Get started with Lucent Sky AVM for IntelliJ IDEA

2024/9/5 |

Lucent Sky AVM is a developer tool that identifies application vulnerabilities and directly remediates them in the source code. It is composed of four components, CLEAR Engine (the analysis and remediation engine), Web UI, CLI, and IDE extensions.

In this article, you will learn how to:

  • Install Lucent Sky AVM for IntelliJ IDEA
  • Scan an application
  • Review the identified result and their Instant Fix

At the end, you will be able to use Lucent Sky AVM for IntelliJ IDEA to scan projects, review scan results, and apply Instant Fixes to remediate vulnerabilities automatically.

Prerequisites

  • IntelliJ IDEA - This article uses IntelliJ IDEA 2024.1, but Lucent Sky AVM for IntelliJ IDEA can also be used in other supported version of IntelliJ IDEA.

Install Lucent Sky AVM for IntelliJ IDEA

To learn more about the installation and configuration of Lucent Sky AVM for IntelliJ IDEA, as well as system requirements, view the following article in the Lucent Sky Knowledge Base:
Administration guide to Lucent Sky AVM for IntelliJ IDEA

Create an API key

  1. Go to the Web UI in your browser, and then sign in with your credentials.
  2. Go to Settings > Account, and select Create a new key. In the dialog, enter CLI as the description of the key, then select Create Key.
  3. Select and copy the generated API key.

Scan a project

  1. In IntelliJ IDEA, open the project.
  2. In the main menu, select Tools > Lucent Sky AVM > Sign In, and sign in with your Lucent Sky AVM API key.
  3. To create a new application for the scan, in the main menu, select Tools > Lucent Sky AVM > New Application. Enter the name of the application, select the framework of the application, and review and change its vectors as needed. Then, select OK to create the application.
  4. In the main menu, select Tools > Lucent Sky AVM > Scan, select the framework of the project, then select an application to start the scan.
  5. When the scan is in progress, notifications will display information about its progress.

Review scan results

  1. Once the scan is completed, the scan results will appear in the Lucent Sky AVM window.
  2. Expanding a vulnerability category will show all results under that category. Expanding a result will show its Statements, Instant Fix, and Suggestion. Double-click on one of the Statements or Instant Fixes to open the file in the editor and go to the relevant line of code.
  3. To apply Instant Fix to a result, select and hold (or right-click) the Instant Fix of the result then select Remediate.