Logging
EPL 1.0LGPL 2.1 |  | ch.qos.logback
»
logback-core |
1.5.20 | 1.5.21 |
Logging
EPL 1.0LGPL 2.1 | | ch.qos.logback
»
logback-classic |
1.5.20 | 1.5.21 |
EPL 1.0LGPL 2.1 | | ch.qos.logback.access
»
common |
2.0.3 |
✔
|
EPL 1.0LGPL 2.1 | | ch.qos.logback.access
»
logback-access-tomcat |
2.0.6 | 2.0.7 |
JWT Lib
MIT |  | com.auth0
»
java-jwt |
4.5.0 |
✔
|
JSON Lib
MIT |  | com.eclipsesource.minimal-json
»
minimal-json |
0.9.5 |
✔
|
XML Processing
BSD |  | com.fasterxml.staxmate
»
staxmate |
2.4.1 |
✔
|
MIT |  | com.github.erosb
»
json-sKema |
0.27.0 | 0.28.0 |
OAuth Lib
MIT | | com.github.scribejava
»
scribejava-apis |
8.3.3 |
✔
|
MIT | | com.github.scribejava
»
scribejava-core |
8.3.3 |
✔
|
Defect Detection
LGPL 2.1 |  | com.github.spotbugs
»
spotbugs-annotations |
4.9.8 |
✔
|
Defect Detection
LGPL 2.1 |  | com.google.code.findbugs
»
jsr305 |
3.0.2 | 4.9.8 |
JSON Lib
Apache 2.0 |  | com.google.code.gson
»
gson |
2.13.2 |
✔
|
Core Utils
Apache 2.0 | | com.google.guava
»
guava |
33.5.0-jre |
✔
|
Serializer
BSD 3-clause | | com.google.protobuf
»
protobuf-java |
4.33.0 | 4.33.1 |
Diff/Patch
Apache 2.0 |  | com.googlecode.java-diff-utils
»
diffutils |
1.3.0 | 4.16 |
JSON Lib
Apache 2.0 | | com.googlecode.json-simple
»
json-simple |
1.1.1 |
✔
|
Embedded SQL DB
EPL 1.0MPL 2.0 |  | com.h2database
»
h2 |
2.3.232 | 2.4.240 |
Apache 2.0 |  | com.hazelcast
»
hazelcast |
5.6.0 |
✔
|
Apache 2.0 |  | com.icegreen
»
greenmail |
2.1.7 |
✔
|
Apache 2.0 | | com.icegreen
»
greenmail-junit4 |
2.1.7 |
✔
|
Apache 2.0 | | com.icegreen
»
greenmail-junit5 |
2.1.7 |
✔
|
MIT |  | com.microsoft.azure
»
msal4j |
1.23.1 |
✔
|
JDBC Driver
MIT |  | com.microsoft.sqlserver
»
mssql-jdbc |
13.2.1.jre11 |
✔
|
JDBC Driver
|  | com.oracle.database.jdbc
»
ojdbc11 |
23.9.0.25.07 | 23.26.0.0.0 |
|  |
com.sonarsource.abap
» sonar-abap-plugin
| 3.15.1.6010 | |
| |
com.sonarsource.architecture
» sonar-architecture-plugin
| 2.3.0.6597 | |
| |
com.sonarsource.architecture
» sonar-architecture-java-frontend-plugin
| 2.3.0.6597 | |
| |
com.sonarsource.architecture
» sonar-architecture-javascript-frontend-plugin
| 2.3.0.6597 | |
| |
com.sonarsource.armor
» sonar-jasmin-plugin
| 1.8.0.7532 | |
| |
com.sonarsource.cobol
» sonar-cobol-plugin
| 5.9.0.8697 | |
| |
com.sonarsource.cpp
» sonar-cfamily-dependencies-plugin
| 6.73.0.90893 | |
| |
com.sonarsource.cpp
» sonar-cfamily-plugin
| 6.73.0.90893 | |
| |
com.sonarsource.dart
» sonar-dart-plugin
| 1.3.0.2614 | |
| |
com.sonarsource.dbd
» sonar-dbd-java-frontend-plugin
| 2.2.1.17653 | |
| |
com.sonarsource.dbd
» sonar-dbd-plugin
| 2.2.1.17653 | |
| |
com.sonarsource.dbd
» sonar-dbd-python-frontend-plugin
| 2.2.1.17653 | |
| |
com.sonarsource.dotnet
