Do you ever wonder what OpenJDK distributions and what Java versions your peers are using? What Java versions?
Analyzing Dependencies in IntelliJ IDEA
Use IntelliJ IDEA to analyze dependencies in your project. Use the Dependency Analyzer to find specific dependencies, show conflicts and more, or use the Dependency Diagram in IntelliJ IDEA Ultimate.
Using Bots to Keep Dependencies Updated
Did you know bots can automatically create pull requests to keep dependencies secure and up to date?
Java Security: Log4J, the SecurityManager, and Funding
A demonstration of log4j exploits, which defenses people tried, and which worked. A look at open source funding models, subscriptions, and bug bounty programs to see why it’s sometimes hard to donate.
Mitigating Path Traversal Vulnerabilities in Java
Path traversal vulnerabilities are a serious threat to Java web applications, amongst the top security issues Snyk finds in Java code.
Predicting Secure Java Projects on Maven Central
Next time you’re considering a new Java library, look for the Sonatype Safety Rating on Maven Central to aid in your decision making.
How to Create SBOMs in Java with Maven and Gradle
Java is a compiled language, so you should create an SBOM whenever you build a release version of your application. Find out more here!
Authenticate with OpenID Connect and Apache APISIX
Externalizing your authentication process to a third party may be sensible, but you want to avoid binding your infrastructure to its proprietary process.
Making SBOMs, Threats, and Modelling Them a Piece of Cake!
The third article in a series on SBOMs, software supply chains, the government and you, introducing threat modelling and tools to help!
Java Serialization Filtering: Prevent 0-day Security Vulnerabilities
Simple configuration that requires no code change can save you from hacks such as Log4Shell, & from vulnerabilities we don’t know about yet!
Make Your Security Policy Auditable
Learn how you can leverage OPA and Apache APISIX to move your authentication and authorization logic from the code to the infrastructure.