maven
Safeguard articles tagged "maven" — guides, analysis, and best practices for software supply chain and application security.
20 articles
Jenkins + Maven Integration Security
Jenkins is still the most common Maven build driver in enterprise Java shops. It is also where most supply chain incidents start. Here is what to change before it becomes your problem.
Maven Plugin Verification: Securing Your Java Build Pipeline
Maven plugins execute during your build with full JVM access. Here is how to verify they are legitimate and have not been tampered with.
Maven Enforcer Plugin Security Rules
Maven Enforcer is a blunt instrument most teams underuse. Here is how to turn it into a supply chain guardrail that blocks bad versions, bad repositories, and bad dependency graphs before they ship.
How to Generate SBOMs From Maven Projects
Produce accurate CycloneDX SBOMs from Maven builds using the official plugin, handle multi-module reactors, and ship attested SBOMs alongside your JARs.
Maven Plugin Verification: Trusting Your Build-Time Dependencies
Maven plugins execute during your build with full system access. Verifying them is harder than verifying runtime dependencies, and most teams skip it.
Java Maven and Gradle Dependency Security
How to secure your Java dependency chain across Maven and Gradle builds, from signature verification to repository management.
Maven Dependency Resolution Attacks: Exploiting Java's Build System
Maven's dependency resolution mechanism can be exploited through repository poisoning, dependency confusion, and POM manipulation. Here is what Java teams need to know.
Package Manager Security: npm, pip, and Maven Compared
Each package manager has its own security model, attack surface, and best practices. This guide compares npm, pip, and Maven from a supply chain security perspective.