Hi,
I would like to know if there’s any best practice or recommended way to scan an application written in Java that is not using any package manager.
Thanks in advance for any guidance!
Best answer by emilwareus
View originalWhat would be the best way to scan a Java application that is not using any package manager?
Userlevel 3
+1
Hi!
Debricked only support manifest-based scanning today, meaning that you we need a manifest-file such as pom.xml.
We do support SBOM-scanning, meaning if you are able to compile a list of open-source you are using in a CycloneDX file, we scan that file and enrich it with our license, health, and vulnerability data. If it is an option to create such a file for you, we are a good fit!
Reply
Create an account
You can create an account below using either single sign-on or a username/password. Already have an account? Log in
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.