[idea] OWASP_Dependency_Check
(idea)
Include the OWASP dependency-check into the build-chain.
https://www.owasp.org/index.php/OWASP_Dependency_Check
It helps to check for known broken stuff, which already has a CVE-number assigned.
Works also for .jar 's.
(some random page) describing it a bit better: http://www.hascode.com/2017/10/detecting-vulnerable-dependencies-with-maven-and-the-owasp-dependency-check-plugin/
(as of some reading, the jenkins-plugin for that might be a install-only :-/ )