Vulnerable declared dependency
Reports vulnerabilities in Gradle, Maven, NPM and PyPI dependencies declared in your project. A full list of Gradle and Maven dependencies is shown in the Project tool window under External Libraries.
Fixing the reported problems helps prevent your software from being compromised by an attacker.
To solve a problem, you can update to a version where the vulnerability is fixed (if available) or switch to a dependency that doesn't have the vulnerability.
The quick-fixes available may suggest updating to a safe version or visiting the Checkmarx website to learn more about a particular vulnerability.
Locating this inspection
- By ID
Can be used to locate inspection in e.g. Qodana configuration files, where you can quickly enable or disable it, or adjust its settings.
VulnerableLibrariesLocal- Via Settings dialog
Path to the inspection settings via IntelliJ Platform IDE Settings dialog, when you need to adjust inspection settings directly from your IDE.
Vulnerability data provided by Checkmarx (c).
Inspection options
Here you can find the description of settings available for the Vulnerable declared dependency inspection, and the reference of their default values.
- Ignoring dependencies
Not selected
- Ignored dependencies
None
Availability
- By default bundled with
GoLand 2024.1, IntelliJ IDEA 2024.1, PhpStorm 2024.1, PyCharm 2024.1, Qodana for Go 2024.1, Qodana for JS 2024.1, Qodana for JVM 2024.1, Qodana for PHP 2024.1, WebStorm 2024.1
- Can be installed with plugin
Package Checker, 241.18072