stream-registry
stream-registry copied to clipboard
OWASP Dependency Vulnerability Scanner
Desired Behavior
Dependency vulnerabilities should be known at build-time.
https://www.owasp.org/index.php/OWASP_Dependency_Check
Maven coördinates
<dependency>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>4.0.1</version>
<type>maven-plugin</type>
</dependency>
Benefits
- Safer run-time environments
- Trusted builds & releases
Or https://github.com/apps/sonatype-depshield
Ref - https://blog.sonatype.com/the-rise-of-dependency-scanners