JetBrains Package Checker protects against malicious packages
A partnership with the security company Mend.io enables the detection of malicious packages in JetBrains IDEs and Qodana.
(Image: Nice to meet you / Shutterstock.com)
The software company JetBrains has entered into a partnership with Mend.io (formerly WhiteSource) – a company that specializes in application security. As a result of this collaboration, JetBrains can now offer new security functions in its development environments and in the code analysis tool Qodana.
Detect malicious code and prevent commits
The JetBrains plug-in Package Checker was already available for the JetBrains development environments – including IntelliJ IDEA, Android Studio or PyCharm –. It now offers extended functions and can detect malicious packages of the JavaScript package manager npm or the Python package manager PyPI based on the Mend.io partnership:
(Image:Â JetBrains)
The package checker can also protect repositories by preventing commits with malicious dependencies:
(Image:Â JetBrains)
Detecting malicious packages is also possible in Qodana. Qodana has been generally available since July 2023, is used for static code analysis and is closely linked to the JetBrains IDEs, but is also compatible with most CI/CD systems.
Videos by heise
As the JetBrains team explains, the current security innovations are incremental updates. More are to follow in the future. All further information on the new partnership can be found on the JetBrains blog.
(mai)
