dependency-check-core is the engine and reporting tool used to identify and report if there are any known, publicly disclosed vulnerabilities in the scanned project's dependencies. The engine extracts meta-data from the dependencies and uses this to do fuzzy key-word matching against the Common Platfrom Enumeration (CPE), if any CPE identifiers are found the associated Common Vulnerability and Exposure (CVE) entries are added to the generated report.
| License | Apache 2.0 |
|---|---|
| Tags | owaspdependencies |
| Date | Jul 06, 2024 |
| Files | pom (25 KB) jar (1.0 MB) View All |
| Repositories | CentralAlfrescoUSITWSO2 Public |
| Ranking | #18069 in MvnRepository (See Top Artifacts) |
| Used By | 26 artifacts |
| Vulnerabilities | Vulnerabilities from dependencies: CVE-2025-48924 CVE-2025-48734 CVE-2023-6378 View 1 more ... |
Compile Dependencies (36)
Test Dependencies (3)
| Category/License | Group / Artifact | Version | Updates | |
|---|---|---|---|---|
| Logging EPL 1.0LGPL 2.1 |  | ch.qos.logback » logback-classic1 vulnerability | 1.2.11 | 1.5.21 |
Apache 2.0 |  | org.apache.lucene » lucene-test-framework | 8.11.3 | 10.3.1 |
| Mocking MIT |  | org.mockito » mockito-core | 4.11.0 | 5.20.0 |
Licenses
| License | URL |
|---|---|
| The Apache Software License, Version 2.0 | http://www.apache.org/licenses/LICENSE-2.0.txt |
Developers
| Name | Dev Id | Roles | Organization | |
|---|---|---|---|---|
| Jeremy Long | jeremy.long<at>owasp.org | architect, developer | OWASP | |
| Steve Springett | Steve.Springett<at>owasp.org | developer | OWASP | |
| Will Stranathan | Will.Stranathan<at>owasp.org | developer | OWASP | |
| Dale Visser | dvisser<at>ida.org | developer | Institute for Defense Analyses |