Cloud (IaC) Security Plugin for JetBrains IDEs
Docker and Kubernetes Security Scanner for JetBrains IDEs (e.g., IntelliJ IDEA, PyCharm, WebStorm, and more).
What is inside?
The plugin provides two main features:
- Docker Security Scanner: it covers Trivy and Hadolint rules and also provides rules to match Docker Best Practices.
- Kubernetes Security Scanner: it covers pod security standards.
Why this plugin?
- Seamless integration into the IDE without installing external tools.
- Verifies your files on the fly and highlight problems earlier, and that make shift left happens.
- Quick-fixes for problems are available for some inspections that could help fix problems faster.
- Supports complicated verifications, such as tracking variables and arguments as sources of issues.
- Pure Kotlin implementation, leveraging the power of IDEs.
What does the plugin offer?
- Dockerfile Analysis: Scanner for security vulnerabilities and Docker image optimization with over 40 checks.
- Docker Compose: Scanner for security vulnerabilities and misconfigurations.
- Kubernetes: Scanner for security issues to align with the Pod Security Standards.
- Quick Fixes: Resolve issues faster using built-in quick fixes.
What problems can the plugin detect?
You can find more information about detected problems:
- Detailed documentation on the bundled Cloud Security inspection
- In-IDE pop-up messages describing each issue, each of which links to a dedicated article in the documentation
Planned features
- Kubernetes: Implementing more rules to align with the NSA and CISA Kubernetes Hardening Guide.
References
- Trivy checks – entry point for Docker rules.
- Hadolint – source of additional Docker rules.
- Pod Security Standards – entry point for Kubernetes rules.
- Kubescape Rego library – source of Kubernetes rules.
Thanks
- My mother, who supported me every step of the way and who is no longer with us.