CogniCrypt is an intelligent open-source platform ensuring the secure usage of crypto components.
CogniCrypt for IntelliJ-based IDEs is developed by Fraunhofer IEM. It provides a static code analysis that allows developers to quickly identify misuses of cryptographic libraries.
- In the Settings/Preferences dialog (Ctrl+Alt+S), select Plugins.
- On the Plugins page, click the gear icon and then click Manage Plugin Repositories.
- In the Custom Plugin Repositories dialog, click The + icon and enter the URL:
https://raw.githubusercontent.com/fraunhofer-iem/CogniCrypt4JetBuilds/master/updatePlugins.xml. - Click OK in the dialog to save the list of plugin repositories.
- Search for CogniCrypt in the search box.
- Click Install and restart the IDE when asked.
To assure you don't receive any StackOverflowError exceptions while the analysis is running you need to increase the stack size and allocated memory of the IDE:
- Go to Help > Edit custom VM options...
- Enter the lines:
-Xmx4g
-Xss100m
-Xmx4g can be replaced with a custom GB number. Recommended are at least 4GB.
After installing CogniCrypt you can run an analysis for the opened IDE Project.
In the Main Menu open the Analyze menu and click Run CogniCrypt.
For further information about the CogniCrypt Plugin please see the full documentation here.
The IDEs manage updates of CogniCrypt automatically. To check if a new update is available, regularly check the Plugins settings.
- In the Settings/Preferences dialog (Ctrl+Alt+S), select Plugins.
- Use the Installed tab to browse for CogniCrypt.
- Press the Update button and restart the IDE if required.
This repository purposely comes without a LICENSE. Read here what this means.
This work is part of the research project "AppSecure.nrw - Security-by-Design of Java-based Applications". The project is funded by the European Regional Development Fund (ERDF-0801379).
