Docker and Kubernetes Security Scanner for JetBrains IDEs (e.g., IntelliJ IDEA, PyCharm, WebStorm, and more).
The plugin provides two main features:
- Docker Security Scanner: it covers Trivy and Hadolint rules and also provides rules to match Docker Best Practices.
- Kubernetes Security Scanner: it covers pod security standards.
- Seamless integration into the IDE without installing external tools.
- Verifies your files on the fly and highlight problems earlier, and that make shift left happens.
- Quick-fixes for problems are available for some inspections that could help fix problems faster.
- Supports complicated verifications, such as tracking variables and arguments as sources of issues.
- Pure Kotlin implementation, leveraging the power of IDEs.
- Dockerfile Analysis: Scanner for security vulnerabilities and Docker image optimization with over 40 checks.
- Docker Compose: Scanner for security vulnerabilities and misconfigurations.
- Kubernetes: Scanner for security issues to align with the Pod Security Standards.
- Quick Fixes: Resolve issues faster using built-in quick fixes.
You can find more information about detected problems:
- Detailed documentation on the bundled Cloud Security inspection
- In-IDE pop-up messages describing each issue, each of which links to a dedicated article in the documentation
- Kubernetes: Implementing more rules to align with the NSA and CISA Kubernetes Hardening Guide.
- Trivy checks – entry point for Docker rules.
- Hadolint – source of additional Docker rules.
- Pod Security Standards – entry point for Kubernetes rules.
- Kubescape Rego library – source of Kubernetes rules.
- My mother, who supported me every step of the way and who is no longer with us.