Is there an equivalent for "npm outdated" / "npm audit" in Maven?

Asked Aug 04 '21 at 08:51

Active Aug 04 '21 at 08:51

Viewed 1,165 times

npm provides two useful commands for detecting outdated libraries:

npm outdated checks your package.json / package-lock.json for outdated libraries
npm audit runs a security audit; it only reports libraries with known vulnerabilities

Is there something equivalent in Maven for Java?

Notes:

According to this questions, Gradle does not support the npm outdated-functionality out-of-the-box, but there is the Grade Versions Plugin. Perhaps the equivalent Versions Maven Plugin could be used to used to provide npm outdated-like functionality, but I did not see that it can warn about security issues.
I am aware of solutions to integrate vulnerability scanning of the code in the CI systems, but I am looking for a simple mechanism like npm provides that does not require a lot of setup.

asked Aug 04 '21 at 08:51

Philipp Claßen

1

versions-maven-plugin is intended for your equivalent of `npm outdated` and for `npm audit` you have to do some setup because there are so many different services available (snyk, sonatype, owasp, SonarQube etc.) – khmarbaise Aug 04 '21 at 10:41
1

For `npm audit` check https://jeremylong.github.io/DependencyCheck/index.html – seenukarthi Aug 04 '21 at 12:51

0 Answers0