security issues analysis via mvn dependency-check:check and better report

Question

Within maven project, I can do

mvn dependency-check:check

for the tools to download NVD CVE security issues database, analyze and show report, what dependencies have known security issues.

However, as solution would be update several dependencies e.g. via Spring Boot update, I would like to see how many security issues would be solved that one. E.g. updating from x.y.5 to x.y.10 will solve n security issues:

Or better for every security issue, what is version that solves it.

score 0 · Answer 1 · answered Apr 05 '23 at 16:36

0

Well, so far I have found no better way, then to clone project again, update some dependencis and run mvn dependency-check:check again, and then copy 1st and 2nd reports in one place and compare.

answered Apr 05 '23 at 16:36

Paul Verest

60,022
51
208
332

security issues analysis via mvn dependency-check:check and better report

1 Answers1