top | item 47094599 (no title) bpavuk | 9 days ago is there a `govulncheck`-like tool for the JVM ecosystem? I heard Gradle has something like that in its ecosystem.search revealed Sonatype Scan Gradle plugin. how is it? discuss order hn newest wpollock|9 days ago It's been a few years, but for Java I used OWASP: <https://owasp.org/www-project-dependency-check/>, which downloads the NVD (so first run was slow) and scans all dependicies against that. I ran it from maven as part of the build.
wpollock|9 days ago It's been a few years, but for Java I used OWASP: <https://owasp.org/www-project-dependency-check/>, which downloads the NVD (so first run was slow) and scans all dependicies against that. I ran it from maven as part of the build.
wpollock|9 days ago