I am getting increased scrutiny for some of my enterprise apps based on possible library and supply chain vulnerabilities.
I've used Snyk, Akido and Beagle but they dont really understand how B4J works so I get mixed results.
Anyway, I've built my own scanner (B4J Scanner) that resolves dependencies for a B4J project (based on libraries used, their dependencies and also class paths). It created a software bill of materials (SBOM) and uses OSV (https://osv.dev) to scan for vulnerable libraries.
Anyone interested in this?
Example scan below.
I've used Snyk, Akido and Beagle but they dont really understand how B4J works so I get mixed results.
Anyway, I've built my own scanner (B4J Scanner) that resolves dependencies for a B4J project (based on libraries used, their dependencies and also class paths). It created a software bill of materials (SBOM) and uses OSV (https://osv.dev) to scan for vulnerable libraries.
Anyone interested in this?
Example scan below.
Last edited:
