Enterprise Static Application Security Testing (SAST) integrated directly into Android Studio and IntelliJ IDEA. Scan your project, module, or file for security vulnerabilities — results appear in a dedicated findings panel with direct code navigation to every vulnerability.
- Scan Project — Scan your entire project
- Scan Module — Scan the currently active module
- Scan File — Scan the file currently open in the editor
All scan options are also accessible from the right-click context menu in the editor and project view.
- Severity Badges — Color-coded rows showing Critical, High, Medium, Low findings
- Findings Table — Sortable list with severity, vulnerability title, file name, and line number
- Detail Panel — Select any finding to see full description, impact analysis, and recommendation
- Code Navigation — Double-click any finding to open the source file and jump to the exact vulnerable line
- Code Vulnerabilities — 20+ language engines (Java, Kotlin, JavaScript/TypeScript, Python, PHP, Go, Ruby, Swift, C/C++, and more)
- Dependency Scanning (SCA) — Known CVEs in Gradle, Maven, npm, and other package managers
- License Compliance — Open source license risk detection
- Malware Detection — YARA-based malware scanning
- On-premises or cloud O360 SAST server
- API token authentication
- Settings via File → Settings → Tools → O360 SAST
- Android Studio (Flamingo or later) or IntelliJ IDEA (2024.1+)
- An O360 SAST server instance (on-premises or cloud)
- An API access token (generated from the O360 dashboard)
- Download o360-sast-1.0.0.zip from the GitHub Releases
- In Android Studio: File → Settings → Plugins → ⚙ → Install Plugin from Disk...
- Select the downloaded
.zipfile and restart when prompted
- Go to File → Settings → Tools → O360 SAST
- Set Endpoint — your O360 server URL (e.g.
https://your-server.com:1800) - Set Access Token — generated from O360 dashboard → Settings → Access Tokens
- Optionally enable Dependency Scanning, License Scanning, or Malware Scanning
- Click OK
- Open a project in Android Studio
- Go to Tools → O360 SAST → Scan Project
- Monitor progress in the background task bar
- When complete, the O360 Security Findings panel opens at the bottom
- Click any finding to see details; double-click to navigate to the vulnerable line
If the panel isn't visible: View → Tool Windows → O360 Security Findings
| Setting | Description |
|---|---|
| Endpoint | O360 SAST server URL (required) |
| Access Token | API access token (required) |
| Scan Dependencies | Include SCA scanning for known CVEs |
| Scan Licenses | Include open source license compliance |
| Scan Malware | Include YARA malware scanning |
Java, Kotlin, JavaScript, TypeScript, Python, PHP, Go, Ruby, Swift, Objective-C, Dart/Flutter, C/C++, C#, Apex, and more — powered by O360's proprietary deep analysis engines and AI-assisted scanning.
- Issues: GitHub Issues
- Documentation: O360 SAST Docs