📡
Daniel Serbu's CyberSecurity Blog
  • 🔧Welcome
  • 💾Writeups
    • PWNEDLABS Identify the AWS Account ID from a Public S3 Bucket
    • TryHackMe Anthem
    • TryHackMe AttacktiveDirectory
    • TryHackMe Vulnnet: Active
    • TryHackMe Ice
    • TryHackMe Blueprint
    • TryHackMe VulnNet: Roasted
    • TryHackMe Post-Exploitation Basics
    • TryHackMe Lookback
    • MobileHackingLab Food Store
    • MobileHackingLab Notekeeper
    • MobileHackingLab IOT Connect
  • DevSecOps
    • Container Security
      • Kubernetes
    • Infrastructure as Code - IaC
    • Dynamic Application Security Testing - DAST
    • Static Application Security Testing - SAST
    • Software Bill of Materials - SBOM
    • Software Composition Analysis - SCA
    • Source Code Audit
      • PHP Code Review
      • Secure By Design Libraries
    • IDE Plugins for Developers
    • Security Hardening
    • Secure Coding
    • Cheatsheets
    • Mobile
    • Cloud Security
  • OSINT
Powered by GitBook
On this page
  • Visual Studio Code
  • PyCharm
  1. DevSecOps

IDE Plugins for Developers

Visual Studio Code

Universal Security

  • SonarLint - An IDE extension to detect and fix quality and security issues as you code.

  • Snyk Vulnerability Scanner - Scans your code and dependencies for vulnerabilities and provides fixes.

  • Semgrep - A fast, syntax-aware code analysis tool for finding bugs and enforcing code standards.

  • Veracode - Integrates Veracode security scans directly into Visual Studio Code.

  • Checkmarx - A security analysis tool that scans source code for vulnerabilities.

  • DevSkim - A security linting extension that helps to detect security vulnerabilities in real-time.

  • CodeSonar - A plugin for deep static analysis of code to find critical security vulnerabilities.

  • Security Notes - An extension for taking and managing security notes.

  • Trunk - Ensures code quality and adherence to coding standards.

Infrastructure as Code (IaC) Security

  • Checkov - Static analysis for Terraform, Kubernetes, Docker, and CloudFormation to detect misconfigurations.

  • Trivy - A comprehensive vulnerability scanner for containers and other artifacts.

  • KICS - Detects security vulnerabilities, compliance issues, and infrastructure misconfigurations.

  • Tenable - Ensures security and compliance in infrastructure as code.

PHP Security

  • PHPStan - Focuses on finding bugs in PHP applications without requiring runtime execution.

  • Psalm - A static analysis tool for finding errors in PHP applications.

  • Phan - A static analyzer for PHP that helps to detect potential bugs.

  • PHP Mess Detector - Analyzes PHP source code for potential problems such as bugs, suboptimal code, and overly complex expressions.

C/C++ Security

  • Parasoft C/C++test - A comprehensive static analysis and testing tool for C/C++ codebases.

PyCharm

  • Snyk - Identifies security vulnerabilities and license compliance issues in your open source dependencies. Provides detailed remediation advice and integrates seamlessly within PyCharm.

  • Semgrep - A fast, syntax-aware code analysis tool for finding bugs and enforcing code standards.

  • Python Security - A plugin to identify and fix security vulnerabilities in Python projects, helping maintain secure code practices.

  • PyCharm Security Plugin - A security-focused plugin to identify vulnerabilities and ensure secure coding practices in PyCharm.

PreviousSecure By Design LibrariesNextSecurity Hardening

Last updated 10 months ago