Up2Dep

Welcome to the Up2Dep project

Up2Dep is an Android Studio plugin that facilitates the task of keeping your project's library dependency up-to-date while avoiding insecure library versions.

News

21.01.2019
Version 2.0.3 is now available with bug fixes and performance improvement, you can download it here or go to Usage to see how it works, more info about new features here.

16.01.2019
Version 2.0.2 is now available with bug fixes due to API changes in Android Studio 3.3, you can download it here or go to Usage to see how it works, more info about new features here.

15.01.2019
Version 2.0.1 is now available that is compatible with Android Studio 3.3, you can download it here or go to Usage to see how it works, more info about new features here.

14.01.2019
Version 2.0.0 is now available with Insecure API usages inspection, you can download it here or go to Usage to see how it works, more info about new features here.

27.09.2018
Version 1.0.1 is now available with support for Android 3.2.

30.08.2018
Version 1.0.0 is now available with performance improved; Kotlin language support; more libraries (now 1,521 libraries in total).

16.07.2018
Version 0.1.0 is now available on Android Studio plugin's repository. Up2Dep now includes vulnerable (insecure) library versions check. Furthermore, this version includes additionally 349 Android libraries (2877 versions) into the existing database.

29.06.2018
Version 0.0.2 is now available on Android Studio plugin's repository.

28.06.2018
We have fixed a performance bug which duplicates the local sqlite file hence incurs unneccessary local space. We have updated Up2Dep with version 0.0.2 to JetBrains plugin's repository. Please wait for 1 or 2 days until it is available before trying out. Thanks to Martin for the bug report.

25.06.2018
Upcoming features: Security vulnerability check; Secondary dependecy support; Performance improvement

23.06.2018
We are happy to release the first prototype version of Up2Dep. Please refer to Usage to install and get to know how Up2Dep works.

Why should I use Up2Dep?

In comparing to Lint, Up2Dep offers the following support:
  • Keep your project's library dependency always up-to-date with a single click
  • Up2Dep takes care of the library API usage, and informs, guides you if an update may need code adjustment e.g, an used API is not available in the latest version of the library
  • In case, the latest version of the library is not compatible to your code any more, Up2Dep will find the latest compatible version for you
  • If a library is using insecure options of Java cryptographic APIs (Cryptographic API misuse), and your current code re-uses such code from the respective library, Up2Dep will notify you with information on what was wrong, and what is expected to be more secure from such library
  • Up2Dep respects your privacy, we only record anonymous information - NOT your code to improve Up2Dep, and we provide you the option to opt-out. Check here to know more about the information we gather
  • Up2Dep is non-commercial and will be made open sourced soon

How can I support this kind of research

Up2Dep is compeletely free to use. Our goal is to provide developers support so that they can write code easiler and more secure. We can only improve Up2Dep with your support. You can help us by doing the following things:

  • Provide us feedback when you find a check is useful or false positive, or not enough information etc.,
  • After you have used Up2Dep for a while, we would like to ask you to participate in a survey where we ask you about your Up2Dep experience. Please help us in filling out this survey

Issues tracker

If you use Up2Dep and find any bugs, please use this repo https://github.com/ngcuongst/up2dep to create issues, we appreciate your help.