close search bar

Sorry, not available in this language yet

close language selection
  • English
  • 日本語
  • 简体中文

Code Sight™ is an IDE plug-in that helps you address security defects in real time as you code.

Quickly find and fix security risks in source code, open source dependencies, API calls, and infrastructure-as-code (IaC) before you push vulnerabilities downstream. Get fast, accurate results for static application security testing (SAST) and software composition analysis (SCA) directly in your IDE.

Download the datasheet

Components that are pulled in by other components.

Automated Remediation

Code more securely without changing your workflow

Code Sight quickly and accurately detects security defects in application code and infrastructure-as-code files as you open, edit, and save them, so you can stay focused and fix security bugs before you check in.

Identify vulnerable open source dependencies

Code Sight gives you complete visibility into security risks in both direct and transitive open source dependencies, so you can select the most secure components and versions to use and avoid incompatible licenses.

Automated Remediation
Automated Remediation

Fix issues faster with automated remediation

When issues are found, Code Sight shows you exactly what code change or component upgrade is needed, and it can often make the fix automatically for you with just one click.

Write better code and avoid security issues

Real-time feedback and detailed remediation guidance help you learn more about common vulnerabilities as well as secure coding best practices.

Automated Remediation

More speed. Less rework.

Get started in minutes

Code Sight is a lightweight IDE plugin that you can download and install directly from your IDE’s marketplace.

Analyze code in seconds

Code Sight leverages industry-leading scan engines that can analyze large projects quickly, in the background, so you can keep coding.

Avoid costly rework

Fix issues while you code, and avoid the disruption of going back to fix vulnerabilities discovered during late-stage security tests.

Improve the effectiveness of downstream security testing

Code Sight complements downstream application security testing integrated into your build and CI pipelines. By “shifting security left” to the developer’s desktop, your team can address security issues early, reducing the noise and congestion that comes when vulnerabilities aren’t discovered until late in the life cycle, as well as the risk that undetected vulnerabilities will make it to production.

Standalone
Code Sight

Best for speed and secure DevOps for development teams.

Provide development teams with quality and security risk information for code, open source, and IaC templates used in their projects, directly within the IDE. Fix issues before pushing downstream and avoid late-stage rework.


Available for
$500
per developer
(10 minimum, volume discount available)
Free trial includes full standalone capabilities

  • Code Analysis
  • Rapid Scan Static
  • Full Scan (powered by Coverity SAST)
  • Open Source Analysis
  • Rapid Scan SCA
  • Risk Insight
  • Vulnerability severity, prioritization, and reachability metrics (e.g., CVSS)
  • Unsecure coding practices (e.g., CWE)
  • Black Duck Security Advisories
  • Risk severity, location within code
  • Remediation guidance
  • Enterprise Readiness
  • View security and quality risks detected across teams and projects
  • Custom security and license policy configuration
  • Automatic policy notification and enforcement
  • Scan Configurations
  • Automatic and manual scan options
  • Single-file scan and full project scan options
  • Deployment
  • Available as standalone IDE plugin for popular IDEs
  • Free Trial Available in VS Code and IntelliJ

Standalone
Code Sight


Download Free Trial
Full version available for purchase after trial period
Coming Mid 2023:

Code Sight Plugin for
Coverity and Black Duck

Best for full-lifecycle application security for the enterprise.

Extend the full application security capabilities of Black Duck and Coverity across the SDLC, without breaking established workflows. Security teams maintain control while developers cultivate risk awareness directly in the IDE.



INCLUDED
with Coverity SAST or Black Duck SCA.
Solution terms vary.
See Coverity SAST and Black Duck SCA for details.

  • Code Analysis
  • Rapid Scan Static
  • Full Scan (powered by Coverity SAST)
  • Open Source Analysis
  • Rapid Scan SCA
  • Risk Insight
  • Vulnerability severity, prioritization, and reachability metrics (e.g., CVSS)
  • Unsecure coding practices (e.g., CWE)
  • Black Duck Security Advisories
  • Risk severity, location within code
  • Remediation guidance
  • Enterprise Readiness
  • View security and quality risks detected across teams and projects
  • Custom security and license policy configuration
  • Automatic policy notification and enforcement
  • Scan Configurations
  • Automatic and manual scan options
  • Single-file scan and full project scan options
  • Deployment
  • Available as IDE plugin – view documentation for complete list

Code Sight Plugin for
Coverity and Black Duck

Related content

Video

How to use Code Sight to Detect Spring4Shell in your Applications

Watch the video
Datasheet
Code Sight Datasheet

Code Sight

Download the datasheet
Blog

IDE-based application security for developers in IntelliJ

Read the blog post
White Paper
First Line of Defense: Developer Security Tools in the IDE

First Line of Defense: Developer Security Tools in the IDE

Read the white paper

|