Maartens Notebook

All notes tagged 'maven'

Automatic scan for known vulnerabilities in dependencies

When using third-party components (be it open source or not), we all know it’s a good practice to keep your frameworks and libraries up to date. This is also one of the spearhead in the OWASP Top 10 (2013 edition): A9 - Using Components with Known Vulnerabilities. To help you assess your projects status with regard to this, OWASP.org developed the tool Dependency Check. This tool is primarily intended code bases in Java, .NET, Ruby, Node.js, and Python. Integration with various build tools is also provided for.

Posted Aug 30, 2016. Read more...

Easily upgrade Java dependencies

To start with a cliche: the Java ecosystem continues to develop at a high pace. Various open source frameworks releasing versions, sometimes even multiple versions at the same time. This may quickly turn into a risk But how to deal with it?

Posted Jan 20, 2016. Read more...

Combining Docker and Maven

When you’re building Java or JVM-based software, chances are these days you’ll be deploying it inside Docker. Chances also are you’re building it with Maven. Now how do you combine the two? Of course, you could plumb together some scripts for the platform of your choice, but there’s a few disadvantages to that. First of all, it makes you platform-dependant: your build may not work - or behave differently - depending on the platform where you’re building. Secondly, it’s not very elegant, since it does not easily facilitate re-use. And in these days of microservices, we don’t want to be copying the same scripts over and over again. Thirdly, it requires the Docker binaries to be present on the system where you perform your build.

Posted Dec 2, 2015. Read more...