Thursday, November 24, 2022

Identify security vulnerabilities in Intellij environment

Security vulnerabilities are visibile only during the Trivy scan as a part of github actions and that can eat a lot of your time fixing one by one. Solution is :- Latest version of Intellij will give you hints about security vulnerabilities for dependencies in the pom and it can automatically upgrade with one click. That will save a lot of your time. In addition if there some dependency which you are not sure about where it has been used in the application which is flagged by Trivy Scan then you can use
mvn compile dependency:tree
to find the dependencies at compile time.
Posted by at No comments:
Subscribe to: Posts (Atom)