https://blog.lanyonm.org/articles/2015/12/22/continuous-security-owasp-java-vulnerability-check.html
https://jeremylong.github.io/DependencyCheck/dependency-check-maven/index.html
https://www.owasp.org/index.php/OWASP_Dependency_Check
https://nvd.nist.gov/vuln/data-feeds
just run
mvn dependency-check:check
and you get a great report with all the vulnerabilities in your dependencies.... fantastic! Even a Jenkins plugin is available, so you don't need to modify all your poms.
To install it as Jenkins Plugin, install these plugins:
http://updates.jenkins-ci.org/latest/dependency-check-jenkins-plugin.hpi
https://updates.jenkins.io/latest/token-macro.hpi
https://updates.jenkins.io/latest/analysis-core.hpi
https://updates.jenkins.io/latest/dashboard-view.hpi
https://updates.jenkins.io/latest/maven-plugin.hpi
http://updates.jenkins-ci.org/latest/apache-httpcomponents-client-4-api.hpi
http://updates.jenkins-ci.org/latest/javadoc.hpi
http://updates.jenkins-ci.org/latest/jsch.hpi
https://jeremylong.github.io/DependencyCheck/dependency-check-maven/index.html
https://www.owasp.org/index.php/OWASP_Dependency_Check
https://nvd.nist.gov/vuln/data-feeds
just run
mvn dependency-check:check
and you get a great report with all the vulnerabilities in your dependencies.... fantastic! Even a Jenkins plugin is available, so you don't need to modify all your poms.
To install it as Jenkins Plugin, install these plugins:
http://updates.jenkins-ci.org/latest/dependency-check-jenkins-plugin.hpi
https://updates.jenkins.io/latest/token-macro.hpi
https://updates.jenkins.io/latest/analysis-core.hpi
https://updates.jenkins.io/latest/dashboard-view.hpi
https://updates.jenkins.io/latest/maven-plugin.hpi
http://updates.jenkins-ci.org/latest/apache-httpcomponents-client-4-api.hpi
http://updates.jenkins-ci.org/latest/javadoc.hpi
http://updates.jenkins-ci.org/latest/jsch.hpi