OSS INSPECTOR IDE PLUGIN
The Smarter Approach to Open Source Compliance and Security
Ensure your code is secure and compliant by effortlessly managing open source dependencies directly in your IDE.
Streamline OSS Management with Precise Dependency Insights
Safeguard Your Codebase from Potential Risks
The OSS Inspector IDE plugin is a comprehensive and time-efficient approach to open source management. Gain a complete understanding of your project’s OSS dependency tree, providing crucial insights before new components are introduced into the codebase. This proactive approach helps prevent costly issues later in the development cycle, such as the integration of components with copyleft licenses or known security vulnerabilities.
BENEFITS OF OSS INSPECTOR
- Inspect a Gradle project for OSS components
- Present to the user a full dependency tree of OSS components
- Show OSS components’ metadata
- Component, Version, License, Vulnerabilities
- Supports IntelliJ IDE for Java & Kotlin projects using Gradle as build tool
- Free with Revenera SCA offering
Essential Insights for Safe and Compliant Open Source Integration
Seamless Integration with IntelliJ IDEA
The OSS Inspector plugin is specifically designed for developers using IntelliJ IDEA for Java and Kotlin projects. It allows for in-IDE examination of OSS licenses and security vulnerabilities, enabling immediate assessment and remediation without leaving the development environment.
Comprehensive Dependency Analysis
OSS Inspector inspects Gradle projects for OSS components, presenting developers with a full dependency tree that includes detailed metadata such as component name, version, license, and vulnerabilities.
Enhanced Security and Compliance
By providing insights into OSS components before check-in, OSS Inspector helps developers maintain secure and compliant code from the start. Key features include identification of components with copyleft licenses and vulnerabilities, as well as providing critical information such as PURL (Package URL), vulnerability ID, severity level, and CVSS score.
OSS Inspector
Enhancing Development Efficiency and Compliance with In-IDE License and Security Assessment Tools
WHY OSS INSPECTOR?
- Component Name and Version: Knowing the exact component and version helps you manage and track the specific software you're using, ensuring that you're aware of what is being integrated into your project.
- PURL (Package URL): The PURL gives you a consistent and reliable way to identify and locate the software package, which is essential for tracking updates, patches, and dependencies across different systems and tools.
- Licenses: Understanding the licenses associated with a component is crucial for legal compliance. Different licenses have different obligations, and using the wrong one could lead to legal issues or restrictions on how you can use your software.
- Vulnerability ID: The Vulnerability ID helps you quickly identify any known security issues with the component. By being aware of these vulnerabilities, you can take steps to mitigate them, such as applying patches or choosing a different component.
- Severity: The severity level tells you how critical a security vulnerability is. This helps you prioritize which issues to address first, focusing on those that pose the greatest risk to your project.
- Score: The CVSS score provides a detailed assessment of the risk posed by a vulnerability, allowing you to make informed decisions about whether to use or update a component.
Dependency Tree with Component and Vulnerability details in OSS Inspector
Resources
Data Sheet
OSS Inspector Plugin
Ensure your code is secure and compliant by effortlessly managing open source dependencies directly in your IDE.
Webinar
Mitigating Risks in Open Source and Software Supply Chains: A Global Outlook
Thursday, October 17, 2024
Learn about the latest regulation changes in the US and EU. Particularly what’s changing in the world of Open Source and how to navigate their legal rights and responsibilities in this Revenera webinar.
Webinar
2024 Software Security and Compliance Predictions
It’s time to discuss the hottest trends for 2024 in software composition analysis and software supply chain security. Register and attend this must-watch webinar and get a jumpstart on what to prepare for in the year ahead.
Webinar
Breaking down the Software Bill of Materials adoption myths
Join industry experts to learn how you can use SBOMs to improve the security of your software supply. This webinar will break down the myths of SBOM adoption and outline the steps to create a mature strategy to meet the needs of your organization.
Webinar
OSS management use cases for software supply chain security
Join our expert team as they walk you through four key open source software (OSS) management use cases that enable you to confidently identify security vulnerabilities in open-source and third-party components within your code in this Revenera webinar
Webinar
Intro & Refresher - Managing Open Source Software
Learn about or get a refresher on OSS, SCA, OSPOs, and SBOMs along with the latest industry updates. In this productive webinar session by Revenera’s open source expert, Alex Rybak.
From the Blog
Blog
The Role of Developers in Evaluating Open Source Components
Blog
The Role of IDE Plugins in Driving DevSecOps Success
Blog
Open Source Vulnerability Management – Deal with Overload Like a Boss
SOFTWARE COMPOSITION ANALYSIS
Get a Demo
The OSS Inspector IDE plugin is included with Revenera's SCA offering. Enable your development, legal and security teams to reduce open source security risk and manage license compliance with an end-to-end system.