There is a mature package management system in the Java world. Maven seems to be quite standard. I’ve made a sample project with Hibernate and Spring. One of the neat things I found out was that it’s quite easy to integrate OWASP checks. Following the guide to setup a simple way to be able to that your closed source system does not have any known vulnerabilities in dependencies.