Overview
The Tidelift IntelliJ IDEA integration helps you achieve a healthy open-source software supply chain by monitoring your dependencies for issues like vulnerabilities, packages that are end-of-life, releases that have been removed upstream, and more. As a developer, you can see issues in your project before you push code, saving you from tedious changes later in your build process.
This feature is in beta, and currently soliciting developer experience feedback.
Supported ecosystems
Tidelift maintains a list of supported ecosystems here. Currently, the IntelliJ IDEA integration has full support for Maven and Gradle. Features such as automatic alignments and packages are not yet supported for other ecosystems.
Key features
- Continuous scanning: Tidelift will monitor and evaluate your project dependencies against the standards set by your organization.
- Timely notifications: If a dependency change introduces new standards violations to your project, Tidelift will let you know so that you can avoid taking on new tech and security debt.
- Helpful categorization: Want to identify and fix certain types of violations like vulnerabilities or end-of-life packages first? The tree view groups information in multiple ways so that you can use the it in a way that’s most helpful to you.
Usage
Upon initial configuration and after every dependency change, Tidelift will run an alignment. Alignment results are available through this integration, as is information about specific releases or violations. If a dependency is introduced or a dependency changes versions and new violations are detected, the editor will notify you and allow you to view the details.
Installation and Configuration
- Install Tidelift from the plugin marketplace within the IntelliJ settings window.
- Get a user API key from the Tidelift app
- Open Tidelift settings by running the "Tidelift: Settings" action or clicking the gear icon from the extension sidebar and enter your API Key.
- Select your organization and project from the pre-populated list. These settings will automatically update your ".tidelift" file, or create one if it does not exist.
- You can also edit the ".tidelift" file in the root directory of the workspace directly to add other configuration properties. Read more about the .tidelift file.
Security & Privacy
This integration is based on the Tidelift CLI and uses it for all interactions with Tidelift services. It does not collect any additional user information beyond what the CLI requires.
Troubleshooting
Locating the debug logs
IntelliJ IDEA automatically sends error reports to our error collection service, and the log can be located by going to "Help -> Show Log in Finder".
CLI Troubleshooting
Because this integration is based on Tidelift CLI, it's worthwhile to also review the CLI troubleshooting guide to make sure its requirements are satisfied.
IntelliJ IDEA wants to use your confidential information
On MacOS, the Tidelift API key you store with IntelliJ is kept in the login keychain and accessed each time it's needed. Please choose "Always Allow".