检测依赖库是否被使用
剔除多余库
mvn dependency:tree dependency:analyze
检测依赖库最新版本
mvn versions:display-plugin-updates versions:display-dependency-updates
检测依赖库公共OWASP漏洞
配置maven文件:
<project>
...
<build>
...
<plugins>
...
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>6.2.2</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
...
</plugins>
...
</build>
...
</project>
使用Maven命令检测:
mvn verify
然后,/target/dependency-check-report.html
查看结果即可。