Codacy Dependency Vulnerability Scanning Now Supports Java

In this article:
Subscribe to our blog:

 Late last year, we added insecure dependencies detection to Codacy, enabling our users to identify insecure open-source components used within their applications as either direct or transitive dependencies. 

Dependency vulnerability scanning in Codacy works via our integration with Trivy, an industry-leading open-source security scanner.

In the initial iteration of the integration, dependency scanning worked with several popular languages, including Javascript/Typescript, C/C++, C#, Python, and more. 

codacy insecure dependency scanning

We’re thrilled to announce that dependency vulnerability scanning now supports Java as well! Trivy scans pom.xml and gradle.lockfile, files that play crucial roles in managing project dependencies and build processes for popular Java build automation tools Maven and Gradle, respectively.

For the complete list of supported languages, check out Codacy's supported languages and tools. This blog post explains in more detail how dependency vulnerability scanning works in Codacy. 

Want to stay on top of all of the great new features we’re constantly adding to Codacy Quality and Security? Register for our next Product Showcase on July 9 so you don’t miss out! 

If you’re a Java developer who’s been waiting to try out Codacy’s insecure dependency scanning capabilities, sign up for a free trial today.

RELATED
BLOG POSTS

Codacy Vulnerability Scanning Now Includes Insecure Dependencies Detection
As recently announced during our latest Product Showcase, our team is invested in developing new and exciting Codacy security features.
A Deep Dive Into OWASP Dependency-Check
Modern software heavily relies on open-source libraries and tools. GitHub reports that over 90% of modern applications leverage them to accelerate...
Open Source License Scanning: A Complete Guide
Building software with open-source components isn’t always the best idea. Licenses dictate how you can use, change, or share these components. And if...

Automate code
reviews on your commits and pull request

Group 13