextual Documentation with Dev-Docs and Continue

· One min read
Andrew Van Beek
Dev-Docs CEO and Co-Founder

Contextual Documentation with Dev-Docs and Continue

Andrew Van Beek,  On May 7, 2025, 4 min

Andrew Van Beek

Continue is the leading open-source AI code assistant. Its IDE extensions allow you to leverage AI in your code editor to ask questions about your codebase and generate code. What's even more awesome is that it is extensible—for example, you can use any models you want with it!


Dev-Docs is an AI developer tool that provides a VS Code extension for generating custom markdown documentation on your codebase that can be used by tools like Continue. Today, we are going to show how you can use Dev-Docs to generate custom, contextual documentation for a codebase, which can be used as context in Continue.

Before you get started

Install Dev-Docs in VS Code


step_3.png


Install Continue in VS Code


step_6.png


Step 1: Open the Dev-Docs extension and sign in

Select the "Dev-Docs" extension icon from the Activity Bar on the left and then "Sign In"


image.png


Once you are signed in, you will need to create an org name for your team. For example, our org name here is "continuedev"


step_11.png


Step 2: Set up your repository and generate context

Click the "Setup my repo" button and then the "Generate Context" button


step_7.png


This will create a dev-docs.json file and dev-docs folder in your repo


step_14.png


Select the "Generate Context" button


step_15.png


Step 3: Select files and generate contextual documentation


Choose the files you want to be used as input for the contextual documentation, making sure "Codebase" is selected, and then click "Generate New Doc"


step_16.png


When you navigate back to the file explorer you should see some files populated in dev-docs folder


step_31.png


Step 4: Open the Continue extension and sign in


Click the Continue extension icon in the Activity Bar and sign in with your GitHub account to use the Continue free trial models (or add your own API keys if you'd like instead)


step_22.png


Step 5: Use @dev-docs as context and ask questions


Continue will automatically allow you to use dev-docs folder as context (using the folder context provider)


step_24.png


Try asking questions like "@dev-docs what technologies are used?"


step_28.png


Conclusion


Now that you have set up both Dev-Docs and Continue, you can take full advantage of the contextual documentation generated by Dev-Docs within Continue. Everything from code explaination, high level context, best practices, and architecture are now super charged with Continue and Dev-Docs. Thanks for reading!

Why Developer Documentation is Important for SEO and Sales

· One min read
Andrew Van Beek
Dev-Docs CEO and Co-Founder

Why Developer Documentation is Important for SEO and Sales

Andrew Van Beek,  On May 7, 2025, 4 min

Andrew Van Beek

Developer documentation plays a crucial role in enhancing both SEO and sales for software products and services. In today's digital landscape, where potential customers heavily rely on online resources for research and decision-making, well-crafted documentation can significantly impact a company's visibility, credibility, and success.

Importance for SEO

  1. Search Engine Visibility: High-quality documentation that addresses common questions, challenges, and use cases can improve a website's search engine ranking for relevant keywords. By providing valuable content to users, search engines recognize the website as a trustworthy and authoritative source, leading to better visibility and organic traffic.

  2. Topical Relevance and Keyword Optimization: Comprehensive documentation allows for the strategic inclusion of relevant keywords and phrases related to the product or service. This helps search engines better understand the topical relevance of the website, increasing its chances of appearing in relevant search results.

  3. Content Freshness and Updates: Regular updates and additions to the documentation create new, fresh content that search engines value. This signals that the website is actively maintained and provides up-to-date information, contributing to better search engine rankings.

Importance for Sales

  1. Product Understanding and Adoption: Well-documented products make it easier for potential customers to understand the features, capabilities, and use cases of the software. This increased understanding facilitates product adoption, reducing friction in the sales process.

  2. Self-Service Support: Detailed documentation empowers users to find answers to their questions independently, reducing the need for direct sales or support interactions. This self-service approach streamlines the customer journey and frees up sales resources to focus on higher-value tasks.

  3. Credibility and Trust Building: High-quality documentation demonstrates a commitment to transparency and customer support. This builds trust and credibility with potential customers, increasing the likelihood of closing sales and retaining existing customers.

  4. Lowering Sales Barriers: Clear and comprehensive documentation can address common objections, concerns, or misconceptions that potential customers may have about the product or service. By proactively addressing these issues, sales teams can more effectively overcome objections and close deals.

  5. Onboarding and Training: Detailed documentation serves as a valuable resource for onboarding new customers and training existing ones on product updates or advanced features. This helps ensure seamless adoption and maximizes the value customers derive from the product, leading to higher customer satisfaction and retention.

In summary, developer documentation plays a pivotal role in improving both SEO and sales for software companies. By providing valuable, comprehensive, and up-to-date information, documentation enhances search engine visibility, builds trust and credibility, streamlines the sales process, and improves customer onboarding and retention.