I am looking for a tool to generate a dependencies mapping graph for my java spring applications, so I can have visibilities of all the third-party dependencies that might pose a security threat and so I know when to upgrade or replace that particular library.
Thanks
Advertisement
Answer
Build tools allow drawing dependency graph to inspect your dependencies.
Gradle:
gradle dependencies
Maven:
mvn dependency:tree
To examine the security of your dependencies you can use the OWASP dependency check plugin.
Gradle: https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/
Maven: https://jeremylong.github.io/DependencyCheck/dependency-check-maven/