Looking for an security code IDE

Asked 25/1, 2017 at 12:16 Answered 25/4 at 3:44

-2

I need an IDE that will find problems in my code, those I have tried just don't do it good enough... Iv'e tried Eclipse and IntelliJ IDEA already. is there any good option? Thank you..

Pettis answered 25/1, 2017 at 12:16 Comment(1)

find problems in my code, what kind of problems do you mean ?! – Moulden 25/1, 2017 at 12:20

My team recently released a public preview for DevSkim, an open-source IDE plugin that flags security issues as you type them. Think "spell-check for security bugs". It doesn't provide the same level of depth as "real" static analyzers (it's just using regular expressions), but we think it serves an important need.

DevSkim includes inline guidance (why the code is vulnerable) and for some rules, a one-click "fix it for me" feature. It's available as a plugin for Visual Studio, VS Code, and Sublime Text.

I don't want to make this answer a feature list -- there is more information on our project page. We have plans to extend to additional IDEs, and of course to extend the ruleset. We welcome feedback and contributions.

Desex answered 15/2, 2017 at 2:53 Comment(2)

Any chance of releasing it for java? – Velasco 16/5, 2017 at 1:16

We're looking at IntelliJ support (not committed yet), and have some rules that already support Java- encourage you to follow the project Github page or flag/create an issue too, of course! – Desex 16/5, 2017 at 1:45

Disclaimer: I work at Strong Network, and although this question is quite old, the landscape has evolved significantly since it was originally posed.

If you've explored IDEs like VSCode, Visual Studio, or JetBrains and are seeking more advanced options, I recommend looking into cloud development environments such as GitHub Codespaces, Strong Network, etc.

These platforms offer a comprehensive suite of tools for software development, providing an all-in-one solution for development teams. They integrate with popular IDEs like JetBrains and VS Code, enhancing the development experience with robust tools and security features. Our platform also supports GitHub Copilot integration for AI-powered code assistance, which helps streamline the coding process and efficiently catch errors.

For a quick demonstration of GitHub Copilot within our CDE, check out this video.

Hopefully answered 16/4 at 14:42 Comment(0)

Bandit (https://github.com/PyCQA/bandit) is useful for secure Python coding. Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandit has finished scanning all the files it generates a report.

Bandit was originally developed within the OpenStack Security Project and later rehomed to PyCQA.

Laborious answered 25/4 at 3:44 Comment(0)

Recommended topics

Hot tags