Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 9.0.7Report Generated On : Mon, 8 Jan 2024 12:37:12 GMTDependencies Scanned : 34 (17 unique)Vulnerable Dependencies : 1 Vulnerabilities Found : 1Vulnerabilities Suppressed : 0 ... NVD API Last Checked : 2024-01-08T12:29:29ZNVD API Last Modified : 2024-01-08T12:15:46ZSummary Display:
Showing Vulnerable Dependencies (click to show all) Description:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.15.3/jackson-core-2.15.3.jar
MD5: c86c75392bf138d54d2a219bb1d0cbcd
SHA1: 60d600567c1862840397bf9ff5a92398edc5797b
SHA256: 51fab7aad51ed588482edc507fd542747936c5094d1ab76ed21ddb63b96b610d
Referenced In Project/Scope: jacoco-report-aggregate:compile
jackson-core-2.15.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name jackson-core High Vendor jar package name base Highest Vendor jar package name com Highest Vendor jar package name core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-core Highest Vendor pom artifactid jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-core Highest Product file name jackson-core High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name base Highest Product jar package name com Highest Product jar package name core Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name json Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest Bundle-Name Jackson-core Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest Implementation-Title Jackson-core High Product Manifest multi-release true Low Product Manifest specification-title Jackson-core Medium Product pom artifactid jackson-core Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-core High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson-core High Version file version 2.15.3 High Version Manifest Bundle-Version 2.15.3 High Version Manifest Implementation-Version 2.15.3 High Version pom version 2.15.3 Highest
Related Dependencies jackson-annotations-2.15.3.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.15.3/jackson-annotations-2.15.3.jar MD5: f478f693731e4a2f0f0d3c7bba119b32 SHA1: 79baf4e605eb3bbb60b1c475d44a7aecceea1d60 SHA256: aae865c3d88256d61b11523cb1e88bd48d5b9ad5855fa1fc859504fd2204708a pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.15.3 jackson-datatype-jdk8-2.15.3.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jdk8/2.15.3/jackson-datatype-jdk8-2.15.3.jar MD5: 3b6579ff944e128c4eccb34e76ff67e0 SHA1: 80158cb020c7bd4e4ba94d8d752a65729dc943b2 SHA256: 29995d3677f72dde74bf32bbf268b96beb952492b742d93f4c70af6c44b2156e pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.15.3 jackson-datatype-jsr310-2.15.3.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.15.3/jackson-datatype-jsr310-2.15.3.jar MD5: acd8ae6da000eb831a69b4acdc182b7f SHA1: 4a20a0e104931bfa72f24ef358c2eb63f1ef2aaf SHA256: bea1d78009ebc4e5d54918a3f7aec5da9fbd09f662c191a217ffcf37e8527c5e pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.15.3 jackson-module-parameter-names-2.15.3.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/com/fasterxml/jackson/module/jackson-module-parameter-names/2.15.3/jackson-module-parameter-names-2.15.3.jar MD5: 495868f770056602bfe13ea781656f03 SHA1: 8d251b90c5358677e7d8161e0c2488e6f84f49da SHA256: baf1a3156a23cb407e05374161a07ed8560f78a7ae249955de04a9a2fa2d0f2b pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.15.3 Description:
General data-binding functionality for Jackson: works on core streaming API
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.15.3/jackson-databind-2.15.3.jar
MD5: 5f453c55f127690fa8491ce347aa055c
SHA1: a734bc2c47a9453c4efa772461a3aeb273c010d9
SHA256: c3c53333a2172a80678bda1803e39cff45bec6ae3e9c7d4f44a81ec4e2ab18dc
Referenced In Project/Scope: jacoco-report-aggregate:compile
jackson-databind-2.15.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name jackson-databind High Vendor jar package name databind Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-databind Highest Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-databind High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name databind Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name jackson-databind Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest Implementation-Title jackson-databind High Product Manifest multi-release true Low Product Manifest specification-title jackson-databind Medium Product pom artifactid jackson-databind Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name jackson-databind High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.15.3 High Version Manifest Bundle-Version 2.15.3 High Version Manifest Implementation-Version 2.15.3 High Version pom version 2.15.3 Highest
CVE-2023-35116 suppress
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker. CWE-770 Allocation of Resources Without Limits or Throttling
CVSSv3:
Base Score: MEDIUM (4.7) Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A References:
Vulnerable Software & Versions:
Description:
Jakarta Annotations API
License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/jakarta/annotation/jakarta.annotation-api/2.1.1/jakarta.annotation-api-2.1.1.jar
MD5: 5dac2f68e8288d0add4dc92cb161711d
SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3
SHA256: 5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe
Referenced In Project/Scope: jacoco-report-aggregate:compile
