The Synopsys Software Integrity Group is now Black Duck. If you are an existing Code Sight user, please follow these instructions to manually re-install Code Sight in order to receive future updates. If you are a new user, you may proceed with installing Black Duck Code Sight.
The Black Duck® Code Sight™ extension helps you find and fix security and quality issues in your software while you code. It can quickly identify vulnerabilities in both source code and open source dependencies, and help you fix them right in the IDE. Once the issues have been identified, Code Sight provides detailed remediation guidance and access to training directly in the IDE to help you quickly fix issues today and write better code going forward.
Code Sight uses integrated, lightweight analysis of your code and open-source dependencies without requiring a heavyweight Static Analysis (SAST) or Software Composition Analysis (SCA) tool.
Code Sight can be used as a standalone extension for secure development (free trial available) or included with active subscriptions to other Black Duck Application Security Testing (AST) solutions.
Code Sight Extension for Polaris, Coverity and Black Duck SCA
Extend the capabilities of your Black Duck tools to the developer desktop
Users subscribing to the Polaris®, or Coverity® can leverage the rapid, lightweight Code Analysis and Open Source Analysis for free, directly within the IDE. Users subscribing to Coverity® or Black Duck SCA® can leverage the rapid analysis for free, as well as additional analysis capabilities enabled by their solution.
After you install the Code Sight extension, simply select the solution(s) for which you have an active license (e.g., Coverity, Black Duck SCA, Polaris) to use Code Sight with these solutions.
Code Sight Free Trial
Sign up for a free trial of Code Sight and get started in only a couple of minutes.
Sign-up for the trial directly within the extension and start scanning code in less than five minutes. Contact us if you have any license or product questions.
Using Code Sight
Follow these simple steps to use the Code Sight IDE extension to analyze your projects:
- Install Code Sight
- To activate Code Sight, you may:
- Connect Code Sight to your Black Duck SCA instance,
- Connect Code Sight to your Coverity instance,
- Connect Code Sight to your Polaris instance,
- Register for your Free Trial of the Code Sight standalone extension,
- Activate a Code Sight standalone license
- To perform a local scan of your code base:
- Click the triangular “scan” button beside Code Analysis or Open Source Analysis to perform a local scan of your codebase and display detected risks
- Select any issue from the results list to view more details and any recommended fixes
- To display issues from your Polaris or Coverity platform server:
- Select the "Team View" tab to display issues detected by those solutions during non-local, server-based project scanning
- Select any issue from the results list to view more details and any recommended fixes
For more information on connecting Code Sight to other Black Duck AST solutions or to learn more, please refer to:
Tech Specs
Code Sight can scan large projects and development artifacts in seconds, including:
- Web and mobile application files
- Microservices
- Infrastructure-as-Code (IaC) configurations
Code Sight will alert you to any detected issues, including:
- Code security risks
- API safety standards
- Cryptography issues
- Hard-coded secrets
- Vulnerabilities in your open-source dependencies (e.g. Log4j CVE-2021-44228)
Code Sight provides helpful risk insight, including:
- CVE classifications
- CVSS ratings
- Issue description and how it presents in context
- Detailed patch recommendations and remediation guidance
- Policy violations (when connected to Black Duck SCA)
- Relevant developer security training to fix and avoid the issue (when connected to Coverity Connect and subscribed to Black Duck Developer Security Training, powered by Secure Code Warrior)
License Terms
By downloading this plug-in, you are agreeing to the Black Duck End User License Agreement. Users with active commercial licenses for Coverity or Black Duck SCA can also use Code Sight free of charge.
Resources
Categories: Code Management, IDE, Programming Languages, Source Code Analyzer
Tags: SAST, security, blackduck, coverity, codesight, sca, static analysis, software composition analysis, open source analysis, black duck, analysis, code sight
Additional Details
Eclipse Versions: 2024-12 (4.34), 2024-09 (4.33), 2024-06 (4.32), 2024-03 (4.31), 2023-12 (4.30), 2023-09 (4.29), 2023-06 (4.28), 2023-03 (4.27)
Platform Support: Windows, Mac, Linux/GTK
Organization Name: Black Duck Software Inc.
Development Status: Alpha
Date Created: Thursday, October 10, 2024 - 17:50
License: Commercial - Free
Date Updated: Thursday, March 13, 2025 - 17:37
Submitted by: luis pizarro
| Date | Ranking | Installs | Clickthroughs |
|---|---|---|---|
| March 2025 | 209/614 | 44 | 5 |
| February 2025 | 261/645 | 50 | 23 |
| January 2025 | 269/654 | 43 | 17 |
| December 2024 | 306/654 | 31 | 19 |
| November 2024 | 304/658 | 34 | 17 |
| October 2024 | 558/663 | 3 | 11 |
| September 2024 | 0/0 | 0 | 0 |
| August 2024 | 0/0 | 0 | 0 |
| July 2024 | 0/0 | 0 | 0 |
| June 2024 | 0/0 | 0 | 0 |
| May 2024 | 0/0 | 0 | 0 |
| April 2024 | 0/0 | 0 | 0 |
Marketplace Drag to Install Button
By adding the following code below to your website you will be able to add an install button for Code Sight (Security).
HTML Code:
Markdown Syntax:
Output:
