Token-based Static Application Security Testing (SAST) plugin for IntelliJ IDEA, Android Studio, and other IntelliJ-based IDEs.
- Token-based Authentication: Secure connection using API tokens (no username/password)
- Direct Project Scanning: Scan your project from within your IDE
- Real-time Progress: Visual progress indicators during scanning
- Ephemeral Scans: Scans are not saved to database (temporary results only)
- Easy Configuration: Simple settings dialog for token and server URL
- Download the plugin JAR file
- In IntelliJ IDEA / Android Studio:
File > Settings > Plugins > Install JAR - Select the downloaded JAR file
- Restart the IDE
- Open Settings:
File > Settings > Tools > Offensive360 SAST - Enter your O360 Server URL (e.g.,
https://sast.offensive360.com) - Enter your API Access Token (generated from O360 Dashboard → Settings → Tokens)
- Click Apply and OK
The token must be a valid JWT starting with ey.
-
Scan Current Project:
- Select
Tools > Offensive360 > Scan Current Project - Wait for the scan to complete
- View results in the notifications panel
- Select
-
Scan Git Repository:
- Select
Tools > Offensive360 > Scan Git Repository - Enter the Git repository URL
- Wait for results
- Select
- Settings Service: Securely stores endpoint and token in IDE configuration
- SAST Client: Communicates with O360 API using Bearer token authentication
- Project Zipper: Efficiently packages project for uploading
- Progress Tracking: Real-time feedback during scanning
- Developers only see results from their scans (ephemeral)
- No project browsing of server projects
- All communication uses HTTPS
- Token stored in IDE's secure configuration storage
- Validation of token before each scan
./gradlew buildThe plugin JAR will be created in build/distributions/.
- IntelliJ IDEA 2022.1 or later
- Android Studio 2022.1 or later
- O360 Server with token-based API support
For issues or feature requests, visit offensive360.com/contact or open an issue on GitHub.