jakarta.annotation-api-2.1.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name jakarta.annotation-api High Vendor jar package name annotation Highest Vendor jar package name jakarta Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.annotation-api Medium Vendor Manifest extension-name jakarta.annotation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.annotation-api Highest Vendor pom artifactid jakarta.annotation-api Low Vendor pom developer name Dmitry Kornilov Medium Vendor pom developer name Linda De Michiel Medium Vendor pom developer org Oracle Corp. Medium Vendor pom groupid jakarta.annotation Highest Vendor pom name Jakarta Annotations API High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.ca Highest Product file name jakarta.annotation-api High Product jar package name annotation Highest Product jar package name jakarta Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Annotations API Medium Product Manifest bundle-symbolicname jakarta.annotation-api Medium Product Manifest extension-name jakarta.annotation Medium Product pom artifactid jakarta.annotation-api Highest Product pom developer name Dmitry Kornilov Low Product pom developer name Linda De Michiel Low Product pom developer org Oracle Corp. Low Product pom groupid jakarta.annotation Highest Product pom name Jakarta Annotations API High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://projects.eclipse.org/projects/ee4j.ca Medium Version file version 2.1.1 High Version Manifest Bundle-Version 2.1.1 High Version Manifest Implementation-Version 2.1.1 High Version pom parent-version 2.1.1 Low Version pom version 2.1.1 Highest
Description:
JUL to SLF4J bridge
License:
http://www.opensource.org/licenses/mit-license.php File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/slf4j/jul-to-slf4j/2.0.9/jul-to-slf4j-2.0.9.jar
MD5: 24f86e89ee3f71ea91f644150c507740
SHA1: 09ef7c70b248185845f013f49a33ff9ca65b7975
SHA256: 69b4e5f8d3bd3f6f54367d19f2c1ee95dd5877802f12d868282e218dd76b00bf
Referenced In Project/Scope: jacoco-report-aggregate:compile
jul-to-slf4j-2.0.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name jul-to-slf4j High Vendor jar package name bridge Highest Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 20 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname jul.to.slf4j Medium Vendor Manifest multi-release true Low Vendor pom artifactid jul-to-slf4j Highest Vendor pom artifactid jul-to-slf4j Low Vendor pom groupid org.slf4j Highest Vendor pom name JUL to SLF4J bridge High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name jul-to-slf4j High Product jar package name bridge Highest Product jar package name slf4j Highest Product Manifest build-jdk-spec 20 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name JUL to SLF4J bridge Medium Product Manifest bundle-symbolicname jul.to.slf4j Medium Product Manifest Implementation-Title jul-to-slf4j High Product Manifest multi-release true Low Product pom artifactid jul-to-slf4j Highest Product pom groupid org.slf4j Highest Product pom name JUL to SLF4J bridge High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.9 High Version Manifest Bundle-Version 2.0.9 High Version Manifest Implementation-Version 2.0.9 High Version pom version 2.0.9 Highest
Description:
The Apache Log4j API
License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/apache/logging/log4j/log4j-api/2.21.1/log4j-api-2.21.1.jar
MD5: b5e9bf76dd128b37666ecd9a252b50ec
SHA1: 74c65e87b9ce1694a01524e192d7be989ba70486
SHA256: 1db48e180881bef1deb502022006a025a248d8f6a26186789b0c7ce487c602d6
Referenced In Project/Scope: jacoco-report-aggregate:compile
log4j-api-2.21.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name log4j-api High Vendor jar package name apache Highest Vendor jar package name log4j Highest Vendor jar package name logging Highest Vendor jar package name org Highest Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Vendor Manifest multi-release true Low Vendor Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.util.PropertySource";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.EnvironmentPropertySource",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.SystemPropertiesPropertySource" Low Vendor pom artifactid log4j-api Highest Vendor pom artifactid log4j-api Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j API High Vendor pom parent-artifactid log4j Low Product file name log4j-api High Product jar package name apache Highest Product jar package name log4j Highest Product jar package name logging Highest Product jar package name org Highest Product jar package name util Highest Product Manifest bundle-activationpolicy lazy Low Product Manifest Bundle-Name Apache Log4j API Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Product Manifest multi-release true Low Product Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.util.PropertySource";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.EnvironmentPropertySource",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.SystemPropertiesPropertySource" Low Product pom artifactid log4j-api Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j API High Product pom parent-artifactid log4j Medium Version file version 2.21.1 High Version Manifest Bundle-Version 2.21.1 High Version pom version 2.21.1 Highest
Description:
The Apache Log4j binding between Log4j 2 API and SLF4J.
