...

Further than source code, Visual Studio plugins process all configuration files (XML, XSD, XPath, .cfg, .config, .ini, XAML, json, etc.), binaries (DLL, EXE, OCX, ActiveX) and libraries (64 .NET libraries and 52 JavaScript frameworks of the most used), finding and detects weaknesses hidden inside them, and assesses potential vulnerabilities according OWASP, PCI-DSS, WASC, CVE, CVSS and CWE-/SANS international standards.

...

Eclipse, Rational RTC, RSA and RAD Studio

Security Reviewer PostSpy plugin for Eclipse, Rational RTC, RSA and RAD Studio plugin shares the same interface and scans source code written in JAVA, JSP, JavaScript and SQL programming languages, directly from Eclipse, IBM Rapid Application Developer (RAD), IBM Rational Team Concert (RTC), and IBM Rational Software Architect (RSA). Further than source code, PostSpy the plugin processes all configuration files (XML, XSD, XPath, .cfg, .conf, .yml, json, etc.), binaries (JAR, WAR, EAR) and frameworks (115 JAVA and 52 JavaScript frameworks of the most used), finding and detects weaknesses hidden inside them, and assesses potential vulnerabilities according OWASP, PCI-DSS, WASC, CVE, CVSS and CWE-SANS international standards.PostSpy is an Open Source project, published to github

Scanning

You can scan your source code directly inside Eclipse:

...

It will invoke Static Reviewer Desktop both locally (requires Ststis Statis Reviewer preinstalled) and remotely (required Team Reviewer and Static Server Plugin for Team Reviewer):

...

This plugin is able to import Micro Focus OpenText Fortify FPR files, containing the Static Analysis results of Fortify Analysis, for comparing or integrating with Security Reviewer’s results.

...