Software company JetBrains has partnered with Mend.io (formerly WhiteSource), a company specializing in application security. As a result of this collaboration, JetBrains can now provide new security features in its development environment and code analysis tool Qodana.
Advertisement
Detect malicious code and prevent commits
JetBrains Plugin Package Checker JetBrains was already available for development environments – including IntelliJ IDEA, Android Studio or PyCharm. It now offers advanced functionality and, depending on the Mend.io partnership, can detect malicious packages from the JavaScript package manager NPM or the Python package manager PyPI:
JetBrains Package Checker detects npm packages containing malicious code.
(Image: JetBrains)
JetBrains Package Checker protects against malicious packagesThe package checker can also protect the repository by blocking commits containing malicious dependencies:
A commit is prevented by the package checker due to corrupt packages.
(Image: JetBrains)
It is also possible to detect malicious packages in Qodana. Qodana is generally available since July 2023. It is used for static code analysis and is closely linked to JetBrains IDEs, but it is also compatible with most CI/CD systems.
As the JetBrains team explains, current security innovations are incremental updates. More to follow in the future. All additional information about the new partnership Can be found on the JetBrains blog,
(May)
Smart pointer and more Rust code for Linux kernel 6.14
