Dear Lazyweb! How do you manage keeping spring boot applications up to date?
We run an arseload of Java webapps. Our devs have taken a strong liking to spring boot, where everything including the Tomcat is uploaded as a JAR. A delight for them, but somewhat of a concern for the sysadmins who are the people first dealing with security issues.
So I've been asked to come up with recommendations to deal with this, and I haven't a clue as to how to do this other than laborious iterative checking, or automated versions thereof. Nor can I find recommendations.
Has anyone else got this problem or one like it? (Where applications are uploaded as a package that then runs.) What do you do?