Code Sight™ IDE Plug-in helps developers fix software defects as they code and extends insight from pipeline scans to the developer desktop.
Quickly find and fix security risks in source code, open source dependencies, API calls, and infrastructure-as-code (IaC) before you push vulnerabilities downstream.
Components that are pulled in by other components.
Get fast, accurate results for static application security testing (SAST) and software composition analysis (SCA) directly in your IDE.
Application security optimized for the needs of developers
Secure coding without changing your workflow
Code Sight quickly and accurately detects security defects in application code and infrastructure-as-code files as you open, edit, and save them, so you can stay focused and fix security bugs before you check in.
Identify vulnerable open source dependencies
Code Sight gives you complete visibility into security risks in both direct and transitive open source dependencies, so you can select the most secure components and versions to use and avoid incompatible licenses.
Fix issues faster with AI-powered code fixes
The integration of Black Duck Assist™ into Code Sight provides developers with AI-driven summaries, step-by-step analyses of code, and suggested fixes that they can use to resolve issues instantly.
Unify priorities for DevSecOps
Alert developers to policy violations and issues detected during pipeline-based security tests. Ensure AppSec teams maintain control over fix priorities while development teams work in unison to secure code.
More speed. Less rework.
Get started in minutes
Analyze code in seconds
Avoid costly rework
Black Duck by the numbers
reduction in time spent on manual code reviews
reduction in time spent remediating vulnerabilities
reduction in time spent on vulnerability rework
Improve the effectiveness of downstream security testing
Code Sight complements downstream application security testing integrated into your build and CI pipelines. By “shifting security left” to the developer’s desktop, your team can address security issues early, reducing the noise and congestion that comes when vulnerabilities aren’t discovered until late in the life cycle, as well as the risk that undetected vulnerabilities will make it to production.
Standalone Code Sight
Best for speed and secure DevOps for development teams
Provide development teams with quality and security risk information for code, open source, and IaC templates used in their projects, directly within the IDE. Fix issues before pushing downstream and avoid late-stage rework.
Available for
$500
per developer
(10 minimum, volume discount available)
Free trial includes full standalone capabilities
- Code Analysis
- Rapid Scan Static
- Full Scan (powered by Coverity® Static Analysis)
- Open Source Analysis
- Rapid Scan SCA
- Risk Insight
- Vulnerability severity, prioritization, and reachability metrics (e.g., CVSS)
- Unsecure coding practices (e.g., CWE)
- Black Duck® Security Advisories
- Risk severity, location within code
- Remediation guidance
- Enterprise Readiness
- View security and quality risks detected across teams and projects
- Custom security and license policy configuration
- Automatic policy notification and enforcement
- Scan Configurations
- Automatic and manual scan options
- Single-file scan and full project scan options
- Deployment
- Available as standalone IDE plugin for popular IDEs
- Free Trial Available in VS Code, Visual Studio, Eclipse and IntelliJ
Code Sight Plug-in for Black Duck AST tools
Best for full-life cycle application security for the enterprise
Extend the full application security capabilities of Black Duck® SCA and Coverity® Static Analysis, Software Risk Manager™, and Black Duck Polaris™ Platform, without breaking established workflows. Security teams maintain control over pipeline-based tests while developers cultivate risk awareness directly in the IDE.
Included
with Coverity, Black Duck SCA, Software Risk Manager, and Polaris. Solution terms vary.
See Coverity Static Analysis, Black Duck SCA, Software Risk Manager, or the Polaris Platform for details.
- Code Analysis
- Rapid Scan Static
- Full Scan (powered by Coverity Static Analysis)
- Open Source Analysis
- Rapid Scan SCA
- Risk Insight
- Vulnerability severity, prioritization, and reachability metrics (e.g., CVSS)
- Unsecure coding practices (e.g., CWE)
- Black Duck® Security Advisories
- Risk severity, location within code
- Remediation guidance
- Enterprise Readiness
- View security and quality risks detected across teams and projects across teams and projects
- Custom security and license policy configuration configuration
- Automatic policy notification and enforcement
- Scan Configurations
- Automatic and manual scan options
- Single-file scan and full project scan options
- Deployment
- Available as IDE plugin – view documentation for complete list
Related content
Reduce Friction in Your DevSecOps Program
Code Sight
IDE-based application security for developers in IntelliJ
First Line of Defense: Developer Security Tools in the IDE
✕ Thank You Thank you for your interest. Your request will be routed to the appropriate member of the Black Duck team, who will respond as soon as possible.