fireant is a Dependabot-like service (tailored to Apache Ant + Ivy projects) which creates pull requests to keep your dependencies secure and up-to-date.
Fireant achieves two things
- Vulnerability reduction: use existing tools to detect publicly disclosed security vulnerabilities associated with a project’s dependencies and establish a strategy for upgrading those dependencies.
- Automate dependency management: implement a Dependabot-like capability which creates pull requests to keep the project dependencies secure and up-to-date.
Upon completion of this project, Fireant will be contributed to the Nutch project. However, the intended audience of this open source repo extends further to outside organizations... really anyone with an Ant + Ivy build and dependency management system.
First, take a look at the general overview of the fireant codebase. After brief familiarization with the source code, take a shot at running fireant. This project also uses a Jenkins Pipeline to assist with automation.
If you have issue using fireant, please log a ticket in the Github issue tracker.
Contributions are always welcome!
Original authors
Fireant is licensed permissively under the Apache License v2.0 a copy of which ships with this project.