You probably know Sonatype for our work in the Maven community, Nexus Repository Manager, and for hosting Central. You may not know that for the last 7 years we've also been leading the way in solutions that allow developers to innovate faster and be able to improve security, license compliance and architecture at the same time.
For years the primary domain for these concerns have been large enterprises and/or governance teams. We're seeing a new trend along with the #devsecops movement that brings concerns like the security posture of a 3rd party component into the forefront of concerns for developers. To further empower that trend, we've updated and relaunched OSS Index with the mission to provide information and APIs to the community -for free- to use in raising the security bar for everyone. Out of the box you can find a plugin to assess and optionally fail your build if components contain known vulnerabilities. If you're a fan of the Maven Enforcer Plugin, there's a rule for you too. I encourage you to check it out and if you're so inclined, grab the REST API and integrate it into your favorite tool. https://ossindex.sonatype.org Find the Maven Plugin docs here: https://sonatype.github.io/ossindex-maven/maven-plugin/ Find the Enforcer Plugin usage here: https://sonatype.github.io/ossindex-maven/enforcer-rules/ Report issues or ideas here: https://github.com/sonatype/ossindex-maven/issues --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@maven.apache.org For additional commands, e-mail: users-h...@maven.apache.org