License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.21.1/log4j-to-slf4j-2.21.1.jar
MD5: 00b957af4a40bea6a7bf61400b6ccf63
SHA1: d77b2ba81711ed596cd797cc2b5b5bd7409d841c
SHA256: de143c565ba78b0f2c0be58f132c7aec75e6e1a10845ebda5a4f17c2a35d9990
Referenced In Project/Scope: jacoco-report-aggregate:compile
log4j-to-slf4j-2.21.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name log4j-to-slf4j High Vendor jar package name apache Highest Vendor jar package name logging Highest Vendor jar package name slf4j Highest Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.to.slf4j Medium Vendor Manifest multi-release false Low Vendor Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.slf4j.SLF4JProvider" Low Vendor pom artifactid log4j-to-slf4j Highest Vendor pom artifactid log4j-to-slf4j Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j to SLF4J Adapter High Vendor pom parent-artifactid log4j Low Product file name log4j-to-slf4j High Product jar package name apache Highest Product jar package name logging Highest Product jar package name slf4j Highest Product jar package name slf4jprovider Highest Product Manifest bundle-activationpolicy lazy Low Product Manifest Bundle-Name Apache Log4j to SLF4J Adapter Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.to.slf4j Medium Product Manifest multi-release false Low Product Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.slf4j.SLF4JProvider" Low Product pom artifactid log4j-to-slf4j Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j to SLF4J Adapter High Product pom parent-artifactid log4j Medium Version file version 2.21.1 High Version Manifest Bundle-Version 2.21.1 High Version pom version 2.21.1 Highest
Description:
logback-core module
License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/ch/qos/logback/logback-core/1.4.14/logback-core-1.4.14.jar
MD5: 7367629d307fa3d0b82d76b9d3f1d09a
SHA1: 4d3c2248219ac0effeb380ed4c5280a80bf395e8
SHA256: f8c2f05f42530b1852739507c1792f0080167850ed8f396444c6913d6617a293
Referenced In Project/Scope: jacoco-report-aggregate:compile
logback-core-1.4.14.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name logback-core High Vendor jar package name ch Highest Vendor jar package name core Highest Vendor jar package name logback Highest Vendor jar package name qos Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.qos.ch Low Vendor Manifest bundle-symbolicname ch.qos.logback.core Medium Vendor Manifest Implementation-Vendor QOS.ch High Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.8 Low Vendor Manifest specification-vendor QOS.ch Low Vendor pom artifactid logback-core Highest Vendor pom artifactid logback-core Low Vendor pom groupid ch.qos.logback Highest Vendor pom name Logback Core Module High Vendor pom parent-artifactid logback-parent Low Product file name logback-core High Product jar package name ch Highest Product jar package name core Highest Product jar package name logback Highest Product jar package name qos Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.qos.ch Low Product Manifest Bundle-Name Logback Core Module Medium Product Manifest bundle-symbolicname ch.qos.logback.core Medium Product Manifest Implementation-Title Logback Core Module High Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.8 Low Product Manifest specification-title Logback Core Module Medium Product pom artifactid logback-core Highest Product pom groupid ch.qos.logback Highest Product pom name Logback Core Module High Product pom parent-artifactid logback-parent Medium Version file version 1.4.14 High Version Manifest Bundle-Version 1.4.14 High Version Manifest Implementation-Version 1.4.14 High Version pom version 1.4.14 Highest
Related Dependencies logback-classic-1.4.14.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/ch/qos/logback/logback-classic/1.4.14/logback-classic-1.4.14.jar MD5: 204b49a7fa041b2b2c455193079dc1d2 SHA1: d98bc162275134cdf1518774da4a2a17ef6fb94d SHA256: 8e832f7263ca606ae36dabb2d8b24c2f43d82cf634e81dad9d1640fa6ee3c596 pkg:maven/ch.qos.logback/logback-classic@1.4.14 Description:
Module containing common code
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/io/micrometer/micrometer-commons/1.12.1/micrometer-commons-1.12.1.jar
MD5: 2518ae277e56aea5e37e3fc2f578dfa4
SHA1: abcc6b294e60582afdfae6c559c94ad1d412ce2d
SHA256: 295785b04cd4de7711bb16730da5e9829bac55a8879d52120625dac6c89904ed
Referenced In Project/Scope: jacoco-report-aggregate:compile
micrometer-commons-1.12.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name micrometer-commons High Vendor jar package name common Highest Vendor jar package name io Highest Vendor jar package name micrometer Highest Vendor Manifest automatic-module-name micrometer.commons Medium Vendor Manifest branch HEAD Low Vendor Manifest build-date 2023-12-11_12:04:52 Low Vendor Manifest build-date-utc 2023-12-11T12:04:52.879893293Z Low Vendor Manifest build-host d2e0780d4558 Low Vendor Manifest build-job deploy Low Vendor Manifest build-number 27642 Low Vendor Manifest build-timezone Etc/UTC Low Vendor Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/27642 Low Vendor Manifest built-os Linux Low Vendor Manifest built-status release Low Vendor Manifest bundle-symbolicname micrometer-commons Medium Vendor Manifest change 3c39cb0 Low Vendor Manifest full-change 3c39cb09d50ad7e5b94683e9695cc00dba346b13 Low Vendor Manifest module-email tludwig@vmware.com Low Vendor Manifest module-origin micrometer-metrics/micrometer.git Low Vendor Manifest