[Java] Dependency management in Gradle

2020-12-31 C.H. Ling DevOps, Programming, Security 0

Dependency management is one of the topic in package management to ensure dependent library (jar / dll / etc) is no interference between each other and it caused compatibility problem. Besides, it can detect vulnerability in early stage by check library and used version is align with latest security standard.

In this article, I will use gradle project as example and list commands to check dependency.

  1. Install gradle plugin in project.
    In build.gradle, add line below and refresh gradle project.

    buildscript {
    repositories {
        mavenCentral()
    }
    dependencies {
        classpath 'org.owasp:dependency-check-gradle:6.0.3+'
    }
}
apply plugin: 'org.owasp.dependencycheck'
  2. Generate dependency report.
    In Terminal, move to project directory and input command below.

    gradle dependencyCheckUpdate dependencyCheckAnalyze

    It will update dependency database then analyst project dependency. Report will locate in %BUILD_DIR%\reports\dependency-check-report.html

  3. Check report.
    Go to %BUILD_DIR%\\reports\ and found dependency-check-report.html exists or not.

Reference

  1. https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/
About C.H. Ling 260 Articles
a .net / Java developer from Hong Kong and currently located in United Kingdom. Thanks for Google because it solve many technical problems so I build this blog as return. Besides coding and trying advance technology, hiking and traveling is other favorite to me, so I will write down something what I see and what I feel during it. Happy reading!!!
Website LinkedIn

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.