Late last year, we added insecure dependencies detection to Codacy, enabling our users to identify insecure open-source components used within their applications as either direct or transitive dependencies.
Dependency vulnerability scanning in Codacy works via our integration with Trivy, an industry-leading open-source security scanner.
In the initial iteration of the integration, dependency scanning worked with several popular languages, including Javascript/Typescript, C/C++, C#, Python, and more.
We’re thrilled to announce that dependency vulnerability scanning now supports Java as well! Trivy scans pom.xml and gradle.lockfile, files that play crucial roles in managing project dependencies and build processes for popular Java build automation tools Maven and Gradle, respectively.
For the complete list of supported languages, check out Codacy's supported languages and tools. This blog post explains in more detail how dependency vulnerability scanning works in Codacy.
Want to stay on top of all of the great new features we’re constantly adding to Codacy Quality and Security? Register for our next Product Showcase on July 9 so you don’t miss out!
If you’re a Java developer who’s been waiting to try out Codacy’s insecure dependency scanning capabilities, sign up for a free trial today.