module-owner tludwig@vmware.com Low Vendor Manifest module-source /micrometer-commons Low Vendor pom artifactid micrometer-commons Highest Vendor pom artifactid micrometer-commons Low Vendor pom developer email tludwig@vmware.com Low Vendor pom developer id shakuzen Medium Vendor pom developer name Tommy Ludwig Medium Vendor pom groupid io.micrometer Highest Vendor pom name micrometer-commons High Vendor pom url micrometer-metrics/micrometer Highest Product file name micrometer-commons High Product jar package name common Highest Product jar package name io Highest Product jar package name micrometer Highest Product Manifest automatic-module-name micrometer.commons Medium Product Manifest branch HEAD Low Product Manifest build-date 2023-12-11_12:04:52 Low Product Manifest build-date-utc 2023-12-11T12:04:52.879893293Z Low Product Manifest build-host d2e0780d4558 Low Product Manifest build-job deploy Low Product Manifest build-number 27642 Low Product Manifest build-timezone Etc/UTC Low Product Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/27642 Low Product Manifest built-os Linux Low Product Manifest built-status release Low Product Manifest Bundle-Name micrometer-commons Medium Product Manifest bundle-symbolicname micrometer-commons Medium Product Manifest change 3c39cb0 Low Product Manifest full-change 3c39cb09d50ad7e5b94683e9695cc00dba346b13 Low Product Manifest Implementation-Title io.micrometer#micrometer-commons;1.12.1 High Product Manifest module-email tludwig@vmware.com Low Product Manifest module-origin micrometer-metrics/micrometer.git Low Product Manifest module-owner tludwig@vmware.com Low Product Manifest module-source /micrometer-commons Low Product pom artifactid micrometer-commons Highest Product pom developer email tludwig@vmware.com Low Product pom developer id shakuzen Low Product pom developer name Tommy Ludwig Low Product pom groupid io.micrometer Highest Product pom name micrometer-commons High Product pom url micrometer-metrics/micrometer High Version file version 1.12.1 High Version Manifest Bundle-Version 1.12.1 High Version Manifest Implementation-Version 1.12.1 High Version pom version 1.12.1 Highest
Description:
Module containing Observation related code
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/io/micrometer/micrometer-observation/1.12.1/micrometer-observation-1.12.1.jar
MD5: b55c9caac5c8f778996937c3f6cf4101
SHA1: fbd0e0e9b6a36effd53e0eee35b050ed1f548ae5
SHA256: 48f6607b248e8b77ee9f7b3934f70124471daf947b30480c1b9c0e9d9f996c83
Referenced In Project/Scope: jacoco-report-aggregate:compile
micrometer-observation-1.12.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name micrometer-observation High Vendor jar package name io Highest Vendor jar package name micrometer Highest Vendor jar package name observation Highest Vendor Manifest automatic-module-name micrometer.observation Medium Vendor Manifest branch HEAD Low Vendor Manifest build-date 2023-12-11_12:04:53 Low Vendor Manifest build-date-utc 2023-12-11T12:04:53.086674494Z Low Vendor Manifest build-host d2e0780d4558 Low Vendor Manifest build-job deploy Low Vendor Manifest build-number 27642 Low Vendor Manifest build-timezone Etc/UTC Low Vendor Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/27642 Low Vendor Manifest built-os Linux Low Vendor Manifest built-status release Low Vendor Manifest bundle-symbolicname micrometer-observation Medium Vendor Manifest change 3c39cb0 Low Vendor Manifest full-change 3c39cb09d50ad7e5b94683e9695cc00dba346b13 Low Vendor Manifest module-email tludwig@vmware.com Low Vendor Manifest module-origin micrometer-metrics/micrometer.git Low Vendor Manifest module-owner tludwig@vmware.com Low Vendor Manifest module-source /micrometer-observation Low Vendor pom artifactid micrometer-observation Highest Vendor pom artifactid micrometer-observation Low Vendor pom developer email tludwig@vmware.com Low Vendor pom developer id shakuzen Medium Vendor pom developer name Tommy Ludwig Medium Vendor pom groupid io.micrometer Highest Vendor pom name micrometer-observation High Vendor pom url micrometer-metrics/micrometer Highest Product file name micrometer-observation High Product jar package name io Highest Product jar package name micrometer Highest Product jar package name observation Highest Product Manifest automatic-module-name micrometer.observation Medium Product Manifest branch HEAD Low Product Manifest build-date 2023-12-11_12:04:53 Low Product Manifest build-date-utc 2023-12-11T12:04:53.086674494Z Low Product Manifest build-host d2e0780d4558 Low Product Manifest build-job deploy Low Product Manifest build-number 27642 Low Product Manifest build-timezone Etc/UTC Low Product Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/27642 Low Product Manifest built-os Linux Low Product Manifest built-status release Low Product Manifest Bundle-Name micrometer-observation Medium Product Manifest bundle-symbolicname micrometer-observation Medium Product Manifest change 3c39cb0 Low Product Manifest full-change 3c39cb09d50ad7e5b94683e9695cc00dba346b13 Low Product Manifest Implementation-Title io.micrometer#micrometer-observation;1.12.1 High Product Manifest module-email tludwig@vmware.com Low Product Manifest module-origin micrometer-metrics/micrometer.git Low Product Manifest module-owner tludwig@vmware.com Low Product Manifest module-source /micrometer-observation Low Product pom artifactid micrometer-observation Highest Product pom developer email tludwig@vmware.com Low Product pom developer id shakuzen Low Product pom developer name Tommy Ludwig Low Product pom groupid io.micrometer Highest Product pom name micrometer-observation High Product pom url micrometer-metrics/micrometer High Version file version 1.12.1 High Version Manifest Bundle-Version 1.12.1 High Version Manifest Implementation-Version 1.12.1 High Version pom version 1.12.1 Highest
