Dependency-Check Core

Dependency-Check Core

dependency-check-core is the engine and reporting tool used to identify and report if there are any known, publicly disclosed vulnerabilities in the scanned project's dependencies. The engine extracts meta-data from the dependencies and uses this to do fuzzy key-word matching against the Common Platfrom Enumeration (CPE), if any CPE identifiers are found the associated Common Vulnerability and Exposure (CVE) entries are added to the generated report.

Compile зависимости (32)

Група / Артефакт Версия Нова Версия
commons-collections » commons-collections 3.2.2 На
org.apache.commons » commons-jcs-core 2.2.1 На
commons-beanutils » commons-beanutils 1.9.4 На
com.h3xstream.retirejs » retirejs-core 3.0.2 3.0.3
org.sonatype.ossindex » ossindex-service-client 1.6.0 1.8.0
com.fasterxml.jackson.module » jackson-module-afterburner 2.12.0 2.17.1
org.jetbrains » annotations 20.1.0 24.0.0
com.github.package-url » packageurl-java 1.1.1 1.4.2
com.google.guava » guava 30.1-jre 33.0.0-jre
com.hankcs » aho-corasick-double-array-trie 1.2.2 1.2.3
org.glassfish » javax.json 1.1.4 RELEASE
com.fasterxml.jackson.core » jackson-databind 2.12.0 2.17.1
org.apache.commons » commons-text 1.9 На
com.h2database » h2 1.4.199 2.1.210
org.apache.velocity » velocity-engine-core 2.2 На
org.jsoup » jsoup 1.13.1 1.17.1
commons-io » commons-io 2.8.0 2.11.0
com.sun.mail » mailapi 1.6.5 1.6.7
org.slf4j » slf4j-api 1.7.30 2.0.12
commons-validator » commons-validator 1.7 На
com.github.spotbugs » spotbugs-annotations 4.1.4 4.8.6
org.apache.lucene » lucene-queryparser 8.7.0 9.9.1
com.moandjiezana.toml » toml4j 0.7.2 На
org.owasp » dependency-check-utils 6.0.4 10.0.1
org.apache.lucene » lucene-core 8.7.0 9.9.1
org.apache.lucene » lucene-analyzers-common 8.7.0 8.10.1
com.vdurmont » semver4j 3.1.0 На
org.anarres.jdiagnostics » jdiagnostics 1.0.6 1.0.7
org.apache.commons » commons-lang3 3.11 3.12.0
us.springett » cpe-parser 2.0.2 2.0.3
org.whitesource » pecoff4j 0.0.2.1 На
org.apache.commons » commons-compress 1.20 1.21

Test зависимости (27)

Група / Артефакт Версия Нова Версия
net.sf.ehcache » ehcache-core 2.2.0 RELEASE
commons-fileupload » commons-fileupload 1.2.1 1.4
org.apache.axis2 » axis2-adb 1.4.1 1.7.8
com.thoughtworks.xstream » xstream 1.4.8 1.4.18
ch.qos.logback » logback-classic 1.2.3 1.5.5
xalan » xalan 2.7.0 2.7.2
org.glassfish.main.admingui » war 4.0 6.2.2
org.jmockit » jmockit 1.49 На
org.apache.struts » struts2-core 2.1.2 2.5.26
io.github.faob-dev » aar 1.0.0 На
org.hamcrest » hamcrest-core 2.2 На
org.dojotoolkit » dojo-war 1.3.0 1.17.3
org.springframework » spring-webmvc 2.5.5 6.0.22
org.apache.geronimo.daytrader » daytrader-ear 2.1.7 На
uk.ltd.getahead » dwr 1.1.1 На
org.jslipc » jslipc 0.2.0 0.2.3
org.apache.openjpa » openjpa 2.0.1 3.2.0
org.springframework.retry » spring-retry 1.1.0.RELEASE 2.0.5
org.apache.maven.scm » maven-scm-provider-cvsexe 1.8.1 1.11.2
org.mockito » mockito-core 3.6.28 5.12.0
junit » junit 4.13.1 4.13.2
org.apache.axis2 » axis2-spring 1.4.1 1.7.8
org.apache.lucene » lucene-test-framework 8.7.0 9.9.1
org.mortbay.jetty » jetty 6.1.0 6.1.26
com.hazelcast » hazelcast 2.5 5.3.5
org.springframework.security » spring-security-web 3.0.0.RELEASE 6.2.4
com.google.inject » guice 3.0 7.0.0