Eclipse

This plugin enables the integration of RIPS into your Eclipse IDE. Using the eclipse plugin you are able to view your issues directly in Eclipse and you can start a new scan directly. Furthermore the vulnerability is directly displayed in the source code to support an easy bug fixing process.

Requirements

  • An account on a local on-premises installation of RIPS or a SaaS account 
  • Eclipse IDE


For On-Premises customers it is recommended to update RIPS  to the latest compatible API version.

Download

To obtain a copy of the eclipse plugin chose one of the following possibilities from the table.

Eclipse Plugin VersionAPI CompatibilityDownload
1.0.0>= 3.0.0RIPS 

Installation from archive

  1. Download your desired version of the Eclipse Plugin from the table above
  2. In Eclipse go to: help → Install new SoftwareAdd → Archive
  3. Navigate to the downloaded archive from step 1.
  4. On the new window hit add → Tick "RIPS Security Analysis for Eclipse" → Next → Next → Accept the licenseFinish
  5. Allow the installation and hit restart now
  6. You've installed the RIPS Eclipse Plugin successfully 

Configuration

After installing the Eclipse plugin and restarting Eclipse, go to RIPS in the menu bar and select Settings. In this window you can configure the plugin e.g. change the RIPS Api url.

OptionDescription
Show negatively reviewed issuesIf you opt-in to this option, issues which are flagged as Fixed, Not exploitable, Not an issue or Duplicate will be downloaded by the plugin. 
Our recommendation is to keep this option inactive for better results.
Highlight issues in editorHighlight the sink and source of issues based on their severity in the source code.

The RIPS perspective

The RIPS perspective is an eclipse perspective which displays an Issues and an Issue View. To open the perspective go to Windows → Perspective → Open Perspective → Other and select RIPS.

The Issues view

This view shows all found issues for the current scan. By clicking on an issue the details view of the issue is opened. The play button starts a new scan. The refresh button downloads all issues of a scan of your choice.

Furthermore it is possible to review the issues in Eclipse by right-clicking an issue.

The Issue detail view

The issue detail views shows three different information about an issue by clicking on the buttons in the upper right corner:

1) The summary of the issue.

2) The context of the issue.

3) The description of the issue.

Problems View

RIPS issues also appear in the problems view of Eclipse. By double-clicking on an problem the editor jumps right into the code.

Menu-bar

The RIPS entry of the menu bar provides a central place for all RIPS related settings and actions.

Starting a new scan

There are two ways to start a new scan:

  1. Clicking on the play button (1) in the issues view
  2. Clicking on RIPS entry in the menu bar and selecting start a new scan

You will be asked to select an application for the scan and the eclipse project which will be scanned. After the selection a new scan will be queued and the RIPS plugin will notify you about the process via notifications and the progress bar in the tray.

Download existing analysis results

There are two ways to download existing analysis results:

  1. Clicking on the refresh button (2) in the issues view
  2. Clicking on the RIPS entry in the menu bar and selecting fetch existing analysis results

You will be asked for the target application, the scan and the eclipse project to associate the analysis results to.

Logout

Logging out is possible by going to RIPS in the menu bar and selection Logout. This will delete your email address and your token.