IntelliJ IDEA can now analyze your codebase and highlight known vulnerabilities.
The IDE highlights packages with known vulnerabilities in go.mod. You can hover over the highlighted code or press Alt+Enter and choose Show vulnerability info for …, and GoLand will show you a list of vulnerabilities with links to the detailed description. The data about vulnerabilities is provided by the software security company Checkmarx.
If you have method calls from packages with known vulnerabilities, IntelliJ IDEA will also highlight them right in your editor. You can hover over highlighted code and see a popup with information about the vulnerability and a link to the detailed description.
If there is a solutuion for the current vulnerability, IntelliJ IDEA will suggest an appropriate quick-fix. For example, if you need to upgrade the package version in order to fix the vulnerability. IntelliJ IDEA will suggest to upgrade the package version.
Quick-fixes for packages with vulnerabilities
Press F2 or click the highlighted package.
Press Alt+Enter to call intention actions and select Show vulnerability info for ....
IntelliJ IDEA will display a popup with found vulnerabilities. To read more about a vulnarability, select the vulnerability and press Enter.
View all vulnerabilities in the Problems tool window
Open the go.mod file.
Click the widget in the top-right corner of the editor. The IDE opens the Problems tool window with all the found vulnerabilities.
If you right-click the found vulnerability in the Problems tool window, you can select Show Quick-Fixes to view available quick-fixes.
Analyze your code for vulnerabilities
From the main menu, click.