Best practices for managing Java dependencies

This page summarizes the projects mentioned and recommended in the original post on /r/java
scorecard Security security-scorecards Monitor Snyk

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • cli

    Snyk CLI scans and monitors your projects for security vulnerabilities. (by snyk)

    • Nice article, I only don't agree with the section: ARE THERE SECURITY ISSUES WITH MY JAVA DEPENDENCIES? as Snyk does not give a correct report. It includes test dependencies which should be ignored, but that is not happening. I raised an issue here: https://github.com/snyk/cli/issues/1574 and after 2 years it is still not resolved. I was using Snyk, but I removed it after waiting 2 years for a fix which didn't happen...

  • scorecard

    OpenSSF Scorecard - Security health metrics for Open Source

    • I recommend using https://deps.dev to get a feeling for what you are bringing into your project. It also integrates with OSSF Scorecards, which gives a good overview over how healthy the project is, and whether it employs industry best practices.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts