In this short informational blog post we would like to
- reference 2 tools that check for outdated libraries.
Staying up to date
We recommend to regularly check whether new library versions are available. Ideally, one project member should subscribe to security or announcements newsletters of vital third-party dependencies (if such channels exist). Of course, this task of manually staying up to date is tedious and prone to incidents slipping through the net. Hence, we additionally recommend two little tools here which help to recognise whether outdated third-party libraries are used. Both tools are free software.
OWASP Dependency Check
In this regard, we also recommend using “OWASP Dependency Check” . This utility scans a project for dependencies (e.g. all jar files in the project path) and checks those against vulnerability databases (e.g. the well-known NIST CVE database ). Currently, it primarily aims at Java and .NET projects. In addition to the simple usage as a command line tool, Dependency Check can be integrated into the automated build process (plugins for Maven, Ant, Gradle and Jenkins are available).