Qodana
 

Vulnerability checker

Edit pageLast modified: 03 December 2024

Relying on third-party software in your projects can become a source of vulnerability. To prevent security issues arising from external packages, you can analyze your project using the vulnerability checker tool available in the Qodana for JVM, Qodana for .NET Qodana for Python, Qodana for Go, and Qodana for JS (only npm packages) linters starting from version 2023.2. This feature employs the OSV tool to check Gradle, Maven, NPM and PyPI dependencies for known vulnerabilities and let you manage such cases by getting the information about vulnerable dependencies. Based on that, you can also take immediate action to address vulnerabilities by quickly migrating to a safe and stable version of the package without known vulnerability issues.

The vulnerability checker doesn't send information about packages to the JetBrains server in a clear textual form. It sends only hashed names of packages. We never log or process hashes we don't have in our database. Thus, we don't analyze your proprietary or confidential packages.

This feature is available under the Ultimate Plus license and its trial version and provides the following Qodana inspections: