IntelliJ IntelliJ IDEA Qodana

New! Security Analysis Plugin for IntelliJ IDEA 2024.3.1

Read this post in other languages:

Application security is a critical requirement in modern software development. The latest release of IntelliJ IDEA 2024.3.1 – along with the optional new Security Analysis by Qodana plugin – elevates your security efforts with advanced interprocedural data flow analysis capabilities for code written in Java and Kotlin.

Trained on popular OWASP security benchmark projects, this new feature allows you to detect and address critical security vulnerabilities, such as cross-site scripting, command injections, SQL injections, and path traversal issues, in real time as you type.

This functionality is available in IntelliJ IDEA Ultimate starting from v2024.3.1 with the Security Analysis by Qodana plugin installed. To get started, open the Problems view, switch to the brand-new Security Analysis tab, and then install the required plugin.

Once the plugin is installed, you’re good to go. It will highlight problems in your editor automatically. Additionally, you can explore the built-in demo example in your Java or Kotlin project or launch taint analysis in batch mode over your whole codebase to identify places with potentially vulnerable code.

Security analysis matters more than ever

The Security Analysis by Qodana feature delivers taint analysis capabilities to your editor to help identify vulnerabilities in your application.

It traces how data flows through your code, highlighting areas where potentially harmful user input might reach vulnerable functions (sinks). Such dataflows could be exploited, potentially compromising your application’s security depending on the type of vulnerability.

With the release of IntelliJ IDEA 2024.3.1 and the Security Analysis by Qodana plugin, we’re helping address specific issues from the OWASP Top 10, which highlights the most critical security risks faced by modern applications. By running taint analysis with the new optional plugin in IntelliJ IDEA, you can proactively improve both the quality and security of your codebase.

Lock down codebase security

Security Analysis by Qodana for IntelliJ IDEA.

In the intentionally vulnerable Spring Boot sample above, you can see potentially malicious user input from request flows into an SQL query without proper sanitization. Attackers could exploit this vulnerability to compromise the whole system. 

Taint analysis in your team’s CI/CD pipeline with Qodana

Bring enhanced security to your team’s project with taint analysis in your CI/CD pipeline. This feature is available for code written in Java and Kotlin when using the 2024.3 version of the Qodana linter. 

Want to find out more? View the documentation, subscribe to the Qodana blog, or follow along on X or LinkedIn for more news and updates on the release. *Please keep the plugin up to date, and we’ll be sure to continue enhancing its capabilities.

image description