Vulnerability checker
Relying on third-party software in your projects can become a source of vulnerability. To prevent security issues arising from external packages, you can inspect your project using the Vulnerability Checker tool available in the Qodana for JVM linter starting from version 2023.2. This tool is designed using the Checkmarx (c) data to check Gradle and Maven dependencies for known vulnerabilities and let you manage such cases by getting the information about vulnerable dependencies. Based on that, you can also take immediate action to address vulnerabilities by quickly migrating to a safe and stable version of the package without known vulnerability issues.
This feature is available under the Ultimate Plus license and its trial version.
How it works
To inspect your code using the Vulnerability Checker, in the qodana.yaml file, enable the VulnerableLibrariesGlobal inspection:
After your project is inspected, you can update the packages containing vulnerabilities to versions where such vulnerabilities are fixed, or switch to alternative packages.