Editor pluginJetBrains

JetBrains plugins, inspected for IDE-level abuse.

JetBrains plugins can run arbitrary code in the IDE. Extuno diffs each update and runs it live to catch project-open execution, credential access, and exfiltration - with static, dynamic, and AI analysis.

JetBrains - live inspectionInspecting
Rainbow Brackets 2.4
jetbrains plugin
2.3->2.4
Static
Dynamic
AI
Analyzing update
What Extuno catches in JetBrains

Evidence, not guesswork.

Each finding names the change, why it is dangerous, and the recommended action.

Diff finding

Project-open execution

A plugin runs code the moment a project is opened, no action required.

Critical
Diff finding

SSH key access

An update reads ~/.ssh and posts key material off-host.

Critical
Diff finding

New network calls

The plugin contacts a host it never reached in prior releases.

Review
See it on a poisoned update

IDE access, used against you

Extuno records the plugin's runtime behavior from startup to the first outbound beacon.

  • + Vulnerability and secret-leak testing on every version
  • + Static analysis reads the code without running it
  • + Dynamic sandbox runs it live and records behavior
  • + AI code analysis reads the full source and correlates the change against prior versions
  1. 1Open project
  2. 2Plugin loads at startup
  3. 3Reads ~/.ssh + env
  4. 4Spawns background process
  5. 5Exfiltrates key material

Scan your first JetBrains plugin free.

Your first 5 credits are free - that is 5 full scans, no card required.