Secure Code you own this product

basic Java • basic Spring and Spring Boot • basic Docker and Docker Compose • REST principles • basic microservices • basic Maven • basic Jenkins
skills learned
use Dependency-Check to identify the vulnerabilities in a microservice on your local machine or in your pipeline • use Dependency-Track to identify vulnerabilities between different microservices in one place and to add rules to define a quality gate for the security issues • add analysis in the Jenkins pipeline
Andres Sacco
1 week · 4-6 hours per week · INTERMEDIATE

pro $24.99 per month

  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose one free eBook per month to keep
  • exclusive 50% discount on all purchases

lite $19.99 per month

  • access to all Manning books, including MEAPs!


5, 10 or 20 seats+ for your team - learn more

Look inside

You’re a senior developer at Travel World Agency (TWA). As its success has grown, so have computing costs. But before introducing potentially disruptive cost-cutting measures into its next-gen system running on Amazon Web Services (AWS), it needs to improve the quality of its microservices. Your task is to detect possible security problems using Sonar, then use Dependency-Check and Dependency-Track to analyze the dependencies and add rules to define how many vulnerabilities your microservices might have with the ongoing execution of the pipeline.

This project is designed for learning purposes and is not a complete, production-ready application or solution.

project author

Andres Sacco

Andres Sacco is a technical leader at Prisma. He has experience with many programming languages including Java, PHP, and Node.js. At his previous job, Andres helped find alternative ways to optimize data transfers between microservices, which reduced the cost of infrastructure by fifty-five percent. A co-author of Beginning Scala 3, published by Apress, Andres has also dictated internal courses about new technologies and shared his expertise in articles on Medium.


This liveProject is for Java developers who are interested in learning different ways to implement security validations in their microservices. To begin this liveProject, you should be familiar with the following:

  • Any Java IDE: Eclipse, IntelliJ IDEA, Visual Studio Code
  • Basic Maven
  • Basic Spring and Spring Boot
  • Basic Docker and Docker Compose
  • Basic Jenkins
  • Basic Java
  • Basic Spring Boot and how to add new modules
  • Basic Docker and Docker Compose commands
  • REST principles
  • Basic knowledge of microservices


You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from other participants and our expert mentors.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
book resources
Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.

choose your plan


only $41.67 per month
  • five seats for your team
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free product every time you renew
  • choose twelve free products per year
  • exclusive 50% discount on all purchases
  • Secure Code project for free