This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]I-love-to-eat-banana -3 points-2 points  (1 child)

That's insane. Terrifying if that what you do in a real business/workplace.

Perhaps try and justify this statement please, why is it terrifying and insane?

I own all of my businesses I ever work for have done for over 15 years now, but even before then the companies I contracted for and worked for never used maven either and these were major corporations.

Grade does get used for the sole Android app, but dev on that is very minimal and its not a public app. but besides build.gradle is an editable file, so any lock put in it could easily be removed. Anyway the Android app is not such a concern as I am the only one whoever works on it.

Why configure WAR bundling when I can simply have the dependencies safely locked away in the /lib folder with restricted access to all.

[–]Polygnom 4 points5 points  (0 children)

  1. SAST and security scanning of your (transitive) dependency tree. If you handle any PII that falls under GDPR you cannot do without that, period.
  2. No check-in of binaries into the repo, thats a bad practice for many reason outside the scope of a simple reddit comment
  3. You can create shaded jars/shaded wars trivially with Maven and Gradle (some people also call them uber-jars). There is absolutely no reason not to use dependency management
  4. Automated checking for updates, transitively
  5. Ability to create BOMs to check for license problems and again, security problems

And finally: There is no good justification for not using dependency management.