Skip to content

Monitors for new or updated dependencies and provides vulnerability information wihthin the editor

License

Notifications You must be signed in to change notification settings

doddi/vulnerability_scanner_idea_plugin

Repository files navigation

CircleCI

Idea Vulnerability Scanner Plugin

ARCHIVED in favour of the LSP derivative Vuln-LSP

Scanning configuration has options for:

Any violations discovered will appear at the package level within the editor.

OSS Index

Violation information can be seen by way of highlighting packages (underscore in red) at the location the vulnerable component has been imported

OSS IndexAnnotation

Nexus IQ Server

The Nexus IQ Server additionally benefits from identifying the threat level as can be seen in the following picture. Blue, Orange and Red underscore indicates an increasing threat level respectively. Each threatlevel can be configured to be hidden, additionally the tooltip offers remediation advice.

Nexus IQ Annotation

A list of all the violations within the project can be accessed from Tools -> Vulnerability Scanner

Tool Information

Compatibility

Ecosystem Intellij CLion Goland
Java (Maven)1
Rust (Cargo)2
Golang (Go mods)
Python (requirements.txt)

note 1 Only simple single module projects are currently supported

note 2 Requires the Rust language plugin to be installed

Requirements

  • Intellij 2020.2 or later
  • OpenJDK 8

Building

./gradlew buildPlugin

After building the artifact is stored at <project_directory>/build/distributions

TODO

See https://github.com/doddi/vulnerability_scanner/issues

About

Monitors for new or updated dependencies and provides vulnerability information wihthin the editor

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Languages