/jun 20, 2024

Available Now: Veracode Scan for JetBrains IDEs

By Robert Haynes

Veracode Scan for VS Code was one of the big hits on the expo floor at the RSA Security conference in May this year. People liked the integration of Veracode Static, Veracode SCA, and Veracode Fix into a single extension, giving developers the tools to scan their code and resolve problems with AI assistance while they are actively developing code. 

What they asked for was more IDE support, and so we’re pleased to announce the availability of Veracode SAST, Veracode SCA, and Veracode Fix in three IDEs from JetBrains:

  • IntelliJ
  • Pycharm
  • Ryder>

Installation is simple, simply search for Veracode Scan from the Plugins dialog and install. If you don’t have Veracode API credentials, you will need to generate them and configure a credentials file or set environment variables.

Once you’ve done that, you will be ready to start scanning your code for flaws, analyzing your third-party software for vulnerabilities, and then remediating problems with Veracode Fix.

Let’s take a quick look at the plugin interface in JetBrains IntelliJ:

Veracode Scan for IntelliJ

To run a scan, simply click the green 'Start' button  (marked in blue above). The results populate in the panes below, and as you can see, flaws that have a Veracode Fix available are marked with a 'starburst'. Clicking on one of these will reveal the line of code in the file, where you can then choose to fix the flaw using Veracode Fix by clicking on the red lightbulb:

Flaws in source file
Fix presents between one and three options to address the problem, simply examine the suggested changes, pick the one you want and hit apply:
Fix suggestions in IntelliJThis will update your code and you are ready to move on to either rescan your project or fix other discovered flaws. 

Below the static findings, you will see the software composition results, detailing any third-party libraries with vulnerabilities. Clicking on a library will show details, including both the latest and safe versions, allowing you to choose your update path. More details are available by following the Vulnerability Database link.

Jetbrains SCA Details

With Veracode Scan for the JetBrains IDE's, developers can get fast feedback on security flaws in their code, and vulnerabilities in the libraries they are using, combined with AI-augmented solutions from Veracode Fix. 

If you’re not a Veracode customer yet and would like to try Veracode in your IDE, then contact us or arrange a demo.

 

Related Posts

By Robert Haynes

Robert’s quarter-century working in IT has progressed (or is that regressed?) through helpdesk, UNIX sysadmin, backup, storage, application security,  technical sales, and marketing.  He now spends his time hanging out at the intersection of artificial intelligence and human ingenuity, waving a sign that says: “This way for secure software."