Integrate the Cortex AppSec code security plugin with your JetBrains IDE instance to enhance security during development. The plugin scans for security policy violations using both default and custom policies, allowing you to identify and resolve issues before committing code, reducing the risk of pull request failures due to undetected problems.
Note
The Cortex AppSec code security plugin supports all JetBrains products.
Supported scan categories
The plugin scans these code security categories:
Secrets: Identifies sensitive data embedded in code, such as API keys, encryption keys, OAuth tokens, certificates, PEM files, passwords, and pass-phrases
IaC misconfigurations in IaC templates such as Kubernetes and Terraform. For a list of supported IaC frameworks see Supported frameworks
SCA vulnerabilities: Includes security issues in both direct and transitive open-source dependencies
Licenses: Software license mis-compliance
Package Integrity: Assesses the operational risk and potential impact of each package in your codebase
Prerequisites
Prerequisites
Permissions: CLI Read only permissions. Refer to Cortex CLI for more information about permissions
Environment setup
macOS and Windows: Install Python 3.9.x to 3.12.x
Install
Node.js version 22and above for SCA scans (such as vulnerabilities scans)
On Cortex Cloud
Note
When generating an API key, ensure you select the Standard security level.
Retrieve your Cortex Cloud API URL: Navigate to → → → .
Installation
You can install the plugin directly through the JetBrains IDE Plugins panel or the JetBrains Marketplace.
Install through JetBrains IDE: Navigate to → → → → →
Install from the JetBrains marketplace:
Select a platform, search for the plugin, and click .
Select Download from the tab and then Got it in the popup.
Configure plugin settings
In your IDE, select → → .
In the plugin Settings screen, fill in these fields:
Access Key: Your Cortex Cloud API key ID
Secret Key: Your Cortex Cloud API secret key
Cortex Cloud URL: Your Cortex Cloud URL.
Danger
You must insert your API key and API ID values into the Settings before providing the tenant URL.
CA-Certificate (optional): Add your CA certificate. Format:
.pemfileExample 1. ExamplemacOS/Linux: /Users/your_username/Documents/cacert.pem or ~/Documents/cacert.pem
Windows: C:\Users\your_username\Documents\cacert.pem
CLI Version: Leave blank to use the latest Cortex Cloud Application Security version (or enter 'latest'), or specify a version
CLI Path: Specifies the path to the CLI executable. Recommended: Leave empty to let the extension manage the CLI installation
Ignore gitignore files: Selected by default. Files that belongs to paths included in the
• gitignorefile will not be scanned when opened or savedExternal Checks Directory: Provide the path to a folder containing custom security checks
Custom Environment Variables: Environment variables passed to the scanner during scans such as CORTEX_API_BASE_URL:
To add variables, provide the key/value pairs in the table under the Custom Environment Variables field
To remove variables, select the (—) sign
Click → .
Test connection
You can test your connection by selecting the Test Connection field under Settings.
Manage plugin configurations
Use one of these methods to access plugin configurations and modify settings:
Select the Settings icon in the Details panel
Select → →
UI layout
Left pane: Displays a tree structure that accurately mirrors the files and folders of the project you have opened.
Middle pane: Displays the Code editor. When an issue is selected in the Details panel, the relevant file opens in this editor. This allows you to examine your codebase, see the issue in its specific context (such as an IaC misconfiguration), and find recommended remediation steps
Bottom pane: This is the Details panel. Serves as the central hub for in-depth analysis and management of your code scan issues. It provides comprehensive information on selected issues, remediation options scan history, and various controls such as a manual scan option.