dependency-check-core is the engine and reporting tool used to identify and report if there are any known, publicly disclosed vulnerabilities in the scanned project's dependencies. The engine extracts meta-data from the dependencies and uses this to do fuzzy key-word matching against the Common Platfrom Enumeration (CPE), if any CPE identifiers are found the associated Common Vulnerability and Exposure (CVE) entries are added to the generated report.

LicenseApache 2.0
Tagsowaspdependencies
DateDec 04, 2024
Filespom (25 KB)  jar (1.0 MB)  View All
RepositoriesCentralAlfresco
Ranking#22496 in MvnRepository (See Top Artifacts)
Used By19 artifacts
VulnerabilitiesVulnerabilities from dependencies:
CVE-2023-6378

Note: There is a new version for this artifact

New Version12.0.1


Compile Dependencies (36)

Category/License Group / ArtifactVersionUpdates
JSON Lib
Apache 2.0
com.fasterxml.jackson.core » jackson-databind 2.18.2
YAML
Apache 2.0
com.fasterxml.jackson.dataformat » jackson-dataformat-yaml 2.18.2
Date/Time
Apache 2.0
com.fasterxml.jackson.datatype » jackson-datatype-jsr310 2.18.2

Apache 2.0
com.fasterxml.jackson.module » jackson-module-afterburner 2.18.2

Apache 2.0
com.fasterxml.jackson.module » jackson-module-blackbird 2.18.2

MIT
com.github.package-url » packageurl-java 1.5.0
Core Utils
Apache 2.0
com.google.guava » guava 33.3.1-jre33.4.0-jre
Embedded SQL DB
EPL 1.0MPL 2.0
com.h2database » h2 2.3.232

Apache 2.0
com.h3xstream.retirejs » retirejs-core 3.0.4

Apache 2.0
com.hankcs » aho-corasick-double-array-trie 1.2.3

MIT
com.moandjiezana.toml » toml4j 0.7.20.7.3
Reflection
Apache 2.0
commons-beanutils » commons-beanutils 1.9.41.10.0
I/O
Apache 2.0
commons-io » commons-io 2.18.0
Validation
Apache 2.0
commons-validator » commons-validator 1.9.0

Apache 2.0
io.github.jeremylong » open-vulnerability-clients 7.0.17.2.0

Apache 2.0
io.github.jeremylong » jcs3-slf4j 1.0.5

Apache 2.0
org.anarres.jdiagnostics » jdiagnostics 1.0.7
Cache Impl
Apache 2.0
org.apache.commons » commons-jcs3-core 3.2.1
Collections
Apache 2.0
org.apache.commons » commons-collections4 4.4
Compression
Apache 2.0
org.apache.commons » commons-compress 1.27.1
Core Utils
Apache 2.0
org.apache.commons » commons-lang3 3.17.0
String Utils
Apache 2.0
org.apache.commons » commons-text 1.12.01.13.0
JDBC Pool
Apache 2.0
org.apache.commons » commons-dbcp2 2.12.02.13.0
Full-Text Indexing
Apache 2.0
org.apache.lucene » lucene-core 9.12.010.1.0

Apache 2.0
org.apache.lucene » lucene-analysis-common 9.12.010.1.0

Apache 2.0
org.apache.lucene » lucene-queryparser 9.12.010.1.0
Template Engine
Apache 2.0
org.apache.velocity » velocity-engine-core 2.4.1

EPL 2.0
org.eclipse.packager » packager-rpm 0.21.0
JSON Lib
EPL 2.0
org.glassfish » javax.json 1.1.42.0.1
HTML Parser
MIT
org.jsoup » jsoup 1.18.3

Apache 2.0
org.owasp » dependency-check-utils 11.1.112.0.1
Semantic Versioning
MIT
org.semver4j » semver4j 5.4.15.5.0
Logging
MIT
org.slf4j » slf4j-api 1.7.362.0.16

Apache 2.0
org.sonatype.ossindex » ossindex-service-client 1.8.2

CPAL 1.0
org.whitesource » pecoff4j 0.0.2.1

Apache 2.0
us.springett » cpe-parser 2.1.0

Test Dependencies (3)

Licenses

LicenseURL
The Apache Software License, Version 2.0 http://www.apache.org/licenses/LICENSE-2.0.txt

Developers

NameEmailDev IdRolesOrganization
Jeremy Longjeremy.long<at>owasp.orgarchitect, developerOWASP
Steve SpringettSteve.Springett<at>owasp.orgdeveloperOWASP
Will StranathanWill.Stranathan<at>owasp.orgdeveloperOWASP
Dale Visserdvisser<at>ida.orgdeveloperInstitute for Defense Analyses