Hello Reddit, I recently joined a large company that only uses Eclipse. So of course I downloaded IntelliJ instead. The tech lead on my team told me that I needed to get approval from information security to use it. I thought that would be no problem since IntelliJ Community just has an Apache Version 2.0 License, which is fine for commercial use.
So I go through the bureaucracy and upload the IntelliJ Community zip file to our Nexus IQ server for security scanning. The report generated from the analysis of the zip file said there was a dependency on this obscure repo, which has an AGPL license.
Now information security is saying that it's impossible for the company to use IntelliJ because AGPL requires code to be open-sourced. I haven't been able to find anything on the internet saying that IntelliJ actually does have this dependency, or that it's not OK to use commercially, so now I'm confused. MyAccountAccess
Is the security scan wrong? Does the AGPL license not matter? Can I somehow prove to my company that IntelliJ Community is OK to use for commercial use? I appreciate any comments/advice.