» sonar-csharp-enterprise-plugin
| 10.15.0.120848 | |
| |
com.sonarsource.dotnet
» sonar-vbnet-enterprise-plugin
| 10.15.0.120848 | |
| |
com.sonarsource.fixsuggestions
» ai-suggestions-shared
| 1.0.0.1775 | |
| |
com.sonarsource.go
» sonar-go-enterprise-plugin
| 1.29.0.4759 | |
| |
com.sonarsource.iac
» sonar-iac-enterprise-plugin
| 1.51.0.16714 | |
| |
com.sonarsource.jcl
» sonar-jcl-plugin
| 1.4.1.1493 | |
| |
com.sonarsource.pdfreport
» security-report-pdf-generation
| 2.0.0.325 | |
| |
com.sonarsource.pdfreport
» regulatory-report-pdf-generation
| 2.0.0.325 | |
| |
com.sonarsource.pdfreport
» pdf-generator-utils
| 2.0.0.325 | |
| |
com.sonarsource.pdfreport
» portfolio-report-pdf-generation
| 2.0.0.325 | |
| |
com.sonarsource.pli
» sonar-pli-plugin
| 1.16.1.5649 | |
| |
com.sonarsource.plsql
» sonar-plsql-plugin
| 3.17.0.7448 | |
| |
com.sonarsource.plugins.vb
» sonar-vb-plugin
| 2.14.1.5552 | |
| |
com.sonarsource.python
» sonar-python-enterprise-plugin
| 5.12.0.26629 | |
| |
com.sonarsource.rpg
» sonar-rpg-plugin
| 3.10.0.5337 | |
| |
com.sonarsource.security
» sonar-security-python-frontend-plugin
| 11.11.0.40669 | |
| |
com.sonarsource.security
» sonar-security-vbnet-frontend-plugin
| 11.11.0.40669 | |
| |
com.sonarsource.security
» sonar-security-go-frontend-plugin
| 11.11.0.40669 | |
| |
com.sonarsource.security
» sonar-security-js-frontend-plugin
| 11.11.0.40669 | |
| |
com.sonarsource.security
» sonar-security-plugin
| 11.11.0.40669 | |
| |
com.sonarsource.security
» sonar-security-csharp-frontend-plugin
| 11.11.0.40669 | |
| |
com.sonarsource.security
» sonar-security-php-frontend-plugin
| 11.11.0.40669 | |
| |
com.sonarsource.security
» sonar-security-kotlin-frontend-plugin
| 11.11.0.40669 | |
| |
com.sonarsource.security
» sonar-security-java-frontend-plugin
| 11.11.0.40669 | |
| |
com.sonarsource.slang
» sonar-apex-plugin
| 1.20.0.552 | |
| |
com.sonarsource.swift
» sonar-swift-plugin
| 4.14.0.8764 | |
| |
com.sonarsource.text
» sonar-text-developer-plugin
| 2.31.0.8443 | |
| |
com.sonarsource.text
» sonar-text-enterprise-plugin
| 2.31.0.8443 | |
| |
com.sonarsource.tsql
» sonar-tsql-plugin
| 1.16.0.9090 | |
HTTP Clients
Apache 2.0 |  | com.squareup.okhttp3
»
okhttp |
5.2.1 | 5.3.1 |
Mocking
Apache 2.0 | | com.squareup.okhttp3
»
mockwebserver |
5.2.1 | 5.3.1 |
Apache 2.0 | | com.squareup.okhttp3
»
logging-interceptor |
5.2.1 | 5.3.1 |
Apache 2.0 | | com.squareup.okhttp3
»
okhttp-tls |
5.2.1 | 5.3.1 |
Apache 2.0 |  | com.tngtech.java
»
junit-dataprovider |
1.13.1 | 2.10 |
Apache 2.0 | | com.tngtech.junit.dataprovider
»
junit-jupiter-params-dataprovider |
2.10 |
✔
|
JDBC Pool
Apache 2.0 |  | com.zaxxer
»
HikariCP |
7.0.2 |
✔
|
Base64
Apache 2.0 |  | commons-codec
