STEPSECURITY has introduced support for Maven in GitHub Checks and OSS Package Search, enabling enhanced security by blocking compromised Java dependencies in pull requests. This update aims to protect Java developers from supply chain attacks, similar to those historically targeting npm and PyPI ecosystems.
Key features include: 1) **Maven Package Compromised Updates** that prevent pull requests from merging if flagged dependencies are detected, and 2) **Maven Package Cooldown** that temporarily blocks recently published Maven versions. The OSS Package Search feature now allows users to track compromised Maven packages across different environments. Additional support for a Secure Registry and a Dev Machine Guard for Maven is also planned. Overall, these enhancements help to proactively safeguard Java's role in the software supply chain.