Skip to content

Dependency Usage Evidence is Not Working for Java #558

New issue
New issue
Open
Customer Issue
Open
Dependency Usage Evidence is Not Working for Java#558
Customer Issue
Labels
good first issueGood for newcomershacktoberfest
@abhisek

Description

@abhisek
abhisek
opened on Aug 11, 2025

The Dependency Usage evidence collection is not working for Java. This feature is documented at: https://docs.safedep.io/guides/dependency-usage-identification

Internally, it uses our CAF: https://github.com/safedep/code/tree/main/plugin/depsusage

The depsusage plugin in turn produces a PackageHint using which vet identifies if a package is actually used in code. For Java, we consider a package name as group:name, example: org.spring:package-1 but CAF seems to be producing a different package hint.

Need investigation and a possible fix approach.

Ref: #556

Metadata

Metadata

Assignees

No one assigned

    Labels

    good first issueGood for newcomershacktoberfest

    Type

    Customer Issue

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions