Any pointers on good options for the CI dependency check job would be appreciated And is there a Gradle plugin/task that can check Gradle dependencies against the CVE database? Thanks for any pointers
We use OWASP dependency-check in our CI pipeline. It's also available as a Gradle plugin and a standalone CLI tool.
owasp.org/www-project-dependency-c...
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Any pointers on good options for the CI dependency check job would be appreciated
And is there a Gradle plugin/task that can check Gradle dependencies against the CVE database?
Thanks for any pointers
We use OWASP dependency-check in our CI pipeline. It's also available as a Gradle plugin and a standalone CLI tool.
owasp.org/www-project-dependency-c...