Description:
The slf4j API
License:
http://www.opensource.org/licenses/mit-license.php File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/slf4j/slf4j-api/2.0.9/slf4j-api-2.0.9.jar
MD5: 45630e54b0f0ac2b3c80462515ad8fda
SHA1: 7cf2726fdcfbc8610f9a71fb3ed639871f315340
SHA256: 0818930dc8d7debb403204611691da58e49d42c50b6ffcfdce02dadb7c3c2b6c
Referenced In Project/Scope: jacoco-report-aggregate:compile
slf4j-api-2.0.9.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 20 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor Manifest multi-release true Low Vendor pom artifactid slf4j-api Highest Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest build-jdk-spec 20 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name SLF4J API Module Medium Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product Manifest multi-release true Low Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.9 High Version Manifest Bundle-Version 2.0.9 High Version Manifest Implementation-Version 2.0.9 High Version pom version 2.0.9 Highest
Description:
YAML 1.1 parser and emitter for Java
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/yaml/snakeyaml/2.2/snakeyaml-2.2.jar
MD5: d78aacf5f2de5b52f1a327470efd1ad7
SHA1: 3af797a25458550a16bf89acc8e4ab2b7f2bfce0
SHA256: 1467931448a0817696ae2805b7b8b20bfb082652bf9c4efaed528930dc49389b
Referenced In Project/Scope: jacoco-report-aggregate:compile
snakeyaml-2.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name snakeyaml High Vendor jar package name emitter Highest Vendor jar package name org Highest Vendor jar package name parser Highest Vendor jar package name snakeyaml Highest Vendor jar package name yaml Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor Manifest multi-release true Low Vendor pom artifactid snakeyaml Highest Vendor pom artifactid snakeyaml Low Vendor pom developer email alexander.maslov@gmail.com Low Vendor pom developer email public.somov@gmail.com Low Vendor pom developer id asomov Medium Vendor pom developer id maslovalex Medium Vendor pom developer name Alexander Maslov Medium Vendor pom developer name Andrey Somov Medium Vendor pom groupid org.yaml Highest Vendor pom name SnakeYAML High Vendor pom url https://bitbucket.org/snakeyaml/snakeyaml Highest Product file name snakeyaml High Product jar package name emitter Highest Product jar package name org Highest Product jar package name parser Highest Product jar package name snakeyaml Highest Product jar package name yaml Highest Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name SnakeYAML Medium Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product Manifest multi-release true Low Product pom artifactid snakeyaml Highest Product pom developer email alexander.maslov@gmail.com Low Product pom developer email public.somov@gmail.com Low Product pom developer id asomov Low Product pom developer id maslovalex Low Product pom developer name Alexander Maslov Low Product pom developer name Andrey Somov Low Product pom groupid org.yaml Highest Product pom name SnakeYAML High Product pom url https://bitbucket.org/snakeyaml/snakeyaml Medium Version file version 2.2 High Version pom version 2.2 Highest
Description:
Spring Boot
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/springframework/boot/spring-boot/3.2.1/spring-boot-3.2.1.jar
MD5: 6f7384977eae04c804b1062df9217959
SHA1: faa2ce019bee68a8d17529d0a08ebc427f927e13
SHA256: 6fde604399114e77b12519b3d117117c607cb73b89a88800856fb0e0cc82ea7a
Referenced In Project/Scope: jacoco-report-aggregate:compile
spring-boot-3.2.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name spring-boot High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name boot Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.boot Medium Vendor Manifest build-jdk-spec 17 Low Vendor pom artifactid spring-boot Highest Vendor pom artifactid spring-boot Low Vendor pom developer email ask@spring.io Low Vendor pom developer name Spring Medium Vendor pom developer org VMware, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.boot Highest Vendor pom name spring-boot High Vendor pom organization name VMware, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-boot Highest Product file name spring-boot High Product jar package name boot Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.boot Medium Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Spring Boot High Product pom artifactid spring-boot Highest Product pom developer email ask@spring.io Low Product pom developer name Spring Low Product pom developer org VMware, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.boot Highest Product pom name spring-boot High Product pom organization name VMware, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-boot Medium Version file version 3.2.1 High Version Manifest Implementation-Version 3.2.1 High Version pom version 3.2.1 Highest
