A GitHub Action for verifying Gradle Wrapper JAR files has been released to address a supply chain security risk. The gradle-wrapper.jar binary is checked into nearly 2.8 million GitHub repositories, making it an attractive target for attackers who could embed malicious code inside a seemingly legitimate wrapper update PR. The
Table of contents
Table of ContentsIntroductionGradle Wrapper in Open Source #Verifying the Gradle Wrapper #Securing Your Project #Resources #DiscussSort: