Safeguard
Tag

maven

Safeguard articles tagged "maven" — guides, analysis, and best practices for software supply chain and application security.

20 articles

DevSecOps

Jenkins + Maven Integration Security

Jenkins is still the most common Maven build driver in enterprise Java shops. It is also where most supply chain incidents start. Here is what to change before it becomes your problem.

Sep 8, 20247 min read
Software Supply Chain Security

Maven Plugin Verification: Securing Your Java Build Pipeline

Maven plugins execute during your build with full JVM access. Here is how to verify they are legitimate and have not been tampered with.

May 8, 20244 min read
Open Source Security

Maven Enforcer Plugin Security Rules

Maven Enforcer is a blunt instrument most teams underuse. Here is how to turn it into a supply chain guardrail that blocks bad versions, bad repositories, and bad dependency graphs before they ship.

Mar 25, 20247 min read
SBOM & Compliance

How to Generate SBOMs From Maven Projects

Produce accurate CycloneDX SBOMs from Maven builds using the official plugin, handle multi-module reactors, and ship attested SBOMs alongside your JARs.

Aug 5, 20234 min read
Software Supply Chain Security

Maven Plugin Verification: Trusting Your Build-Time Dependencies

Maven plugins execute during your build with full system access. Verifying them is harder than verifying runtime dependencies, and most teams skip it.

Apr 15, 20234 min read
Dependency Security

Java Maven and Gradle Dependency Security

How to secure your Java dependency chain across Maven and Gradle builds, from signature verification to repository management.

Mar 8, 20234 min read
Software Supply Chain Security

Maven Dependency Resolution Attacks: Exploiting Java's Build System

Maven's dependency resolution mechanism can be exploited through repository poisoning, dependency confusion, and POM manipulation. Here is what Java teams need to know.

Mar 5, 20235 min read
Supply Chain Security

Package Manager Security: npm, pip, and Maven Compared

Each package manager has its own security model, attack surface, and best practices. This guide compares npm, pip, and Maven from a supply chain security perspective.

Oct 8, 20228 min read
maven (Page 2) — Safeguard Blog