Late to the game here, as I see this was merged today...

The addition of the Gradle versions plugin is good and hopefully we can go
farther down the path of dependency scanning by adding security as well.
Currently, GitHub has this setup for Ruby and JavaScript [1], however it is
lacking Java dependencies. Until GitHub can support Java dependencies, I
would suggest we look at other tools, such as [2], for tracking our
dependencies with security vulnerabilities.



On Fri, Feb 9, 2018 at 4:06 PM, Anthony Baker <> wrote:

> Hi all,
> I’ve got a PR [1] open that updates lots of dependencies.  Please review
> and let me know if you have any concerns.  I’d like to merge it early next
> week barring any objections.
> Thanks,
> Anthony
> [1] <

Reply via email to