Ensure Greater Software Security With Package Analysis by Checkmarx in IntelliJ IDEA
Today we are happy to announce the partnership between JetBrains, a global software vendor that creates professional software development tools and advanced collaboration solutions, and Checkmarx, a global leader in developer-centric application security testing (AST) solutions.
Checkmarx SCA (Software Composition Analysis) is now integrated directly into JetBrains IntelliJ IDEA Ultimate through the Package Checker plugin. Thanks to the plugin, developers will now be provided with security information about open source packages included directly or indirectly in their code, allowing them to address security concerns during development instead of in production.
“Over five million developers around the world use IntelliJ IDEA Ultimate to rapidly create and deliver the applications their organizations need,” said Checkmarx Chief Product Officer Razi Sharir. “Including powerful application security testing right in their development environment minimizes friction with modern application development workflows and makes it easier to secure those applications before they are compiled, rather than waiting for deployment to identify vulnerabilities. Checkmarx is proud to work with JetBrains to bring our two market-leading solutions together to create a big win for the developer community.”
Said Dmitry Jemerov, Head of Product for IntelliJ IDEA: “The Java ecosystem has recently experienced several major vulnerabilities affecting extremely broadly used frameworks, including Log4J and Spring. We’re glad we can provide our users with tools that can highlight the use of vulnerable dependencies in their projects and update to a secure version with just a few keystrokes.”.
How does it work?
Starting with the recently released version 2022.1, IntelliJ IDEA Ultimate can now detect vulnerabilities in Maven or Gradle dependencies used in a project by checking them against the Checkmarx SCA Database and the National Vulnerability Database.
While the developers are writing their code, the IDE will highlight packages that are considered vulnerable. Currently, the plugin inspects for vulnerable declared and vulnerable imported (transitive) dependencies and suggests fixes where available.
To see inspections, a developer should enable Security Inspections in Preferences / Settings | Editor | Inspections | Security.
They can also see a list of all the issues in their project in a dedicated tool window without having to open the files where they are declared.
This list can be seen by running Code | Analyze Code | Show Vulnerable Dependencies.
Please note that currently the security checks are available inside the IDE only if the developer has a license for IntelliJ IDEA Ultimate or the All Products Pack, and this license was obtained through their JetBrains Account.
Thanks to the package analysis by Checkmarx, developers worldwide can now build more secure code right in their favorite IDE.
Subscribe to Blog updates
Thanks, we've got you!
Java Annotated Monthly – December 2023
The December edition of Java Annotated Monthly is here! As usual, you’ll find all the latest Java and Kotlin updates as well as details of key industry events for networking and learning. This issue also features the latest release candidates and targeted JEPs alongside Java tutorials and articles a…
Java Annotated Monthly – November 2023
Welcome to the Java Annotated Monthly – November 2023! As the Java world keeps on spinning, we've gathered a treasure trove of articles, talks, and insights to warm your Java developers’ hearts. This month's edition features a delightful blend of the latest technological advancements and the ever…
Java Annotated Monthly – October 2023
Welcome to the October edition of Java Annotated Monthly! In this issue, we're plunging into the world of Java and tech. We'll explore the latest and greatest in the recent release of Java 21, share exciting news about the new EAP for IntelliJ IDEA 2023.3, and bring you a handpicked selection of …
JPA and React Plugins: From Buddies To Full Members of The JetBrains Family
We are excited to announce that JPA Buddy and React Buddy have joined the JetBrains family. Positioned as powerful plugins for working with JPA data and React applications, respectively, they will offer even more functionality for IntelliJ IDEA and WebStorm developers moving forward. With this ac…