Sonatype have just released the 9th edition of their State of the Software Supply Chain Report. I thought I’d pull out some highlights for Java Developers!
Using JLink to create smaller Docker images for your Spring Boot Java application
An in-depth exploration of utilizing JLink to optimize Docker image sizes, enhancing application security and performance.
Thread-Safe Counter in Java: A Comprehensive Guide
In this tutorial, we will explore the concept of thread safety in Java, specifically focusing on a simple counter.
Book Review: “OpenJDK Migration for Dummies”
Not just a technical manual, Simon Ritter’s new book is a companion on a journey through the complexities of OpenJDK migration.
SnakeYaml 2.0: Solving the unsafe deserialization vulnerability
In December of last year, we reported CVE-2022-1471 to you. This unsafe deserialization problem could easily lead to arbitrary code execution.
Understanding Security Vulnerabilities: A First Step in Preventing Attacks
What are the common vulnerabilities we need to be aware of? How do they look & how can we better protect ourselves from these common attacks?
Preventing Cross-Site Scripting (XSS) in Java applications with Snyk Code
By taking a proactive approach to XSS prevention and using the right resources and tools, developers can help ensure the security and integrity of their Java web applications.
State of Java Survey
Do you ever wonder what OpenJDK distributions and what Java versions your peers are using? What Java versions?
Analyzing Dependencies in IntelliJ IDEA
Use IntelliJ IDEA to analyze dependencies in your project. Use the Dependency Analyzer to find specific dependencies, show conflicts and more, or use the Dependency Diagram in IntelliJ IDEA Ultimate.
Using Bots to Keep Dependencies Updated
Did you know bots can automatically create pull requests to keep dependencies secure and up to date?
Java Security: Log4J, the SecurityManager, and Funding
A demonstration of log4j exploits, which defenses people tried, and which worked. A look at open source funding models, subscriptions, and bug bounty programs to see why it’s sometimes hard to donate.