»
commons-codec |
1.19.0 | 1.20.0 |
Collections
Apache 2.0 |  | commons-collections
»
commons-collections |
3.2.2 | 4.5.0 |
Apache 2.0 |  | commons-dbutils
»
commons-dbutils |
1.8.1 |
✔
|
I/O
Apache 2.0 |  | commons-io
»
commons-io |
2.20.0 | 2.21.0 |
Logging
Apache 2.0 |  | commons-logging
»
commons-logging |
1.3.5 |
✔
|
Apache 2.0 |  | io.github.hakky54
»
ayza |
10.0.1 |
✔
|
JWT Lib
Apache 2.0 |  | io.jsonwebtoken
»
jjwt-api |
0.13.0 |
✔
|
JWT Lib
Apache 2.0 | | io.jsonwebtoken
»
jjwt-impl |
0.13.0 |
✔
|
Apache 2.0 | | io.jsonwebtoken
»
jjwt-jackson |
0.13.0 |
✔
|
Network Framework
Apache 2.0 |  | io.netty
»
netty-all |
4.2.7.Final |
✔
|
Apache 2.0 |  | io.prometheus
»
simpleclient_common |
0.16.0 |
✔
|
Apache 2.0 | | io.prometheus
»
simpleclient_servlet |
0.16.0 |
✔
|
Application Metrics
Apache 2.0 | | io.prometheus
»
simpleclient |
0.16.0 |
✔
|
Annotation Lib
EPL 2.0GPL |  | jakarta.annotation
»
jakarta.annotation-api |
3.0.0 |
✔
|
Dep Injection
Apache 2.0 | | jakarta.inject
»
jakarta.inject-api |
2.0.1 |
✔
|
Mail Client
EDL 1.0EPL 2.0GPL | | jakarta.mail
»
jakarta.mail-api |
2.1.5 |
✔
|
Java Spec
EPL 2.0GPL | | jakarta.servlet
»
jakarta.servlet-api |
6.1.0 |
✔
|
Testing
EPL 2.0 |  | junit
»
junit |
4.13.2 | 6.0.1 |
Collections
LGPL 2.1 |  | net.sf.trove4j
»
core |
3.1.0 |
✔
|
Collections
Apache 2.0 |  | org.apache.commons
»
commons-collections4 |
4.5.0 |
✔
|
External Proc Exec
Apache 2.0 | | org.apache.commons
»
commons-exec |
1.5.0 |
✔
|
Apache 2.0 | | org.apache.commons
»
commons-email2-jakarta |
2.0.0-M1 |
✔
|
Core Utils
Apache 2.0 | | org.apache.commons
»
commons-lang3 |
3.19.0 | 3.20.0 |
CSV
Apache 2.0 | | org.apache.commons
»
commons-csv |
1.14.1 |
✔
|
String Utils
Apache 2.0 | | org.apache.commons
»
commons-text |
1.14.0 |
✔
|
Apache 2.0 |  | org.apache.directory.server
»
apacheds-server-integ |
2.0.0.AM27 |
✔
|
Apache 2.0 |  | org.apache.kerby
»
kerb-simplekdc |
2.1.0 |
✔
|
Apache 2.0 | | org.apache.kerby
»
ldap-backend |
2.1.0 |
✔
|
Logging
Apache 2.0 |  | org.apache.logging.log4j
»
log4j-api |
2.25.2 |
✔
|
Logging
Apache 2.0 | | org.apache.logging.log4j
»
log4j-core |
2.25.2 |
✔
|
Logging Bridge
Apache 2.0 | | org.apache.logging.log4j
»
log4j-to-slf4j |
2.25.2 |
✔
|
Network Framework
Apache 2.0 |  | org.apache.mina
»
mina-core |
2.2.4 |
✔
|
SSH Lib
Apache 2.0 | | org.apache.sshd
»
sshd-core |
2.16.0 |
✔
|
Apache 2.0 |  | org.apache.tomcat.embed
»
tomcat-embed-jasper |
11.0.13 | 11.0.14 |
Web Server
Apache 2.0 | | org.apache.tomcat.embed
»
tomcat-embed-core |
11.0.13 | 11.0.14 |
Template Engine
Apache 2.0 | | org.apache.velocity
»
velocity1 vulnerability |
1.7 | 2.4.1 |
AOP
EPL 2.0 |  | org.aspectj
»
aspectjtools |
1.9.24 | 1.9.25 |
Assertion
