How to check third party libraries vulnerability while creating java application? [on hold]
Question
When you build application in Java it may need various third party libraries to perform certain thing. How we can perform security check on those libraries before utilizing it.
Is there any mechanisms or tools available to perform security check?
2 answers
solution1
0 2019-10-10 12:58:19
There are tool present to have a check on open source jars available. I am not sure how much accurate response they actually give. I tried for few of the jars.
Below is the link of the tool that i tried -
https://en.wikipedia.org/wiki/OWASP
Further you can also go through the following link -
https://dzone.com/articles/dependencies-its-not-just-your-code-you-need-to-se
solution2
0 2019-10-10 14:02:18
There are several alternatives on the market, coming with a different price tag.
OWASP offers Maven and Gradle plugins for dependency check. These look up the jars in vulnerability databases. This is a free solution.
JFrog and Sonatype offer solutions that come along with their Maven repositories (Artifactory or Nexus) that make these checks.
There are other solutions as well, like Snyk or Checkmarx.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.