dependency-check-core is the engine and reporting tool used to identify and report if there are any known, publicly disclosed vulnerabilities in the scanned project's dependencies. The engine extracts meta-data from the dependencies and uses this to do fuzzy key-word matching against the Common Platfrom Enumeration (CPE), if any CPE identifiers are found the associated Common Vulnerability and Exposure (CVE) entries are added to the generated report.
License | Apache 2.0 |
---|---|
Tags | owaspdependencies |
Date | Dec 04, 2024 |
Files | pom (25 KB) jar (1.0 MB) View All |
Repositories | CentralAlfresco |
Ranking | #22496 in MvnRepository (See Top Artifacts) |
Used By | 19 artifacts |
Vulnerabilities | Vulnerabilities from dependencies: CVE-2023-6378 |
Compile Dependencies (36)
Test Dependencies (3)
Category/License | Group / Artifact | Version | Updates | |
---|---|---|---|---|
Logging EPL 1.0LGPL 2.1 | ch.qos.logback » logback-classic1 vulnerability | 1.2.11 | 1.5.16 | |
Apache 2.0 | org.apache.lucene » lucene-test-framework | 9.12.0 | 10.1.0 | |
Mocking MIT | org.mockito » mockito-core | 5.12.0 | 5.15.2 |
Licenses
License | URL |
---|---|
The Apache Software License, Version 2.0 | http://www.apache.org/licenses/LICENSE-2.0.txt |
Developers
Name | Dev Id | Roles | Organization | |
---|---|---|---|---|
Jeremy Long | jeremy.long<at>owasp.org | architect, developer | OWASP | |
Steve Springett | Steve.Springett<at>owasp.org | developer | OWASP | |
Will Stranathan | Will.Stranathan<at>owasp.org | developer | OWASP | |
Dale Visser | dvisser<at>ida.org | developer | Institute for Defense Analyses |