Gradle Inc. Partners with GitHub to Improve Software Supply Chain Security
April 18 2024 - 10:00AM
Gradle Inc., the company behind Gradle Build Tool, the popular
open-source Java build automation system, today announced a
technical partnership with GitHub, the world’s leading AI-powered
developer platform. Through the partnership, Gradle will integrate
with GitHub to improve developer experience and promote best
security practices among Gradle users. With this news, Gradle is
also announcing its first integration from the new partnership, the
Dependency Submission Action for Gradle, a feature to help users
detect and manage vulnerabilities in project dependencies.
Over the past year, 91% of enterprises faced attacks to their
software supply chains. Specifically, vulnerabilities in project
dependencies are a major challenge, and it’s critical that
developers are able to quickly detect potential security risks.
Available for all Gradle projects on GitHub, the new Dependency
Submission Action is an official, open-source GitHub action that
generates complete and accurate information about dependencies.
This allows developers using Gradle Build Tool to view their
project dependencies in GitHub and receive GitHub Dependabot alerts
when vulnerabilities are detected.
“Gradle is one of the most used build tools among GitHub users,
and we're excited to continue to collaborate with them to improve
supply chain security for the Gradle community. These updates to
the Gradle Build Action will help millions of GitHub users improve
the security of their apps by giving them better insights into
their dependencies,” said Jon Janego, Senior Product Manager at
GitHub.
Now, the many developers using Gradle Build Tool via GitHub can
integrate Gradle Build Tool and GitHub vulnerability alerts and
management tools to more easily ensure their software supply chains
are secure.
“At Gradle, we’re focused on minimizing process bottlenecks and
maximizing developer productivity,” said Piotr Jagielski, VP of
Engineering at Gradle, Inc. “We’re excited to now officially
partner with GitHub, one of the world's largest open-source
ecosystems, to help developers streamline their workflows and
protect their supply chain—all while bettering their developer
experience.”
To learn more, visit the Gradle blog.
About GradleGradle Inc. is the company behind
the popular open-source Gradle Build Tool, which is downloaded over
40 million times a month, and the provider of the leading software
solution for improving developer productivity and happiness called
Develocity. Gradle is also pioneering the emerging practice of
Developer Productivity Engineering. Elite development teams from
companies like Netflix, LinkedIn, ASML, Airbnb, Microsoft, Nasdaq,
SAP, and others, practice DPE to deliver quality software more
rapidly at scale. They achieve this by leveraging Develocity’s
innovative build and test performance acceleration technologies and
analytics to proactively improve the reliability of the developer
toolchain and make failure troubleshooting more efficient.
ContactLaunchSquad for Gradle,
gradle@launchsquad.com