Apache 2.0 |  | org.assertj
»
assertj-core |
3.27.6 |
✔
|
Assertion
Apache 2.0 | | org.assertj
»
assertj-guava |
3.27.6 |
✔
|
Concurrency
Apache 2.0 |  | org.awaitility
»
awaitility |
4.3.0 |
✔
|
Encryption Lib
BouncyCastle |  | org.bouncycastle
»
bcprov-jdk18on |
1.82 |
✔
|
Encryption Lib
BouncyCastle | | org.bouncycastle
»
bcpkix-jdk18on |
1.82 |
✔
|
LGPL 3.0 |  | org.codehaus.sonar
»
sonar-channel |
4.2 |
✔
|
Apache 2.0 |  | org.codelibs.elasticsearch.module
»
reindex | 7.17.22 | 7.10.2 |
Apache 2.0 | | org.codelibs.elasticsearch.module
»
analysis-common | 7.17.22 | 7.10.2 |
Apache 2.0 |  | org.cyclonedx
»
cyclonedx-core-java1 vulnerability |
11.0.0 | 11.0.1 |
Git Tool
BSD 3-clauseEDL 1.0 |  | org.eclipse.jgit
»
org.eclipse.jgit |
7.4.0.202509020913-r |
✔
|
Apache 2.0 |  | org.elasticsearch
»
mocksocket |
1.2 |
✔
|
ElasticSearch Client
| | org.elasticsearch.client
»
elasticsearch-rest-high-level-client |
7.17.29 |
✔
|
SSPL 1 | | org.elasticsearch.plugin
»
transport-netty4-client |
7.17.29 |
✔
|
Testing
BSD 3-clause |  | org.hamcrest
»
hamcrest |
3.0 |
✔
|
Validation
Apache 2.0 |  | org.hibernate.validator
»
hibernate-validator |
9.0.1.Final | 9.1.0.Final |
JSON Lib
Public |  | org.json
»
json |
20250517 |
✔
|
HTML Parser
MIT |  | org.jsoup
»
jsoup |
1.21.2 |
✔
|
Testing
EPL 2.0 |  | org.junit-pioneer
»
junit-pioneer |
2.3.0 |
✔
|
GitHub API
MIT |  | org.kohsuke
»
github-api |
1.330 |
✔
|
HTTP Proxy
Apache 2.0 |  | org.littleshoot
»
littleproxy |
1.1.2 |
✔
|
Compression
Apache 2.0 |  | org.lz4
»
lz4-java |
1.8.0 |
✔
|
Mocking
MIT |  | org.mockito
»
mockito-junit-jupiter |
5.20.0 |
✔
|
Mocking
MIT | | org.mockito
»
mockito-core |
5.20.0 |
✔
|
O/R Mapping
Apache 2.0 |  | org.mybatis
»
mybatis |
3.5.19 |
✔
|
JDBC Driver
BSD 2-clause |  | org.postgresql
»
postgresql |
42.7.8 |
✔
|
Reflection
Apache 2.0 |  | org.reflections
»
reflections |
0.10.2 |
✔
|
Apache 2.0 |  | org.simpleframework
»
simple |
5.1.6 |
✔
|
Testing
Apache 2.0 |  | org.skyscreamer
»
jsonassert |
1.5.3 |
✔
|
Logging Bridge
MIT |  | org.slf4j
»
jul-to-slf4j |
2.0.17 |
✔
|
Logging Bridge
Apache 2.0 | | org.slf4j
»
log4j-over-slf4j |
2.0.17 |
✔
|
Logging
MIT | | org.slf4j
»
slf4j-api |
2.0.17 |
✔
|
Logging Bridge
Apache 2.0 | | org.slf4j
»
jcl-over-slf4j |
2.0.17 |
✔
|
LGPL 3.0 |  | org.sonarsource.api.plugin
»
sonar-plugin-api-test-fixtures |
13.3.0.3209 | 13.4.0.3221 |
LGPL 3.0 | | org.sonarsource.api.plugin
»
sonar-plugin-api |
13.3.0.3209 | 13.4.0.3221 |
LGPL 3.0 | | org.sonarsource.classloader
»
sonar-classloader |
1.1.0.1059 |
✔
|
Sonar Plugin
| | org.sonarsource.dotnet
»
sonar-csharp-plugin |
10.15.0.120848 |
✔
|
Sonar Plugin
| | org.sonarsource.dotnet
»
sonar-vbnet-plugin |
10.15.0.120848 |
✔
