Introducing Support for the Gradle Plugins Ecosystem in deps.dev
We’re excited to announce that deps.dev now supports the Gradle Plugins ecosystem, with over 15,000 new packages and 270,000 versions from plugins.gradle.org now indexed and available.
How can I use the data?
Gradle Plugin support adds to deps.dev’s existing support of Maven Central, Google Maven, and Jenkins Plugins. Gradle Plugins results can be accessed in the same manner as for the existing Maven repositories through the website, API, and BigQuery dataset.
Why does this matter?
Build tooling is a critical part of the software supply chain – vulnerabilities in build plugins can be as dangerous as those in application-level dependencies. By providing visibility into these plugins, deps.dev is one step closer to giving developers a more complete understanding of their project’s security posture.
Our analysis reveals that approximately 2% of Gradle plugin versions have known security vulnerabilities. This prevalence is notably higher than what we observe across the broader Maven ecosystem (≈1%) and other systems like PyPI (≈1%), underscoring that build dependencies can be a significant and concentrated source of security risk.
If you have any questions or feedback please reach out to us at depsdev@google.com, or by filing an issue on our GitHub repo.