Revenera unveils OSS Inspector plugin for IntelliJ IDEA users
Revenera has introduced OSS Inspector, a new plugin in its Software Composition Analysis (SCA) solution.
The plugin is designed to assist developers in assessing open source software (OSS) risks directly within their integrated development environment (IDE). This new feature, available for IntelliJ IDEA users, aims to streamline the process of identifying license and security vulnerabilities associated with OSS components prior to checking in code.
The OSS Inspector plugin allows developers to evaluate the security risks of OSS components without leaving their IDE. By doing so, they can immediately determine if any components require further review and remedial action. This capability ensures developers have a clear understanding of the dependency tree before new components are added to the codebase.
Revenera highlights that OSS Inspector provides insights into open source components early in the development cycle. This preemptive approach helps developers save significant time and effort while avoiding potential issues that could arise later. The plugin is also designed to prevent the introduction of components with copyleft licenses or known security vulnerabilities, thereby ensuring that the code remains secure and compliant from the outset.
The use of open source software in over 80 percent of software applications offers various advantages, including adaptability, cost-effectiveness, and collaborative development. However, the associated challenges, such as security vulnerabilities, license compliance issues, and code quality, can lead to serious consequences if not properly addressed.
"Failure to address the associated challenges of OSS use, including security vulnerabilities, license compliance issues, and code quality, can lead to serious consequences, such as data breaches and compliance violations," said Venkat Ram Donga, Product Management Director at Revenera."Revenera's OSS Inspector plugin enables developers to detect OSS components directly within the IntelliJ IDE before code is checked in, further shifting-left to mitigate compliance issues as early as possible."
The plugin helps to reduce the need for multiple review and remediation cycles by detecting issues early in the development process. This early detection capability assists organisations in maintaining secure and compliant code from the beginning of the development cycle.
Key features of the OSS Inspector plugin include the identification of components with copyleft licenses and vulnerabilities, and the provision of critical information such as Package URL (PURL), vulnerability ID, severity level, and Common Vulnerability Scoring System (CVSS) score. These features provide developers with the necessary information to address issues promptly and effectively.
OSS Inspector is available free of charge as part of Revenera's SCA offering. The plugin's integration within the IntelliJ IDEA IDE is expected to provide a seamless and efficient experience for developers focusing on maintaining secure and compliant software.