As COBOL development continues to evolve, the demand for a fast, reliable, and user-friendly static application security testing (SAST) tool has never been more pressing. That’s why we’re excited to introduce IBM® ZCodeScan—a solution designed to revolutionize COBOL code scanning and security workflows.
This blog dives into the unique capabilities of IBM® ZCodeScan and explores the innovative features that set it apart in the world of z/OS application development. Whether you’re navigating complex z/OS applications or striving to deliver high-quality, secure software, IBM® ZCodeScan is here to simplify your journey and elevate your outcomes.
IBM® ZCodeScan, a component of IBM Developer for z/OS Enterprise Edition(IDzEE), is a transformative solution tailored for modern COBOL development. Built with the cutting-edge features of the Visual Studio Code editor, it seamlessly integrates security vulnerability scanning and code reviews into z/OS application development workflows.
This innovative tool is designed to empower development teams to deliver high-quality, secure software with ease. By identifying potential vulnerabilities and enforcing coding standards in real-time, IBM® ZCodeScan helps developers focus on creating efficient, reliable code without compromising on quality or security. Whether you're scanning for risks or reviewing code against best practices, IBM® ZCodeScan ensures your development process is faster, smarter, and future proof.
IBM® ZCodeScan is packed with powerful features designed to tackle common challenges in z/OS application development. As part of the initial General Availability (GA) released on June 13, 2025, here’s how IBM® ZCodeScan revolutionizes COBOL code scanning:
-
Cutting-Edge COBOL Security Vulnerability Scanner Developed in close collaboration with the COBOL compilers' team, this IBM-supplied scanner is fine-tuned to detect security vulnerabilities and code smells, giving developers the confidence to write safer, more secure code.
-
Pre-Built Code Review Rules Get a head start with ready-to-use code review rules that incorporate best practices for COBOL. These rules simplify adherence to coding standards, ensuring your applications meet high-quality benchmarks right from the start.
-
Real-Time Code Review with Intelligent Linting Bring instant feedback to your workflow! IBM® ZCodeScan integrates linting directly into IDz on VS Code, offering continuous, real-time reviews as you write code. No need to wait for builds—address potential issues as they arise.
-
Flexible Command-Line Interfaces (CLIs) Adapt to modern development pipelines with versatile CLIs that allow you to perform code reviews from any pipeline orchestrator. Empower your team to incorporate code quality checks seamlessly into their processes.
With these robust features, IBM® ZCodeScan ensures developers can focus on what they do best—building innovative solutions—while keeping code secure and compliant.
Here is a short video which explains IBM® ZCodeScan and how you can use it in the editor and on the command line interface.