Black Duck Code Sight IDE Plug-in

Black Duck Code Sight is an IDE plugin that provides static application security testing (SAST) and software composition analysis (SCA) capabilities directly within integrated development environments. The tool scans source code, AI-generated code, open source dependencies, APIs, and infrastructure-as-code (IaC) to identify security vulnerabilities and license violations. The plugin performs both rapid scans and full scans, with full scanning powered by Coverity. It identifies direct and transitive open source dependencies, providing visibility into security issues and license compliance risks. The tool detects vulnerability severity using metrics such as CVSS and identifies unsecure coding practices based on CWE standards. Code Sight provides remediation guidance and code fix suggestions within the IDE interface. Through integration with Black Duck Assist, the plugin offers AI-powered code fixes that can be copied and pasted directly into code. The tool supports automatic and manual scan configurations, including single-file scans and full project scans. The plugin displays prioritized lists of vulnerabilities and policy violations, allowing developers to focus on high-impact issues first. It includes Black Duck Security Advisories and provides information on risk severity and location within code. Enterprise features include visibility into security and quality risks across teams and projects, custom security and license policy configuration, and automatic policy notification and enforcement. Code Sight is available as a standalone IDE plugin for VS Code, Visual Studio, Eclipse, and IntelliJ, with a free trial option available in these environments.