Using the Checkmarx JetBrains Plugin - Dev Assist
Identify vulnerabilities in realtime during IDE development of both human-generated and AI-generated code. Our super-fast scanners run in the background whenever you edit a relevant file. Our scanners identify vulnerabilities and unmasked secrets in your code. We also identify vulnerable or malicious container images and open source packages used in your project. Results are marked as Problems which are highlighted in the code and annotated with identifying icons. The issue is also listed in the Checkmarx One Assist Findings window to enable quick navigation and efficient remediation.
Learn more about Dev Assist realtime scanners here
AI Remediation
How to Remediate Risks Using AI
Open a project in IntelliJ IDEA.
When Checkmarx realtime scanners identify a risk, it is flagged as a Problem, which is marked in the code with a squiggly underline and annotated in the margin with an icon that indicates the type of risk.
Hover over the vulnerable line of code.
The Checkmarx dialog opens.
Click on Fix with Checkmarx One Assist.
A Copilot session opens in the side panel and all relevant info is sent for analysis.
Notice
Depending on your IDE configuration, you may need to click Continue several times in order to complete the process.
Copilot automatically makes the necessary changes in the code in order to remediate the risk.
If you approve the changes, click Accept All.
If you do not want to impliment the suggestion, click Discard All.
You can also chat with Copilot to improve upon the suggestion.
A REMEDIATION.TODO.txt file is displayed, explaining the changes that were made and what steps remain to be taken.
The Checkmarx One Assist Findings Window
 |
The Checkmarx One Assist Findings Window provides a centralized view of all detected issues within a project, displaying them in a custom tool window that lists vulnerabilities per file along with the count of issues grouped by severity and file location. It enables users to navigate directly to the exact line in the editor with a single click and supports filtering and sorting capabilities to improve usability and streamline issue review.
To open the Checkmarx One Assist Findings Window, click on the Checkmarx icon in the left navigation bar and select the Checkmarx One Assit Findings tab.
Ignoring Risks
In order to help you focus on actionable risks, Checkmarx One Assist enables marking risks as Ignore, so that the risks will no longer be shown in your IDE. You can Revive a risk at any time to resume showing that risk. This can be applied to a specific instance of a risk or it can be applied to all instances of that risk in your project.
Notice
For risks identified in open source packages, a risk instance refers to the entire package that the vulnerability is associated with.
To ignore a risk
When Checkmarx realtime scanners identify a risk, it is flagged as a Problem, which is marked in the code with a squiggly underline and annotated in the margin with an icon that indicates the type of risk.
Hover over the vulnerable line of code.
The Checkmarx dialog opens.
To ignore the risk in this particular instance, click on Ignore this vulnerability.
To ignore all instances of the risk, click on Ignore all of this type.
To revive a risk:
The Ignored Findings tab opens.
Notice
This can also be done as a bulk action for all selected items.
Click on the Ignored Findings tab in the Checkmarx window.
For the desired vulnerability, click on the Revive button.