My build to fail when dependencies have security issues. DependencyCheck does this
My CI pipeline to offer solutions to update outdated dependencies. Dependabot does this
But I'm asking about either documentation, or an all-in-one solution for dependency management, and something good both at the command line (local devs), in a report (managers), or in the CI pipeline.
This is a very broad request, so any suggestions would be welcome so I can homebrew my own approach if nothing is out there.
I appreciate this plugin and the Maven version (https://github.com/apache/maven-jdeps-plugin). Maybe I should file this issue be tied into Apache?
What I'd like is:
But I'm asking about either documentation, or an all-in-one solution for dependency management, and something good both at the command line (local devs), in a report (managers), or in the CI pipeline.
This is a very broad request, so any suggestions would be welcome so I can homebrew my own approach if nothing is out there.