yogwoggf
commented
7 months ago For comparison, most projects simply use Maven Central which is reputable and has package vetting
Open yogwoggf opened 7 months ago
yogwoggf
commented
7 months ago For comparison, most projects simply use Maven Central which is reputable and has package vetting
Issue Type
Maven dependencies
Issue Description
There are lots of Maven dependencies which link to random servers across the world. Most of which have no disclosure statements about privacy or administration. These can easily lead to supply-chain attacks.
Example