ARCHIVED in favour of the LSP derivative Vuln-LSP
Scanning configuration has options for:
- Sonatype Nexus IQ Server scans for policy violations with remediation recommendations
- OSS Index to determine vulnerabilities brought into your code
Any violations discovered will appear at the package level within the editor.
Violation information can be seen by way of highlighting packages (underscore in red) at the location the vulnerable component has been imported
The Nexus IQ Server additionally benefits from identifying the threat level as can be seen in the following picture. Blue, Orange and Red underscore indicates an increasing threat level respectively. Each threatlevel can be configured to be hidden, additionally the tooltip offers remediation advice.
A list of all the violations within the project can be accessed from Tools -> Vulnerability Scanner
| Ecosystem | Intellij | CLion | Goland |
|---|---|---|---|
| Java (Maven)1 | ✅ | ✅ | |
| Rust (Cargo)2 | ✅ | ✅ | |
| Golang (Go mods) | ✅ | ✅ | |
| Python (requirements.txt) | ✅ |
note 1 Only simple single module projects are currently supported
note 2 Requires the Rust language plugin to be installed
- Intellij 2020.2 or later
- OpenJDK 8
./gradlew buildPlugin
After building the artifact is stored at <project_directory>/build/distributions
See https://github.com/doddi/vulnerability_scanner/issues