The Cortex Cloud IDE Extensions (Visual Studio Code and JetBrains IDEs) apply Unified Application Security Policies during local scans within the developer environment. IDE extensions are scan-time policy consumers. IDE extensions do not support creating, editing, viewing, or deleting policies. All policy management operations are performed exclusively through the Console workflow or the API workflow.
How IDE extensions interact with policies
IDE extensions connect to the Cortex Cloud platform to retrieve the active detection rules and policy configurations. When a developer runs a scan in the IDE:
The IDE extension executes the scan using the same scanning engine as the Cortex CLI
Findings are evaluated against the active Unified Application Security Policies
Policy-matched findings are displayed inline in the IDE editor with severity indicators and remediation guidance
If configured, scan results are uploaded to the Cortex Cloud platform for unified posture visibility.
IDE extension policy capabilities and limitations
Operation | Supported |
|---|---|
View policy-matched findings | ✓ Findings that match active policies are displayed inline with policy indicators |
Create policies | ✗ Policy creation is available only through the Cortex Cloud console or the public API |
Edit policies | ✗ Policy editing is available only through the Cortex Cloud console or the public API |
Delete policies | ✗ Policy deletion is available only through the Cortex Cloud console or the public API |
Block PR from IDE | ✗ PR blocking is enforced by the platform during PR scans, not by the IDE extension |
Reference
For more information about the Cortex Cloud IDE extensions, refer to IDE.