OSS INSPECTOR IDE PLUGIN

The Smarter Approach to Open Source Compliance and Security

Ensure your code is secure and compliant by effortlessly managing open source dependencies directly in your IDE.

Streamline OSS Management with Precise Dependency Insights

Safeguard Your Codebase from Potential Risks

The OSS Inspector IDE plugin is a comprehensive and time-efficient approach to open source management. Gain a complete understanding of your project’s OSS dependency tree, providing crucial insights before new components are introduced into the codebase. This proactive approach helps prevent costly issues later in the development cycle, such as the integration of components with copyleft licenses or known security vulnerabilities.

BENEFITS OF OSS INSPECTOR

  • Inspect a Gradle project for OSS components
  • Present to the user a full dependency tree of OSS components
  • Show OSS components’ metadata
  • Component, Version, License, Vulnerabilities
  • Supports IntelliJ IDE for Java & Kotlin projects using Gradle as build tool
  • Free with Revenera SCA offering

Essential Insights for Safe and Compliant Open Source Integration

Seamless Integration with IntelliJ IDEA

The OSS Inspector plugin is specifically designed for developers using IntelliJ IDEA for Java and Kotlin projects. It allows for in-IDE examination of OSS licenses and security vulnerabilities, enabling immediate assessment and remediation without leaving the development environment.

Comprehensive Dependency Analysis

OSS Inspector inspects Gradle projects for OSS components, presenting developers with a full dependency tree that includes detailed metadata such as component name, version, license, and vulnerabilities.

Enhanced Security and Compliance

By providing insights into OSS components before check-in, OSS Inspector helps developers maintain secure and compliant code from the start. Key features include identification of components with copyleft licenses and vulnerabilities, as well as providing critical information such as PURL (Package URL), vulnerability ID, severity level, and CVSS score.

OSS Inspector

Enhancing Development Efficiency and Compliance with In-IDE License and Security Assessment Tools

Learn More

WHY OSS INSPECTOR?

  • Component Name and Version: Knowing the exact component and version helps you manage and track the specific software you're using, ensuring that you're aware of what is being integrated into your project.
  • PURL (Package URL): The PURL gives you a consistent and reliable way to identify and locate the software package, which is essential for tracking updates, patches, and dependencies across different systems and tools.
  • Licenses: Understanding the licenses associated with a component is crucial for legal compliance. Different licenses have different obligations, and using the wrong one could lead to legal issues or restrictions on how you can use your software.
  • Vulnerability ID: The Vulnerability ID helps you quickly identify any known security issues with the component. By being aware of these vulnerabilities, you can take steps to mitigate them, such as applying patches or choosing a different component.
  • Severity: The severity level tells you how critical a security vulnerability is. This helps you prioritize which issues to address first, focusing on those that pose the greatest risk to your project.
  • Score: The CVSS score provides a detailed assessment of the risk posed by a vulnerability, allowing you to make informed decisions about whether to use or update a component.
Image

Dependency Tree with Component and Vulnerability details in OSS Inspector

Resources

SOFTWARE COMPOSITION ANALYSIS

Get a Demo

The OSS Inspector IDE plugin is included with Revenera's SCA offering. Enable your development, legal and security teams to reduce open source security risk and manage license compliance with an end-to-end system.