|
Sonar Plugin
| | org.sonarsource.flex
»
sonar-flex-plugin |
2.14.0.5032 |
✔
|
LGPL 3.0 | | org.sonarsource.git.blame
»
git-files-blame |
2.0.0.2053 |
✔
|
| | org.sonarsource.go
»
sonar-go-plugin |
1.29.0.4759 |
✔
|
Sonar Plugin
| | org.sonarsource.html
»
sonar-html-plugin |
3.20.0.6289 |
✔
|
| | org.sonarsource.iac
»
sonar-iac-plugin |
1.51.0.16714 | 2.1.0.17131 |
LGPL 3.0 | | org.sonarsource.jacoco
»
sonar-jacoco-plugin |
1.3.0.1538 |
✔
|
Sonar Plugin
| | org.sonarsource.java
»
sonar-java-plugin |
8.20.0.40630 |
✔
|
Sonar Plugin
| | org.sonarsource.java
»
sonar-java-symbolic-execution-plugin |
8.16.1.344 | 8.18.1.347 |
Sonar Plugin
| | org.sonarsource.javascript
»
sonar-javascript-plugin |
11.5.0.35357 | 11.6.0.36606 |
| | org.sonarsource.kotlin
»
sonar-kotlin-plugin |
3.3.0.7402 |
✔
|
LGPL 3.0 | | org.sonarsource.orchestrator
»
sonar-orchestrator-junit5 |
6.0.0.3852 |
✔
|
LGPL 3.0 | | org.sonarsource.orchestrator
»
sonar-orchestrator-junit4 |
6.0.0.3852 |
✔
|
| | org.sonarsource.php
»
sonar-php-plugin |
3.51.0.15001 |
✔
|
Sonar Plugin
LGPL 3.0 | | org.sonarsource.plugins.cayc
»
sonar-cayc-plugin |
2.5.0.2588 |
✔
|
Sonar Plugin
| | org.sonarsource.python
»
sonar-python-plugin |
5.12.0.26629 | 5.13.0.28429 |
| | org.sonarsource.rust
»
sonar-rust-plugin |
1.1.0.1088 |
✔
|
| | org.sonarsource.slang
»
sonar-ruby-plugin |
1.19.0.471 |
✔
|
| | org.sonarsource.slang
»
sonar-scala-plugin |
1.19.0.484 |
✔
|
LGPL 3.0 | | org.sonarsource.sonarqube
»
webapp-assets |
2025.6.0.30575 | 2025.6.0.32720 |
| | org.sonarsource.text
»
sonar-text-plugin |
2.31.0.8443 | 2.32.0.9670 |
LGPL 3.0 | | org.sonarsource.update-center
»
sonar-update-center-common |
1.35.0.2835 |
✔
|
Sonar Plugin
| | org.sonarsource.xml
»
sonar-xml-plugin |
2.13.0.5938 |
✔
|
Apache 2.0 |  | org.spdx
»
java-spdx-library |
2.0.1 |
✔
|
Apache 2.0 | | org.spdx
»
spdx-jackson-store |
2.0.3 |
✔
|
Apache 2.0 | | org.spdx
»
spdx-v3jsonld-store |
1.0.1 |
✔
|
Apache 2.0 |  | org.springdoc
»
springdoc-openapi-starter-webmvc-api |
2.8.13 | 2.8.14 |
Testing
Apache 2.0 |  | org.springframework
»
spring-test |
6.2.12 | 7.0.0 |
Web Framework
Apache 2.0 | | org.springframework
»
spring-webmvc |
6.2.12 | 7.0.0 |
Dep Injection
Apache 2.0 | | org.springframework
»
spring-context |
6.2.12 | 7.0.0 |
Apache 2.0 |  | org.springframework.security
»
spring-security-saml2-service-provider |
6.5.6 |
✔
|
Subversion Tool
|  | org.tmatesoft.svnkit
»
svnkit |
1.10.11 |
✔
|
Apache 2.0 |  | org.wiremock
»
wiremock-standalone |
3.13.1 | 3.13.2 |
Testing
Apache 2.0 |  | org.xmlunit
»
xmlunit-matchers |
2.10.4 | 2.11.0 |
Testing
Apache 2.0 | | org.xmlunit
»
xmlunit-core |
2.10.4 | 2.11.0 |
YAML
Apache 2.0 |  | org.yaml
»
snakeyaml |
2.5 |
✔
|
