Revenera OSS Inspector enables developers to assess open source software risks
Revenera announced OSS Inspector, a comprehensive, time-efficient approach to open source software (OSS) management.
The Revenera OSS Inspector plugin enables developers using IntelliJ IDEA, an integrated development environment (IDE), to examine, within the IDE itself, the licenses and security vulnerabilities associated with the OSS components used in the application code. Without leaving the IDE, developers can immediately assess security risks to determine whether they require further review and remediation.
OSS Inspector helps developers gain a complete understanding of the dependency tree before they introduce new components into code. By providing insights into open source components prior to check-in, OSS Inspector saves significant time and effort, avoiding costly issues later in the development cycle. As part of a comprehensive approach to software composition analysis (SCA), OSS Inspector also prevents the injection of components with copyleft licenses or security vulnerabilities, ensuring that code remains secure and compliant right from the start.
“More than 80% of software applications incorporate open source software, offering advantages such as adaptability, cost-effectiveness, and collaborative development. However, failure to address the associated challenges of OSS use, including security vulnerabilities, license compliance issues, and code quality, can lead to serious consequences, such as data breaches and compliance violations,” said Venkat Ram Donga, Product Management Director at Revenera.
“Revenera’s OSS Inspector addresses these challenges by offering a comprehensive, proactive, and efficient approach to open source management. OSS Inspector enables developers to gain a complete understanding of their project’s OSS dependency tree, and helps prevent technical debt,” added Ram Donga.
Revenera’s OSS Inspector supports developers by providing:
- Comprehensive dependency analysis: OSS Inspector inspects Gradle projects for OSS components, presenting developers with a full dependency tree that includes detailed metadata, such as component name, version, license, and vulnerabilities.
- Seamless integration with IntelliJ IDEA: The OSS Inspector plugin is specifically designed for developers using IntelliJ IDEA for Java and Kotlin projects. It allows for in-IDE examination of OSS licenses and security vulnerabilities, enabling immediate assessment and remediation without leaving the development environment.
- Enhanced security and compliance: By providing insights into OSS components before check-in, OSS Inspector helps developers maintain secure and compliant code from the start. Key features include identification of components with copyleft licenses and vulnerabilities, as well as providing critical information such as PURL (Package URL), vulnerability ID, severity level, and CVSS score.
Revenera’s OSS Inspector is available free with Revenera SCA offering.