Infrastructure Security Linter for JetBrains IDEs (e.g., IntelliJ IDEA, PyCharm, WebStorm, and more).
Scan Docker and Infrastructure as Code (IaC) files for security vulnerabilities and misconfigurations directly in your JetBrains IDE.
- Seamless integration into IDE without installing external tools.
- Verifies your files on the fly and highlight problems earlier and that make shift left happens.
- Quick-fixes for problems are available for some inspections that could help fix problem faster.
- Supports complicated verifications, such as tracking variables and arguments as sources of issues.
- Pure Kotlin implementation, leveraging the power of IDEs.
- Dockerfile Analysis: Detect security vulnerabilities and optimize Docker images with over 40 checks.
- Docker Compose: Detect security vulnerabilities and misconfigurations.
- Quick Fixes: Resolve issues faster using built-in quick fixes.
Currently, documentation in progress and will be available soon. At that moment you could check list of inspection messages, they describe supported problems.
- Extended support for Dockerfile and docker-compose files
- Kubernetes Files: Analyzing Kubernetes YAML files to comply with best practices and security standards.
- and more: Expanding support for other IaC tools and formats to comprehensively protect and optimize your infrastructure configurations.
Detailed list of planned features are available on GitHub issues
- My mother, who supported me every step of the way and who is no longer with us.
- Trivy-checks for good source of rules.
- Hadolint for yet another docker rule set.