We use cookies to ensure you get the best experience on our website.Read moreRead moreGot it

close
  • Products
    • Products
      • Snyk Open Source (SCA)
        Avoid vulnerable dependencies
      • Snyk Code (SAST)
        Secure your code as it’s written
      • Snyk Container
        Keep your base images secure
      • Snyk Infrastructure as Code
        Fix misconfigurations in the cloud
      • Snyk Cloud
        Build, deploy, and stay secure
    • Solutions
      • Application security
        Build secure, stay secure
      • Software supply chain security
        Mitigate supply chain risk
      • Cloud security
        Build and operate securely
    • Platform
      • What is Snyk?
        Developer-first security in action
      • Developer security platform
        Modern security in a single platform
      • Security intelligence
        Comprehensive vulnerability data
      • License compliance management
        Manage open source usage
  • Resources
    • Using Snyk
      • Documentation
      • Vulnerability intelligence
      • Product training
      • Customer success
      • Support portal & FAQ’s
    • learn & connect
      • Blog
      • Community
      • Events & webinars
      • DevSecOps hub
      • Developer & security resources
    • Listen to the Cloud Security Podcast, powered by Snyk
  • Company
    • About Snyk
    • Customers
    • Partners
    • Newsroom
    • Snyk Impact
    • Contact us
    • Jobs at Snyk We are hiring
  • Pricing
Log inBook a demoSign up
All articles
  • Application Security
  • Cloud Native Security
  • DevSecOps
  • Engineering
  • Partners
  • Snyk Team
  • Show more
    • Vulnerabilities
    • Product
    • Ecosystems
IntelliJ Snyk Integration
Product

IntelliJ plugin to fix vulnerable dependencies

Aner Mazur
Aner MazurOctober 2, 2018

Snyk has now released an IntelliJ plugin that enables developers to find and fix vulnerabilities in their dependencies from right within their IDE!

As part of Snyk’s commitment to empowering developers to own security, a lot has been investedin making comprehensive Git integrations (with Github, GitLab, BitBucket) so that finding and fixing vulnerabilities happens as an integral part of the development process.

It has been a key part of Snyk’s success, as it enabled scanning every pull request as well as continuously monitoring any change in the code repositories.

We now want to enable developers to tackle vulnerabilities even before they check in their code, in the environment where they spend most of their time. Built to run inside IntelliJ and directly on the JVM, you can now have the Snyk open source security testing and actionable remediation advice without needing to step outside of IntelliJ – no Node installation required.  

The plugin supports all Maven projects, and is free 🙂

Getting Started

The Snyk plugin is a standard IntelliJ plugin, a quick reminder on how it can be installed.

Navigate to IntelliJ IDEA > Preferences > Plugins

Search for Snyk and install the Snyk Vulnerability Scanning plugin:

Then accept the privacy notices, restart IntelliJ IDE and the Snyk plugin will appear as a small tab on the bottom right.

You may need to login to Snyk through your GitHub account if you haven’t done so yet. Once done, you can easily choose which project to scan:

Finding and Fixing Vulnerabilities

Once a project is scanned, you’ll get a list of all the vulnerabilities that were found. Here’s an example from a simple spring demo application:

For each vulnerability, you can see the title with the type of vulnerability as well as a details link to gain more in depth details on the vulnerable version ranges, the way it can be exploited, etc.

You’ll see in gray the open source dependency that introduced the vulnerability, and do note that many times it may be a transitive dependency, as in the example below. You’ll be able to see the full dependency path that had led from the direct dependency you added to the vulnerable one (including all the packages on the way).

The Snyk IntelliJ plugin will provide upgrade recommendation (shown in bold green), which will be the minimal version you should upgrade to that will rid you of that vulnerability. Even cooler, you can see the full dependency tree as it will look once you upgrade (in the green box).

Clicking the direct dependency will take you right to the place in your pom.xml where it’s defined, and then you can easily apply the upgrade.

More to come..

We plan on adding support beyond Maven also to Gradle and Sbt at first, as well as supporting additional IDEs you may be using.

And, we do assume we’ll be getting feedback from our beloved community which we’ll bake in as well 🙂

Happy coding!

Discuss this blog on Discord

Join the DevSecOps Community on Discord to discuss this topic and more with other security-focused practitioners.

Go to Discord
Footer Wave Top
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment
Develop Fast.
Stay Secure.
Snyk|Open Source Security Platform
Sign up for freeBook a demo

Product

  • Developers & DevOps
  • Vulnerability database
  • Pricing
  • Test with GitHub
  • API status
  • IDE plugins
  • What is Snyk?

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Company

  • About
  • Snyk Impact
  • Customers
  • Jobs at Snyk
  • Snyk for government
  • Legal terms
  • Privacy
  • Press kit
  • Events
  • Security and trust
  • Do not sell my personal information

Connect

  • Book a demo
  • Contact us
  • Support
  • Report a new vuln

Security

  • JavaScript Security
  • Container Security
  • Kubernetes Security
  • Application Security
  • Open Source Security
  • Cloud Security
  • Secure SDLC
  • Cloud Native Security
  • Secure coding
  • Python Code Examples
  • JavaScript Code Examples
Snyk|Open Source Security Platform

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Track our development

© 2022 Snyk Limited
Registered in England and Wales
Company number: 09677925
Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT.
Footer Wave Bottom