Codacy Dependency Vulnerability Scanning Now Supports Java

In this article:
Subscribe to our blog:

 Late last year, we added insecure dependencies detection to Codacy, enabling our users to identify insecure open-source components used within their applications as either direct or transitive dependencies. 

Dependency vulnerability scanning in Codacy works via our integration with Trivy, an industry-leading open-source security scanner.

In the initial iteration of the integration, dependency scanning worked with several popular languages, including Javascript/Typescript, C/C++, C#, Python, and more. 

codacy insecure dependency scanning

We’re thrilled to announce that dependency vulnerability scanning now supports Java as well! Trivy scans pom.xml and gradle.lockfile, files that play crucial roles in managing project dependencies and build processes for popular Java build automation tools Maven and Gradle, respectively.

For the complete list of supported languages, check out Codacy's supported languages and tools. This blog post explains in more detail how dependency vulnerability scanning works in Codacy. 

Want to stay on top of all of the great new features we’re constantly adding to Codacy Quality and Security? Register for our next Product Showcase on July 9 so you don’t miss out! 

If you’re a Java developer who’s been waiting to try out Codacy’s insecure dependency scanning capabilities, sign up for a free trial today.

RELATED
BLOG POSTS

Codacy Vulnerability Scanning Now Includes Insecure Dependencies Detection
As recently announced during our latest Product Showcase, our team is invested in developing new and exciting Codacy security features.
A Deep Dive Into OWASP Dependency-Check
Modern software heavily relies on open-source libraries and tools. GitHub reports that over 90% of modern applications leverage them to accelerate...
Software Dependency Management: A Complete Guide
Imagine you're assembling a wardrobe. The manual guides you through each step, but the success of your endeavor also depends on the suitable screws,...

Automate code
reviews on your commits and pull request

Group 13