Dependency Vulnerability Scanning Now Supports Java

In this article:
Subscribe to our blog:

 Late last year, we added insecure dependencies detection to Codacy, enabling our users to identify insecure open-source components used within their applications as either direct or transitive dependencies. 

Dependency vulnerability scanning in Codacy works via our integration with Trivy, an industry-leading open-source security scanner.

In the initial iteration of the integration, dependency scanning worked with several popular languages, including Javascript/Typescript, C/C++, C#, Python, and more. 

codacy insecure dependency scanning

We’re thrilled to announce that dependency vulnerability scanning now supports Java as well! Trivy scans pom.xml and gradle.lockfile, files that play crucial roles in managing project dependencies and build processes for popular Java build automation tools Maven and Gradle, respectively.

For the complete list of supported languages, check out Codacy's supported languages and tools. This blog post explains in more detail how dependency vulnerability scanning works in Codacy. 

Want to stay on top of all of the great new features we’re constantly adding to Codacy Quality and Security? Register for our next Product Showcase on July 9 so you don’t miss out! 

If you’re a Java developer who’s been waiting to try out Codacy’s insecure dependency scanning capabilities, sign up for a free trial today.

RELATED
BLOG POSTS

Introducing Codacy's Dependency Explorer
Managing dependencies across many repositories can feel like navigating a maze. With many libraries, versions, and licensing conflicts, it's easy to...
The Risks of Transitive Dependencies in Supply Chain Security
Transitive dependencies are libraries your chosen tools rely on to function—components you didn’t pick but that you still end up needing for your...
Celebrating a Year of Innovation: Codacy's 2024 Recap 
As we approach the end of 2024, it’s the perfect time to reflect on a transformative year for Codacy.

Automate code
reviews on your commits and pull request

Group 13