CodeScoring SCA

CodeScoring Software Composition Analysis (SCA) for IntelliJ-based IDEs

Identify and fix vulnerable dependencies in your projects with real-time scanning, intelligent highlighting, and one-click remediation.

🚀 Key Features

• Real-time Vulnerability Detection - Scan projects for vulnerable dependencies using Johnny CLI
• Smart Code Highlighting - Color-coded severity indicators directly in your code
• Rich Hover Tooltips - Detailed vulnerability information with CVSS scores and fix recommendations
• Interactive Vulnerability Explorer - Tree view with grouping, filtering, and search capabilities
• One-Click Quick Fixes - Automatically update to secure dependency versions
• Source Code Navigation - Double-click vulnerabilities to jump to dependency declarations
• BOM comparison - Track changes in components and vulnerabilities between scans

📦 Supported Ecosystems

Works with 20+ package managers across multiple languages:

• Java/JVM: Maven (pom.xml), Gradle (build.gradle, .kts), Ivy
• JavaScript/Node.js: NPM, Yarn, PNPM (package.json, package-lock.json, yarn.lock)
• Python: Pip, Poetry, Pipenv (requirements.txt, pyproject.toml, Pipfile)
• C#/.NET: NuGet, Paket (.csproj, packages.config, paket.dependencies)
• Ruby: Bundler, RubyGems (Gemfile, .gemspec)
• Go: Go modules (go.mod, go.sum)
• Rust: Cargo (Cargo.toml, Cargo.lock)
• PHP: Composer (composer.json, composer.lock)
• Swift: Swift Package Manager, CocoaPods
• C/C++: Conan package manager
• And more... Conda, yaml files, plain text dependency lists

⚡ Getting Started

1. Install the plugin and configure your CodeScoring API credentials
2. Click "Run Scan" or use Tools → CodeScoring SCA → Run Scan
3. View results in the Vulnerabilities panel
4. Hover over highlighted dependencies for details
5. Apply Quick Fixes with Alt+Enter or click suggestions

View Documentation

🎯 Smart Installation Options

• Docker container: Isolated scanning in containerized environment
• Local executable: Use your own Johnny CLI installation

🔧 Advanced Features

• Customizable UI: Severity colors, highlighting preferences, tooltip settings
• Performance tuning: Batch processing, pagination controls
• Flexible filtering: Enable/disable inspections per ecosystem
• Secure storage: API tokens stored using IntelliJ's credential manager
• Rich reporting: Detailed HTML reports with exportable results

🏢 Compatible IDEs

Works with all IntelliJ-based IDEs including OpenIDE, IntelliJ IDEA, PyCharm, WebStorm, PhpStorm, RubyMine, GoLand, CLion, Rider, and Android Studio.

Minimum version: 2022.2+ | Latest tested: 2025.2

📄 License

This plugin is proprietary software. See the LICENSE.txt file included with the plugin for full license terms and conditions.

By installing and using this plugin, you agree to be bound by the terms of the End User License Agreement for CodeScoring IDE Plugin.