1

New Research Report - Exploring the 2024 State of Software Quality

Group 370
2

Codacy Product Showcase: January 2025 - Learn About Platform Updates

Group 370
3

Join us at Manchester Tech Festival on October 30th

Group 370

Codacy Dependency Vulnerability Scanning Now Supports Java

In this article:
Subscribe to our blog:

 Late last year, we added insecure dependencies detection to Codacy, enabling our users to identify insecure open-source components used within their applications as either direct or transitive dependencies. 

Dependency vulnerability scanning in Codacy works via our integration with Trivy, an industry-leading open-source security scanner.

In the initial iteration of the integration, dependency scanning worked with several popular languages, including Javascript/Typescript, C/C++, C#, Python, and more. 

codacy insecure dependency scanning

We’re thrilled to announce that dependency vulnerability scanning now supports Java as well! Trivy scans pom.xml and gradle.lockfile, files that play crucial roles in managing project dependencies and build processes for popular Java build automation tools Maven and Gradle, respectively.

For the complete list of supported languages, check out Codacy's supported languages and tools. This blog post explains in more detail how dependency vulnerability scanning works in Codacy. 

Want to stay on top of all of the great new features we’re constantly adding to Codacy Quality and Security? Register for our next Product Showcase on July 9 so you don’t miss out! 

If you’re a Java developer who’s been waiting to try out Codacy’s insecure dependency scanning capabilities, sign up for a free trial today.

RELATED
BLOG POSTS

Codacy Vulnerability Scanning Now Includes Insecure Dependencies Detection
As recently announced during our latest Product Showcase, our team is invested in developing new and exciting Codacy security features.
Platform Update: Introducing Our New Coverage Page 
Code coverage is essential because it measures how much of your code is executed during testing, helping you to ensure that critical paths and...
A Deep Dive Into OWASP Dependency-Check
Modern software heavily relies on open-source libraries and tools. GitHub reports that over 90% of modern applications leverage them to accelerate...

Automate code
reviews on your commits and pull request

Group 13