Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/
Apache License 2.0
517
stars
123
forks
source link
Improved log messages; Change of Maven plugin re: trans deps; Fix of deprecated API calls #529
The transitivity of app dependencies is established by examining the dependency trail, which avoids an inconsistency observed when using the deprecated method MavenProject.getDependencyArtifacts.
The use of deprecated APIs in JavaFileAnalyzer2 and InstrumentorFactory has been fixed.
Compilation with the maven-compiler-plugin makes use of the release parameter (instead of source and target, see here for more information), which implies that Steady can only be compiled with Java 9 or later versions.
The transitivity of app dependencies is established by examining the dependency trail, which avoids an inconsistency observed when using the deprecated method
MavenProject.getDependencyArtifacts.The use of deprecated APIs in
JavaFileAnalyzer2andInstrumentorFactoryhas been fixed.Compilation with the maven-compiler-plugin makes use of the
releaseparameter (instead ofsourceandtarget, see here for more information), which implies that Steady can only be compiled with Java 9 or later versions.TODOs