CVE Scanning and Guided Remediation with OSV Scanner

Figure 1. OSV Scanner Security is a critical aspect of software development, and staying ahead of vulnerabilities is essential for us application developers. Google’s OSV Scanner is a powerful tool that helps detect vulnerabilities in open-source dependencies. This article will guide us through setting up and using OSV Scanner to secure our projects, scan for invalid licenses, scan OCI images and finally how to fix findings via guided remediation. ...

March 28, 2025 · 8 min · 1577 words · Micha Kops

Signing APK with the Maven-Jar-Signer Plugin

There is a nice Maven plugin helping you signing your Android app – the Maven Jar Signer Plugin. If you want to learn more about Maven integration in an android project take a look at this article. Maven Profile Setup Add the following code to your pom.xml <?xml version="1.0"?> <profiles> <profile> <id>sign</id> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jarsigner-plugin</artifactId> <version>1.2</version> <executions> <execution> <id>signing</id> <goals> <goal>sign</goal> </goals> <phase>package</phase> <inherited>true</inherited> <configuration> <archiveDirectory/> <includes> <include>target/*.apk</include> </includes> <keystore>path/to/keystore</keystore> <storepass>storepasword</storepass> <keypass>keypassword</keypass> <alias>key-alias</alias> </configuration> </execution> </executions> </plugin> <plugin> <groupId>com.jayway.maven.plugins.android.generation2</groupId> <artifactId>maven-android-plugin</artifactId> <inherited>true</inherited> <configuration> <sign> <debug>false</debug> </sign> </configuration> </plugin> </plugins> </build> </profile> </profiles> ...

April 17, 2010 · 1 min · 155 words · Micha Kops