Editor pluginEclipse

Eclipse plugins, run live before you trust them.

Eclipse plugins execute inside the workbench. Extuno diffs each update and runs it in a sandbox to catch startup execution, file access, and exfiltration - static, dynamic, and AI analysis on every scan.

Eclipse - live inspectionInspecting
Dark Theme 3.1.0
eclipse plugin
3.0.2->3.1.0
Static
Dynamic
AI
Analyzing update
What Extuno catches in Eclipse

Evidence, not guesswork.

Each finding names the change, why it is dangerous, and the recommended action.

Diff finding

Startup hook execution

A plugin registers a startup hook that runs attacker code on launch.

Critical
Diff finding

Workspace file harvest

An update reads source and config files and uploads them.

Critical
Diff finding

New bundle dependency

The update pulls an unsigned bundle from an external update site.

Review
See it on a poisoned update

Startup hooks, weaponized

Extuno captures the workbench startup chain and the data leaving the host.

  • + Vulnerability and secret-leak testing on every version
  • + Static analysis reads the code without running it
  • + Dynamic sandbox runs it live and records behavior
  • + AI code analysis reads the full source and correlates the change against prior versions
  1. 1Launch workbench
  2. 2Plugin startup hook fires
  3. 3Scans workspace files
  4. 4Opens outbound socket
  5. 5Exfiltrates source + secrets

Scan your first Eclipse plugin free.

Your first 5 credits are free - that is 5 full scans, no card required.