Skip to main content
Skip table of contents

Mend Code Security Plugin for JetBrains

Overview

To efficiently reduce security risk, developers require security findings and remediation guidance directly within their IDE. The Mend Code Security Tool enables developers to get immediate feedback about their findings within IntelliJ, before the code is committed into an SCM.

Use Case

A developer writes code that introduces a new vulnerability. A scan which reports a new finding and potentially its remediation is triggered so that the vulnerability can be fixed with just one click.

Install

Screenshot 2026-05-19 at 10.39.23.png

Onboard

Authenticate

Authentication can be done via Settings or via a fresh installation screen.

  • Click Authenticate to begin the procedure.

image-20260417-073234.png

  • Specify the following, which are obtained via the Mend AppSec Platform:

    • Environment: The enviornment which hosts your Mend AppSec Platform organization.

    • User Email: Your username in the Mend AppSec Platform (visible in your profile)

    • User Key: Your user key in the Mend AppSec Platform (Profile → My Profile → User Keys)

image-20260417-073809.png

  • Click Authenticate

If authentication fails, check your credentials and retry

image-20260417-075034.png

Select Project

Once authenticated, configure one of the following options:

  • Upload scan results to the Mend AppSec Platform and update the specified project

    • Specify the desired Application and Project in the Mend AppSec Platform and check the Upload scan results to Mend box

      image-20260417-080950.png

  • Upload scan results to the Mend AppSec Platform without updating an existing project

    • Check the Upload scan results to Mend box without specifying an application/project

      image-20260417-080836.png

  • Don’t upload scan results to the Mend AppSec Platform

    • Leave the Upload scan results to Mend box unchecked

Scan

Note: IDE scans do not change the results on project level and are not visible in the scan history of the Mend AppSec Platform

First Scan

Click Scan Now to trigger your first scan with the Mend Code Security Tool.

image-20260417-081422.png

The scan progress will be indicated by a progress bar.

Click Cancel to abort the scan.

image-20260417-081528.png

Rescan

After the inital scan, click the Rescan button on the far-right to trigger new scans

image-20260417-081928.png

The scan progress will be denoted in a pop-up window at the bottom-right corner of the screen.

Click Stop scanning to abort the scan.

image-20260417-082116.png

Manage Findings

Note:

  • All results are viewable, including differential results.

  • If no findings are detected in the scan, this will be denoted by the following message:

    image-20260417-082647.png

  • Within your code, the lines that introduce a finding are underlined. Hover over them to display details about the finding (CWE Description and remediation suggestion).

Detected findings will be displayed at the bottom of your IDE screen.

image-20260417-101149.png

Filter your Findings

On the left, you can switch between the the following views:

image-20260417-102644.png

  • All Findings

  • New Findings (Feature Branch Findings)

On the right, you can apply the following filters:

image-20260417-102528.png

  • Hide Suppressed: Check this box to remove suppressed findings from your view

  • Filter by: Severity

  • Filter by: Remediation

Actions

Click a finding or multiple findings to perform one of the following actions:

Suppress

  • Click the Suppress button to suppress the finding (or request a suppression)

suppress-icon.png

  • Select a reason and click “Suppress 1 code finding”

suppress-popup.png

Remediate

  • Click the Remediate button to display a modal with code differences for the remediation.

remediate-icon.png

  • Click “Remediate” to perform the code change in the file (the changes in the file remain unsaved)

remediate-popup.png

The Side-Panel

Click a finding to display the finding side-panel.

image-20260417-082854.png

The side-panel spawns on the right side of the screen, displaying the Remediate tab by default.

Remediation

The Remediation tab displays the specific lines of code detected by the tool as the subject for remediation.

image-20260417-083147.png

Overview

The Overview tab contains the following details about the finding:

  • Description

  • Sink (expandable)

  • Data Flows (expandable)

image-20260417-095507.png

Violation

The Violation tab contains details about the violation, if applicable, including:

  • Risk: The violation’s risk level (Low / Medium / High)

  • SLA: The SLA for resolving the violation

  • Workflows: The automation workflows in the Mend AppSec Platform that triggered the violation

image-20260417-095748.png

CWE Description

The CWE Description tab contains the following details about the CWE:

  • CWE Description

  • Violations

  • Remediation Recommendation

  • Further Reading

image-20260417-100157.png

Training

The Training tab provides Secure Code Warrior materials to guide you in resolving the finding and preventing future findings.

image-20260417-100549.png

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close