Eclipse maven plugin updating indexes
Dependency-check has a command line interface, a Maven plugin, an Ant task, and a Jenkins plugin.
The core engine contains a series of analyzers that inspect the project dependencies, collect pieces of information about the dependencies (referred to as evidence within the tool).
Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. NET are supported; additional experimental support has been added for Ruby, Node.js, Python, and limited support for C/C build systems (autoconf and cmake).
The tool can be part of a solution to the OWASP Top 10 2013 A9 - Using Components with Known Vulnerabilities.
The problem with using known vulnerable components was described very well in a paper by Jeff Williams and Arshan Dabirsiaghi titled, "The Unfortunate Reality of Insecure Libraries" (registration required).
The gist of the paper is that we as a development community include third party libraries in our applications that contain well known published vulnerabilities (such as those at the National Vulnerability Database).
It does everything we mention in this blog for you, and even tells you how much faster you’ve become!
It’s called Optimizer for Eclipse and you can check it out here.
Profiles are directly enabled with the -P flag, others are automatically activated based on platform used or a -D property being defined.
Maven provides a wide range of commands used to do everything from compiling a module to generating test coverage reports.
Most maven commands can be run from the root the source tree, or from a particular module.
When running a command from the root of the source tree, or from a directory that contains other modules the command will be run for all modules.
When running the command from a single module, it is run only for that module.
Oh and how about these awesome graphic that our design team did for us – Jetpack for Eclipse, Whoooosh!