Repost: Embedded Vulnerability Detection command line tool
by Grant Murphy
“The Victims project is a Red Hat initiative that aims to detect known vulnerable dependencies in Java projects and deployments. Our initial focus was Java projects that were built using Maven. The victims-enforcer plug-in for Maven provides developers with immediate feedback if any of their project dependencies contain known vulnerabilities. However, until recently we did not have a good solution for scanning deployments or tools that work outside of a typical build and release cycle. The alpha release of the victims client for Java hopes to fill this gap.
“The victims client for Java is a simple command line tool that presently has the ability to scan jar files, directories, and pom.xml files for known vulnerabilities. It also allows you to synchronize with the victims project infrastructure and control local settings.
“Getting started with the victims client for Java is relatively simple.”
Read the entire article: Embedded Vulnerability Detection command line tool | Red Hat Security.
Join the Red Hat Developer Program (it’s free) and get access to related cheat sheets, books, and product downloads.