JetBrains, a company responsible for creating IDEs for multiple programming languages, today announced the addition of taint analysis to Qodana. This feature is available for PHP developers in the Early Preview, and the company has plans to add more languages soon.
Qodana launched back in 2021 and offers users a universal code quality platform that provides integrations and visualizations of inspections and errors. It also allows users to improve their Continuous Integration pipelines with JetBrains IDEs-native inspections as well as make edits directly in their IDEs.
According to JetBrains, taint analysis in Qodana protects projects against malicious inputs once the developer executes it by running a security audit on the program’s attack surface. The company stated that this process has been automated for PHP in Qodana starting from version 2023.1.
“Taint analysis helps eliminate exploitable attack surfaces, so it’s an effective method to reduce risk to the software,” said Kateryna Shlyakhovetska, product and team Lead for Qodana. “We at JetBrains are always committed to improving our products and delivering the best solutions possible — adding taint analysis functionality to Qodana reflects our desire to cover the rising needs of our customers to improve their security posture.”
In addition, taint analysis in Qodana includes an inspection that scans the code and highlights the taint and potential vulnerability. It also brings users the ability to open the problem in PhpStorm and take care of it quickly as well as offers a dataflow graph visualizing the taint flow.
JetBrains said that it has also recently unveiled the public preview of Qodana Cloud which collects data from Qodana linters in one place and lets developers include static analysis in their CI tools with enhanced speed.