Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
bpavuk
60 days ago
|
parent
|
context
|
favorite
| on:
Turn Dependabot off
is there a `govulncheck`-like tool for the JVM ecosystem? I heard Gradle has something like that in its ecosystem.
search revealed Sonatype Scan Gradle plugin. how is it?
wpollock
60 days ago
[–]
It's been a few years, but for Java I used OWASP: <
https://owasp.org/www-project-dependency-check/
>, which downloads the NVD (so first run was slow) and scans all dependicies against that. I ran it from maven as part of the build.
Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
search revealed Sonatype Scan Gradle plugin. how is it?