Related Dependencies spring-boot-autoconfigure-3.2.1.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/3.2.1/spring-boot-autoconfigure-3.2.1.jar MD5: 29fb14fe1d383588e87a73da4508604d SHA1: b100d2d21d45dddd740d496357ca6f3813d777d0 SHA256: 371f0f36d226a8db972c37c73f0a0896ee4d3e77c29b54dbce8a64af731a6e53 pkg:maven/org.springframework.boot/spring-boot-autoconfigure@3.2.1 spring-boot-starter-3.2.1.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/springframework/boot/spring-boot-starter/3.2.1/spring-boot-starter-3.2.1.jar MD5: d9eb815815944bcdaeed5e63f32e5d7f SHA1: bc03d7075fb9d9d4877218db48d5dae3dd72a65d SHA256: a25f2f4172c34f46b73fff03293370c3daf231a1db2883ef8032aa471779fb8b pkg:maven/org.springframework.boot/spring-boot-starter@3.2.1 spring-boot-starter-json-3.2.1.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/springframework/boot/spring-boot-starter-json/3.2.1/spring-boot-starter-json-3.2.1.jar MD5: bea54cf408b022894c0b1b013c58c0a9 SHA1: ecda50de20ab6d3c49ea30df4c1982048f5d31ac SHA256: 572f1a4171dff33b5a9260bbd704473442adf24f890386abe33ecc18c047836a pkg:maven/org.springframework.boot/spring-boot-starter-json@3.2.1 spring-boot-starter-logging-3.2.1.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/springframework/boot/spring-boot-starter-logging/3.2.1/spring-boot-starter-logging-3.2.1.jar MD5: 7ac01b9dee045285c365cf6a3d8d8451 SHA1: 0df8ec78dc87885298998ca3c9bd603ee7bfe5b8 SHA256: 0b7e411cfc44a15fc63a36cd05a73b34c3558f1b06e4f297b1919361b8a351a7 pkg:maven/org.springframework.boot/spring-boot-starter-logging@3.2.1 spring-boot-starter-tomcat-3.2.1.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/springframework/boot/spring-boot-starter-tomcat/3.2.1/spring-boot-starter-tomcat-3.2.1.jar MD5: db4df0f653e84bfd545894c4567b19ff SHA1: d8efc48034015522958cb3fea5831b4cbcd4fcfb SHA256: bf93da73a8fb4caf9fa68e4f3b97adcc9dbb8c79220a828b3d70ecf12d410117 pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@3.2.1 Description:
Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/springframework/boot/spring-boot-starter-web/3.2.1/spring-boot-starter-web-3.2.1.jar
MD5: 8a6aea9e1fbdbabbd00e35038739200f
SHA1: e27e36d4222fd4d589e634e1c7f5f09f0316147c
SHA256: 2f14d3a4a0ae3ad634bcfa07117542001c1789c0bdce3504baee8f2bc45ef006
Referenced In Project/Scope: jacoco-report-aggregate:compile
spring-boot-starter-web-3.2.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name spring-boot-starter-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor Manifest automatic-module-name spring.boot.starter.web Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest spring-boot-jar-type dependencies-starter Low Vendor pom artifactid spring-boot-starter-web Highest Vendor pom artifactid spring-boot-starter-web Low Vendor pom developer email ask@spring.io Low Vendor pom developer name Spring Medium Vendor pom developer org VMware, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.boot Highest Vendor pom name spring-boot-starter-web High Vendor pom organization name VMware, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-boot Highest Product file name spring-boot-starter-web High Product Manifest automatic-module-name spring.boot.starter.web Medium Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container High Product Manifest spring-boot-jar-type dependencies-starter Low Product pom artifactid spring-boot-starter-web Highest Product pom developer email ask@spring.io Low Product pom developer name Spring Low Product pom developer org VMware, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.boot Highest Product pom name spring-boot-starter-web High Product pom organization name VMware, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-boot Medium Version file version 3.2.1 High Version Manifest Implementation-Version 3.2.1 High Version pom version 3.2.1 Highest
Description:
Spring Core
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/springframework/spring-core/6.1.2/spring-core-6.1.2.jar
MD5: 98bedebd5de314d344ed3a7dcad01c66
SHA1: e43c71a9eaca454654621f7d272f15b53c68d583
SHA256: 8e3f7378e98c26500bdb5ecd6865778f57a22787eb2f11b9bd5fb8e438a0c631
Referenced In Project/Scope: jacoco-report-aggregate:compile
spring-core-6.1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name spring-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name io Highest Vendor jar package name org Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.core Medium Vendor Manifest multi-release true Low Vendor pom artifactid spring-core Highest Vendor pom artifactid spring-core Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Core High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-core High Product hint analyzer product springsource_spring_framework Highest Product jar package name core Highest Product jar package name io Highest Product jar package name org Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.core Medium Product Manifest Implementation-Title spring-core High Product Manifest multi-release true Low Product pom artifactid spring-core Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Core High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 6.1.2 High Version Manifest Implementation-Version 6.1.2 High Version pom version 6.1.2 Highest
