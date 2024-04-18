Gradle will collaborate with GitHub on integrations and today released the first, a feature to help developers detect and manage project vulnerabilities

SAN FRANCISCO, April 18, 2024 (GLOBE NEWSWIRE) -- Gradle Inc ., the company behind Gradle Build Tool, the popular open-source Java build automation system, today announced a technical partnership with GitHub, the world’s leading AI-powered developer platform. Through the partnership, Gradle will integrate with GitHub to improve developer experience and promote best security practices among Gradle users. With this news, Gradle is also announcing its first integration from the new partnership, the Dependency Submission Action for Gradle , a feature to help users detect and manage vulnerabilities in project dependencies.



Over the past year, 91% of enterprises faced attacks to their software supply chains. Specifically, vulnerabilities in project dependencies are a major challenge, and it’s critical that developers are able to quickly detect potential security risks. Available for all Gradle projects on GitHub, the new Dependency Submission Action is an official, open-source GitHub action that generates complete and accurate information about dependencies. This allows developers using Gradle Build Tool to view their project dependencies in GitHub and receive GitHub Dependabot alerts when vulnerabilities are detected.

“Gradle is one of the most used build tools among GitHub users, and we're excited to continue to collaborate with them to improve supply chain security for the Gradle community. These updates to the Gradle Build Action will help millions of GitHub users improve the security of their apps by giving them better insights into their dependencies,” said Jon Janego, Senior Product Manager at GitHub.

Now, the many developers using Gradle Build Tool via GitHub can integrate Gradle Build Tool and GitHub vulnerability alerts and management tools to more easily ensure their software supply chains are secure.

“At Gradle, we’re focused on minimizing process bottlenecks and maximizing developer productivity,” said Piotr Jagielski, VP of Engineering at Gradle, Inc. “We’re excited to now officially partner with GitHub, one of the world's largest open-source ecosystems, to help developers streamline their workflows and protect their supply chain—all while bettering their developer experience.”

To learn more, visit the Gradle blog .

About Gradle

Gradle Inc. is the company behind the popular open-source Gradle Build Tool, which is downloaded over 40 million times a month, and the provider of the leading software solution for improving developer productivity and happiness called Develocity. Gradle is also pioneering the emerging practice of Developer Productivity Engineering . Elite development teams from companies like Netflix, LinkedIn, ASML, Airbnb, Microsoft, Nasdaq, SAP, and others, practice DPE to deliver quality software more rapidly at scale. They achieve this by leveraging Develocity’s innovative build and test performance acceleration technologies and analytics to proactively improve the reliability of the developer toolchain and make failure troubleshooting more efficient.

