Tag
dependency-resolution
Safeguard articles tagged "dependency-resolution" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Open Source Security
How Snyk resolves Maven and Gradle dependency graphs incl...
Snyk doesn't parse pom.xml or build.gradle statically -- it invokes real Maven and Gradle tooling to compute the exact dependency graph your build produces.
Aug 30, 20257 min read
Software Supply Chain Security
Maven Dependency Resolution Attacks: Exploiting Java's Build System
Maven's dependency resolution mechanism can be exploited through repository poisoning, dependency confusion, and POM manipulation. Here is what Java teams need to know.
Mar 5, 20235 min read