Related Dependencies spring-aop-6.1.2.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/springframework/spring-aop/6.1.2/spring-aop-6.1.2.jar MD5: c9b8757051ed6c1cc9fda0e379283348 SHA1: a247bd81df8fa9c6a002b95969692bfd146a70b2 SHA256: e47b66833ebec281374d55b4e36352b80fe3fa64c94252481a8a7e8d31d9d601 pkg:maven/org.springframework/spring-aop@6.1.2 spring-beans-6.1.2.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/springframework/spring-beans/6.1.2/spring-beans-6.1.2.jar MD5: 5ee147f2234968eeab4b469af4d3b5f1 SHA1: abf52f2254975a3b1e95b2b63fb8b01d891cdc51 SHA256: 742baa41c1b0282ef01b3d542dc1b1de71db2578bd9ddd9a7d57fb191234b194 pkg:maven/org.springframework/spring-beans@6.1.2 spring-context-6.1.2.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/springframework/spring-context/6.1.2/spring-context-6.1.2.jar MD5: ca23d3013c2afc6d3b30b993f3c5cd69 SHA1: 15df19852991220556b4462a366269b8e15278eb SHA256: af22a435469956415bbee873de6c05995ef12f2d29622abf510a94581ea52de2 pkg:maven/org.springframework/spring-context@6.1.2 spring-expression-6.1.2.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/springframework/spring-expression/6.1.2/spring-expression-6.1.2.jar MD5: 2f56216dc7ee08cbeafa54ccf18cad35 SHA1: 98786397734b27b7c8843a6b01a7fa34d40d6806 SHA256: 0fef5fb19f375a8632d2a117f4b3aed059b959e9693e90c3b7f57b7cad2f9e0b pkg:maven/org.springframework/spring-expression@6.1.2 spring-jcl-6.1.2.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/springframework/spring-jcl/6.1.2/spring-jcl-6.1.2.jar MD5: 1638acc7030a001c37f803185dbd6eaf SHA1: 285eb725861c9eacf2a3e4965d4e897932e335ea SHA256: eb9ebadb1581f0fe598216f7cf032a3b44a84c96de06ffa8d6f41bcc47305134 pkg:maven/org.springframework/spring-jcl@6.1.2 Description:
Spring Web
License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/springframework/spring-web/6.1.2/spring-web-6.1.2.jar
MD5: a39761bc7a706c70f6ca3ab805a97b34
SHA1: 0f26b98778376cc39afb04fbb6fdd7543bef89f2
SHA256: 3f2012a24c6213f155b6bc69aa3ecafe2a373c1e92a26dbecc62ff575c3a1fb3
Referenced In Project/Scope: jacoco-report-aggregate:compile
spring-web-6.1.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name spring-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name springframework Highest Vendor jar package name web Highest Vendor Manifest automatic-module-name spring.web Medium Vendor pom artifactid spring-web Highest Vendor pom artifactid spring-web Low Vendor pom developer email jhoeller@pivotal.io Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Web High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-web High Product hint analyzer product springsource_spring_framework Highest Product jar package name springframework Highest Product jar package name web Highest Product Manifest automatic-module-name spring.web Medium Product Manifest Implementation-Title spring-web High Product pom artifactid spring-web Highest Product pom developer email jhoeller@pivotal.io Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Web High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 6.1.2 High Version Manifest Implementation-Version 6.1.2 High Version pom version 6.1.2 Highest
Related Dependencies spring-webmvc-6.1.2.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/springframework/spring-webmvc/6.1.2/spring-webmvc-6.1.2.jar MD5: 0fcf00ac160e0d42ad9cd242c796e47a SHA1: 906ee995372076e22ef9666d8628845c75bf5c42 SHA256: de42748c3c94c06131c3fe97d81f5c685e4492b9e986baa88af768bb12ea7738 pkg:maven/org.springframework/spring-webmvc@6.1.2 Description:
Core Tomcat implementation
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/10.1.17/tomcat-embed-core-10.1.17.jar
MD5: 81d2d784780b1fe54275ab4f3d0c3830
SHA1: 5b9185ee002f9e194d2cb21ddcf8bc5f3d4a69da
SHA256: 5d70fa6ae0548f89fb4c070423ecc2db050cebf248b0d5f3f2294375a6762382
Referenced In Project/Scope: jacoco-report-aggregate:compile
tomcat-embed-core-10.1.17.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name tomcat-embed-core High Vendor jar package name apache Highest Vendor jar package name core Highest Vendor jar package name tomcat Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-embed-core Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest provide-capability osgi.contract;osgi.contract=JavaJASPIC;version:Version="3.0";uses:="jakarta.security.auth.message,jakarta.security.auth.message.callback,jakarta.security.auth.message.config,jakarta.security.auth.message.module",osgi.contract;osgi.contract=JavaServlet;version:Version="6.0";uses:="jakarta.servlet,jakarta.servlet.annotation,jakarta.servlet.descriptor,jakarta.servlet.http,jakarta.servlet.resources" Low Vendor Manifest specification-vendor Apache Software Foundation Low Vendor manifest: jakarta/security/auth/message/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/security/auth/message/callback/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/security/auth/message/config/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/security/auth/message/module/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/annotation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/descriptor/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/http/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/resources/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-embed-core Highest Vendor pom artifactid tomcat-embed-core Low Vendor pom groupid org.apache.tomcat.embed Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-embed-core High Product jar package name annotation Highest Product jar package name apache Highest Product jar package name auth Highest Product jar package name core Highest Product jar package name descriptor Highest Product jar package name http Highest Product jar package name jakarta Highest Product jar package name message Highest Product jar package name security Highest Product jar package name servlet Highest Product jar package name tomcat Highest Product Manifest Bundle-Name tomcat-embed-core Medium Product Manifest bundle-symbolicname org.apache.tomcat-embed-core Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest