Roave / SecurityAdvisories

:closed_lock_with_key: Security advisories as a simple composer exclusion list, updated daily
MIT License
2.72k stars 105 forks source link

Java equivalent of `roave/security-advisories` #88

Closed carusogabriel closed 2 years ago

carusogabriel commented 2 years ago

Ciao 👋🏼

we use this library here at @usabilla with our PHP projects but with recent additions to the architecture, we now have Java dependencies to manage (amazing, no?).

We wonder if the maintainers also touch Java codebases in their daily jobs, and have some advice for us on what to use that yields similar results as roave/security-advisories 😁

Thank you!

Ocramius commented 2 years ago

Probably something like a maven dependency? :thinking:

I don't know if there's a concept like composer/composer's conflict declaration there.

Ocramius commented 2 years ago

Closing here: as much as I'd like to help, I'm unable to do so here.

carusogabriel commented 2 years ago

Probably something like a maven dependency?

Gradle in our case, but yes - that conflicts with non-secure versions.

I don't know if there's a concept like composer/composer's conflict declaration there.

We neither, but thanks for giving a hint :)

Closing here: as much as I'd like to help, I'm unable to do so here.

No worries, thanks!