IntelliJ IDEA
 
Get IntelliJ IDEA
You are viewing the documentation for an earlier version of IntelliJ IDEA.

Package analysis

Last modified: 31 January 2023

Larger and more complex projects usually have number of third-party dependencies that help developing productivity, extending the common libraries and frameworks functionality.

However, relying on the third-party code arises the security issue whether or not you use vulnerable dependencies in your project.

The bundled IntelliJ IDEA Package Checker plugin that is powered by Checkmarx checks Gradle, Maven, NPM and PyPI dependencies for known vulnerabilities and lets you manage such cases by getting the information about a vulnerable dependency and update it to the newly released version.

While you are writing your code in the editor, the IDE will highlight packages that are considered vulnerable. The plugin inspects for vulnerable declared and vulnerable imported (transitive) dependencies and suggests fixes where available.

Change dependency

In addition, you can run an inspection to display the list of all vulnerable dependencies in the project.

You can change the severity of the inspection and make it "error" instead of "warning".