Package analysis
Larger and more complex projects usually have number of third-party dependencies that help developing productivity, extending the common libraries and frameworks functionality.
However, relying on the third-party code arises the security issue whether or not you use vulnerable dependencies in your project.
The bundled IntelliJ IDEA Package Checker plugin that is powered by Checkmarx checks Gradle, Maven, NPM and PyPI dependencies for known vulnerabilities and lets you manage such cases by getting the information about a vulnerable dependency and update it to the newly released version.
While you are writing your code in the editor, the IDE will highlight packages that are considered vulnerable. The plugin inspects for vulnerable declared and vulnerable imported (transitive) dependencies and suggests fixes where available.
In addition, you can run an inspection to display the list of all vulnerable dependencies in the project.
Show vulnerable dependencies
From the main menu, select
.In the list of options, select Show vulnerable dependencies.
The result is displayed in the Dependency Checker tool window.
You can check the information about the listed vulnerable dependencies and update them to suggested versions.
You can change the severity of the inspection and make it "error" instead of "warning".
Change the inspection severity
Press Control+Alt+S to open the IDE settings and select
.From the options on the right, select the Security node and select the name of the inspection.
Change the severity, scope, and highlighting as needed. Click OK to save the changes.