Tutorials

On this page, you will find tutorials to get you started with Macaron. The tutorials show Macaron in action, analyzing a software component and its dependencies that are built using GitHub Actions or GitLab. Macaron supports artifacts published on GitHub release, Maven Central, or privately hosted registries, such as JFrog. For the full list of supported technologies, such as CI services, registries, and provenance types see this page.

• Detecting a malicious Java dependency uploaded manually to Maven Central
• Analyzing and comparing different versions of an artifact
• Exclude and include checks in Macaron
• Generate Verification Summary Attestation