Deep source code analysis for Eclipse IDE. Scan your projects for security vulnerabilities with a single click.
- Eclipse IDE 2022-09 or later
- Java 17+
- An Offensive 360 server instance and valid access token
- Open Eclipse → Help → Install New Software
- Click Add and enter:
- Name:
O360 SAST - Location:
https://github.com/offensive360/EclipsePlugin/raw/main
- Name:
- Select O360 SAST and click Next
- Accept the license and restart Eclipse
- Download the latest
.jarfrom Releases - Place it in your Eclipse
dropins/folder - Restart Eclipse
Press Ctrl+Alt+D or click the settings icon in the O360 toolbar:
- Server URL: Your Offensive 360 server (e.g.
https://your-server.com) - Access Token: Generated from the O360 dashboard under Settings → Tokens
- Allow self-signed SSL certificates: Enable for on-premise instances
- Press Ctrl+Alt+S to scan the current project
- Or right-click a project → O360 SAST: Scan
- Progress is shown in the Eclipse status bar
Results appear in the O360 Report tab at the bottom of the IDE:
- Tree view grouped by severity (Critical / High / Medium / Low)
- Details tab: vulnerability description, impact, affected code
- How to Fix tab: step-by-step remediation guidance
- References tab: OWASP, CWE, and related links
- Double-click any finding to jump to the vulnerable line
Right-click a finding for:
- Go to Code — navigate to the vulnerable line
- Suppress — mark as false positive
- Get Help — view references and fix guidance
- Clear All — remove all findings
- Smart caching: zero server requests when no files changed
- 6 retries with exponential backoff for server errors
- 4-hour timeout for large projects
- Base64 code snippet decoding
- Identical file exclusion rules as VS/AS/VSCode plugins
- Check for Updates notification
For issues and feature requests, open an issue on this repository.