https://github.com/NordCoderd/cloud-security-plugin
Cloud (IaC) Security plugin for JetBrains IDEs (e.g., IntelliJ IDEA, PyCharm)
https://github.com/NordCoderd/cloud-security-plugin
cloud-security devsecops docker docker-compose docker-security iac iac-security infrastructure-as-code infrastructure-as-code-security kubernetes kubernetes-secrets kubernetes-security sast security-tools vulnerability-scanners
Last synced: about 14 hours ago
JSON representation
Cloud (IaC) Security plugin for JetBrains IDEs (e.g., IntelliJ IDEA, PyCharm)
- Host: GitHub
- URL: https://github.com/NordCoderd/cloud-security-plugin
- Owner: NordCoderd
- License: mit
- Created: 2024-09-22T17:17:09.000Z (almost 2 years ago)
- Default Branch: master
- Last Pushed: 2026-05-01T18:48:57.000Z (about 2 months ago)
- Last Synced: 2026-05-01T20:26:37.311Z (about 2 months ago)
- Topics: cloud-security, devsecops, docker, docker-compose, docker-security, iac, iac-security, infrastructure-as-code, infrastructure-as-code-security, kubernetes, kubernetes-secrets, kubernetes-security, sast, security-tools, vulnerability-scanners
- Language: Kotlin
- Homepage: https://protsenko.dev/infrastructure-security
- Size: 751 KB
- Stars: 36
- Watchers: 1
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Agents: AGENTS.md
Awesome Lists containing this project
- awesome-terraform-compliance - Cloud Security Plugin - JetBrains IDE plugin (IntelliJ, PyCharm, etc.) for IaC security scanning including Terraform, enabling shift-left detection in the editor. (CI/CD and Platform Integration / Guard Rule Libraries)
README
# Cloud (IaC) Security Plugin for JetBrains IDEs
[](https://github.com/NordCoderd/infrastructure-security/actions/workflows/gradle.yml)
[](https://plugins.jetbrains.com/plugin/25413-infrastructure-security)
[](https://plugins.jetbrains.com/plugin/25413-infrastructure-security)
Docker and Kubernetes Security Scanner for JetBrains IDEs (e.g., IntelliJ IDEA, PyCharm, WebStorm, and more).
## What is inside?
The plugin provides two main features:
- Docker Security Scanner: it covers Trivy and Hadolint rules and also provides rules to match Docker Best Practices.
- Kubernetes Security Scanner: it covers pod security standards.
## Why this plugin?
- Seamless integration into the IDE without installing external tools.
- Verifies your files on the fly and highlight problems earlier, and that make shift left happens.
- Quick-fixes for problems are available for some inspections that could help fix problems faster.
- Supports complicated verifications, such as tracking variables and arguments as sources of issues.
- Pure Kotlin implementation, leveraging the power of IDEs.
## What does the plugin offer?
- **Dockerfile Analysis**: Scanner for security vulnerabilities and Docker image optimization with over 40 checks.
- **Docker Compose**: Scanner for security vulnerabilities and misconfigurations.
- **Kubernetes**: Scanner for security issues to align with the Pod Security Standards.
- **Quick Fixes**: Resolve issues faster using built-in quick fixes.
## What problems can the plugin detect?
You can find more information about detected problems:
- Detailed documentation on the bundled Cloud Security inspection
- In-IDE pop-up messages describing each issue, each of which links to a dedicated article in the documentation
## Planned features
- **Kubernetes**: Implementing more rules to align with the NSA and CISA Kubernetes Hardening Guide.
## References
- [Trivy checks](https://github.com/aquasecurity/trivy-checks/tree/main) – entry point for Docker rules.
- [Hadolint](https://github.com/hadolint/hadolint) – source of additional Docker rules.
- [Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/) – entry point for Kubernetes rules.
- [Kubescape Rego library](https://github.com/kubescape/regolibrary) – source of Kubernetes rules.
## Thanks
- My mother, who supported me every step of the way and who is no longer with us.