Dependency-Check Core

Dependency-Check Core

dependency-check-core is the engine and reporting tool used to identify and report if there are any known, publicly disclosed vulnerabilities in the scanned project's dependencies. The engine extracts meta-data from the dependencies and uses this to do fuzzy key-word matching against the Common Platfrom Enumeration (CPE), if any CPE identifiers are found the associated Common Vulnerability and Exposure (CVE) entries are added to the generated report.

Compile зависимости (38)

Группа / Артифакт Версия Более новая версия
us.springett » cpe-parser 2.1.0 Нет
org.apache.commons » commons-jcs3-core 3.2 Нет
com.fasterxml.jackson.module » jackson-module-afterburner 2.16.1 2.17.1
org.apache.commons » commons-collections4 4.4 RELEASE
commons-validator » commons-validator 1.8.0 Нет
org.apache.lucene » lucene-queryparser 8.11.3 Нет
org.apache.commons » commons-compress 1.26.1 Нет
org.glassfish » javax.json 1.1.4 RELEASE
com.fasterxml.jackson.core » jackson-databind 2.16.1 2.17.1
org.apache.lucene » lucene-analyzers-common 8.11.3 Нет
org.apache.lucene » lucene-core 8.11.3 Нет
org.apache.commons » commons-lang3 3.14.0 Нет
org.anarres.jdiagnostics » jdiagnostics 1.0.7 Нет
commons-io » commons-io 2.16.1 Нет
org.semver4j » semver4j 5.3.0 Нет
com.github.package-url » packageurl-java 1.5.0 Нет
commons-beanutils » commons-beanutils 1.9.4 Нет
org.eclipse.packager » packager-rpm 0.19.0 Нет
org.slf4j » slf4j-api 1.7.36 2.0.12
io.github.jeremylong » open-vulnerability-clients 6.0.1 Нет
org.apache.commons » commons-text 1.12.0 Нет
com.h2database » h2 2.1.214 2.1.210
com.github.spotbugs » spotbugs-annotations 4.8.5 Нет
com.fasterxml.jackson.dataformat » jackson-dataformat-yaml 2.16.1 2.17.1
com.fasterxml.jackson.datatype » jackson-datatype-jsr310 2.16.1 2.17.1
org.apache.commons » commons-dbcp2 2.12.0 Нет
org.owasp » dependency-check-utils 9.2.0 10.0.1
com.moandjiezana.toml » toml4j 0.7.2 Нет
org.jsoup » jsoup 1.17.2 Нет
com.fasterxml.jackson.module » jackson-module-blackbird 2.16.1 2.17.1
com.hankcs » aho-corasick-double-array-trie 1.2.3 Нет
org.whitesource » pecoff4j 0.0.2.1 Нет
com.google.guava » guava 32.1.3-jre Нет
com.h3xstream.retirejs » retirejs-core 3.0.4 Нет
org.apache.velocity » velocity-engine-core 2.3 Нет
org.sonatype.ossindex » ossindex-service-client 1.8.2 Нет
io.github.jeremylong » jcs3-slf4j 1.0.5 Нет
org.jetbrains » annotations 24.1.0 Нет

Test зависимости (27)

Группа / Артифакт Версия Более новая версия
org.mortbay.jetty » jetty 6.1.0 6.1.26
com.google.inject » guice 3.0 7.0.0
org.springframework » spring-webmvc 2.5.5 6.0.22
org.dojotoolkit » dojo-war 1.3.0 1.17.3
org.jslipc » jslipc 0.2.0 0.2.3
org.apache.geronimo.daytrader » daytrader-ear 2.1.7 Нет
uk.ltd.getahead » dwr 1.1.1 Нет
io.github.faob-dev » aar 1.0.0 Нет
xalan » xalan 2.7.0 2.7.2
org.apache.lucene » lucene-test-framework 8.11.3 Нет
org.apache.struts » struts2-core 2.1.2 2.5.26
com.thoughtworks.xstream » xstream 1.4.8 1.4.18
org.glassfish.main.admingui » war 4.0 6.2.2
org.jmockit » jmockit 1.49 Нет
junit » junit 4.13.2 Нет
net.sf.ehcache » ehcache-core 2.2.0 RELEASE
commons-fileupload » commons-fileupload 1.2.1 1.4
org.hamcrest » hamcrest 2.2 RELEASE
org.apache.axis2 » axis2-adb 1.4.1 1.7.8
org.apache.maven.scm » maven-scm-provider-cvsexe 1.8.1 1.11.2
org.apache.openjpa » openjpa 2.0.1 3.2.0
org.mockito » mockito-core 4.11.0 5.12.0
org.springframework.retry » spring-retry 1.1.0.RELEASE 2.0.5
ch.qos.logback » logback-classic 1.2.11 1.5.5
com.hazelcast » hazelcast 2.5 5.3.5
org.apache.axis2 » axis2-spring 1.4.1 1.7.8
org.springframework.security » spring-security-web 3.0.0.RELEASE 6.2.4