provide-capability osgi.contract;osgi.contract=JavaJASPIC;version:Version="3.0";uses:="jakarta.security.auth.message,jakarta.security.auth.message.callback,jakarta.security.auth.message.config,jakarta.security.auth.message.module",osgi.contract;osgi.contract=JavaServlet;version:Version="6.0";uses:="jakarta.servlet,jakarta.servlet.annotation,jakarta.servlet.descriptor,jakarta.servlet.http,jakarta.servlet.resources" Low Product Manifest specification-title Apache Tomcat Medium Product manifest: jakarta/security/auth/message/ Implementation-Title jakarta.security.auth.message Medium Product manifest: jakarta/security/auth/message/ Specification-Title Jakarta Authentication SPI for Containers Medium Product manifest: jakarta/security/auth/message/callback/ Implementation-Title jakarta.security.auth.message Medium Product manifest: jakarta/security/auth/message/callback/ Specification-Title Jakarta Authentication SPI for Containers Medium Product manifest: jakarta/security/auth/message/config/ Implementation-Title jakarta.security.auth.message Medium Product manifest: jakarta/security/auth/message/config/ Specification-Title Jakarta Authentication SPI for Containers Medium Product manifest: jakarta/security/auth/message/module/ Implementation-Title jakarta.security.auth.message Medium Product manifest: jakarta/security/auth/message/module/ Specification-Title Jakarta Authentication SPI for Containers Medium Product manifest: jakarta/servlet/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/annotation/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/annotation/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/descriptor/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/descriptor/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/http/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/http/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/resources/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/resources/ Specification-Title Jakarta Servlet Medium Product pom artifactid tomcat-embed-core Highest Product pom groupid org.apache.tomcat.embed Highest Product pom url https://tomcat.apache.org/ Medium Version file version 10.1.17 High Version Manifest Bundle-Version 10.1.17 High Version Manifest Implementation-Version 10.1.17 High Version pom version 10.1.17 Highest
Related Dependencies tomcat-embed-websocket-10.1.17.jarFile Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/10.1.17/tomcat-embed-websocket-10.1.17.jar MD5: cfc1778713fba9b5bc33d3db64071dff SHA1: 9ee2f34b51144b75878c9b42768e17de8fbdc74b SHA256: 00b16e507bea58c6e8a7cb64f129cd2ffd62da092a67a693a8a6af1efdc7dd6d pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.17 Description:
Core Tomcat implementation
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /builds/pub/dnumarchi/ci-maven-demo/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/10.1.17/tomcat-embed-el-10.1.17.jar
MD5: f9171a84574782d1d68acd8b07177172
SHA1: 9ad7312421535d7d3aabe0f541e852baccb59726
SHA256: bac12b9c993a9181ffc88ea8ba085491a482729e64ae105750a7475a7b85e549
Referenced In Project/Scope: jacoco-report-aggregate:compile
tomcat-embed-el-10.1.17.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/demo.ci-maven-demo/ci-maven-demo-webapp@1.2.0
Evidence Type Source Name Value Confidence Vendor file name tomcat-embed-el High Vendor jar package name apache Highest Vendor jar package name el Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-embed-jasper-el Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest provide-capability osgi.contract;osgi.contract=JakartaExpressionLanguage;version:Version="5.0";uses:="jakarta.el",osgi.service;objectClass:List="jakarta.el.ExpressionFactory";effective:=active,osgi.serviceloader;osgi.serviceloader="jakarta.el.ExpressionFactory";register:="org.apache.el.ExpressionFactoryImpl" Low Vendor Manifest specification-vendor Apache Software Foundation Low Vendor manifest: jakarta/el/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-embed-el Highest Vendor pom artifactid tomcat-embed-el Low Vendor pom groupid org.apache.tomcat.embed Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-embed-el High Product jar package name apache Highest Product jar package name el Highest Product jar package name expression Highest Product jar package name expressionfactory Highest Product jar package name expressionfactoryimpl Highest Product jar package name jakarta Highest Product Manifest Bundle-Name tomcat-embed-jasper-el Medium Product Manifest bundle-symbolicname org.apache.tomcat-embed-jasper-el Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest provide-capability osgi.contract;osgi.contract=JakartaExpressionLanguage;version:Version="5.0";uses:="jakarta.el",osgi.service;objectClass:List="jakarta.el.ExpressionFactory";effective:=active,osgi.serviceloader;osgi.serviceloader="jakarta.el.ExpressionFactory";register:="org.apache.el.ExpressionFactoryImpl" Low Product Manifest specification-title Apache Tomcat Medium Product manifest: jakarta/el/ Implementation-Title jakarta.annotation Medium Product manifest: jakarta/el/ Specification-Title Jakarta Expression Language Medium Product pom artifactid tomcat-embed-el Highest Product pom groupid org.apache.tomcat.embed Highest Product pom url https://tomcat.apache.org/ Medium Version file version 10.1.17 High Version Manifest Bundle-Version 10.1.17 High Version Manifest Implementation-Version 10.1.17 High Version pom version 10.1.17 Highest