

IntelliJ IDEA Integration
Secure your development workflow directly within the IntelliJ IDEA integrated development environment (IDE). With the Sonatype IntelliJ IDEA integration, you can scan open source components, enforce policies, and get real-time insights — all without leaving your favorite IDE.
Works With: 
Code Securely with Sonatype SCA Capabilities in IntelliJ IDEA
The Sonatype IntelliJ IDEA integration is a plugin that brings powerful software composition analysis (SCA) capabilities right into your IntelliJ IDE.
Developers working with IntelliJ IDEA can leverage the plugin to:
- Scan Maven, Gradle, PyPI, and (with IntelliJ IDEA Ultimate) npm projects directly in the IDE
- Instantly detect vulnerable or risky components
- Review detailed component intelligence powered by Sonatype Lifecycle
- Get policy evaluations and remediation guidance without context switching

IntelliJ IDEA + Sonatype Lifecycle
The integration between IntelliJ IDEA and Sonatype Lifecycle empowers development teams to shift security left by identifying vulnerabilities early in the software development life cycle (SDLC).
With the IntelliJ IDEA plugin, Sonatype Lifecycle automatically evaluates open source components against your organization’s policies. Developers stay informed about risks — such as security vulnerabilities or license issues — before pushing code or creating pull requests.
IntelliJ IDEA Integration Features
Inline Component Intelligence in Your IntelliJ IDE
Access Sonatype’s detailed component data including version history, vulnerabilities, licenses, and popularity directly within IntelliJ IDEA.
Instant Remediation Guidance
Quickly identify safe versions to upgrade to with actionable remediation advice surfaced right in your IntelliJ IDE.
Real-Time Policy Evaluation
Automatically assess project dependencies against your organization’s policies inside the IntelliJ IDE, with immediate visual indicators for any violations.
Secure, Streamlined Workflows
Boost developer productivity by integrating Sonatype’s open source risk management into IntelliJ IDEA, reducing context switching and enabling smarter decisions during development.
Support for Maven and Gradle Projects
Use the IntelliJ IDEA plugin to scan both Maven and Gradle builds for security and compliance issues.
Easy Plugin Installation
Install the Sonatype IntelliJ IDEA plugin in just a few clicks — no complex configuration required.
IntelliJ IDEA Resources
Looking to get started or need technical details? Visit our documentation for step-by-step instructions on installing and using the Sonatype plugin for IntelliJ IDEA.
FAQs
What is Sonatype’s IntelliJ IDEA integration used for?
The IntelliJ plugin enables developers to scan open source components in real-time, identify policy violations, and get actionable remediation advice within IntelliJ IDEA.
What IntelliJ versions are supported?
The plugin supports IntelliJ IDEA version 2022.1 or newer.
What types of projects can the IntelliJ integration scan?
The IntelliJ IDEA integration supports scanning projects that use Maven, Gradle, and PyPI. If you’re using IntelliJ IDEA Ultimate, the plugin can also scan npm-based projects.
What Sonatype product is required to use this IntelliJ IDEA integration?
The IntelliJ plugin integrates with Sonatype Lifecycle to provide policy enforcement and component intelligence.
Where can I download the IntelliJ IDEA integration?
You can install it from the Sonatype integrations page or visit the JetBrains Marketplace.