Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 2.1.1
Report Generated On: Sep 19, 2017 at 14:40:50 +03:00
Dependencies Scanned: 6 (6 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD CVE 2002: 29/08/2017 10:32:43
NVD CVE 2003: 29/08/2017 10:31:01
NVD CVE 2004: 17/08/2017 10:29:57
NVD CVE 2005: 17/08/2017 10:28:58
NVD CVE 2006: 03/09/2017 10:26:27
NVD CVE 2007: 08/09/2017 10:27:55
NVD CVE 2008: 08/09/2017 10:25:36
NVD CVE 2009: 03/09/2017 10:23:51
NVD CVE 2010: 09/09/2017 10:23:22
NVD CVE 2011: 09/09/2017 10:20:15
NVD CVE 2012: 09/09/2017 10:16:00
NVD CVE 2013: 09/09/2017 10:13:28
NVD CVE 2014: 09/09/2017 10:10:50
NVD CVE 2015: 09/09/2017 10:07:57
NVD CVE 2016: 09/09/2017 10:05:15
NVD CVE 2017: 09/09/2017 10:02:05
NVD CVE Checked: 19/09/2017 13:05:57
NVD CVE Modified: 19/09/2017 09:02:59
VersionCheckOn: 1505312561821

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	CPE	GAV	CPE Confidence	Evidence Count
gson-2.8.1.jar		com.google.code.gson:gson:2.8.1 ✓		18
AptSpringAPI-1.1.0.jar	cpe:/a:id:id-software:1.1.0	com.salesforce.aptspring:AptSpringAPI:1.1.0	LOW	14
AptSpringModel-1.1.0.jar	cpe:/a:id:id-software:1.1.0	com.salesforce.aptspring:AptSpringModel:1.1.0	LOW	14
javapoet-1.9.0.jar		com.squareup:javapoet:1.9.0 ✓		16
jgrapht-core-1.0.1.jar		org.jgrapht:jgrapht-core:1.0.1 ✓		16
jgrapht-ext-1.0.1.jar		org.jgrapht:jgrapht-ext:1.0.1 ✓		16

Dependencies

gson-2.8.1.jar

Description: Gson JSON library

File Path: /Users/rex.hoffman/.m2/repository/com/google/code/gson/gson/2.8.1/gson-2.8.1.jar
MD5: 2c334d82c64b56ae59ea1bdcbb674303
SHA1: 02a8e0aa38a2e21cb39e2f5a7d6704cbdc941da0
Referenced In Projects/Scopes:

AptSpringProcessor:compile
AptSpringModel:compile

Evidence

Source	Name	Value
central	artifactid	gson
central	groupid	com.google.code.gson
central	version	2.8.1
file	name	gson
file	version	2.8.1
Manifest	bundle-contactaddress	https://github.com/google/gson
manifest	Bundle-Description	Gson JSON library
Manifest	Bundle-Name	Gson
Manifest	bundle-requiredexecutionenvironment	J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8
Manifest	bundle-symbolicname	com.google.gson
Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"
pom	artifactid	gson
pom	groupid	com.google.code.gson
pom	groupid	google.code.gson
pom	name	Gson
pom	parent-artifactid	gson-parent
pom	parent-groupid	com.google.code.gson
pom	version	2.8.1

Identifiers

maven: com.google.code.gson:gson:2.8.1 ✓ Confidence:HIGHEST

AptSpringAPI-1.1.0.jar

Description: This project contains one class, a marking annotation, @Verify, that indicates that the AptSpringProcessor should verify a spring graph. All checks are fully enumerated in @Verify's javadoc.

File Path: /Users/rex.hoffman/.m2/repository/com/salesforce/aptspring/AptSpringAPI/1.1.0/AptSpringAPI-1.1.0.jar
MD5: 23fc752ffc13b3d883cacedf9ba513dd
SHA1: db09f04491828b26f1f371648cefbb040b847d75
Referenced In Project/Scope: AptSpringProcessor:provided

Evidence

Source	Name	Value
file	name	AptSpringAPI
file	version	1.1.0
Manifest	Implementation-Title	AptSpringAPI
Manifest	Implementation-Vendor-Id	com.salesforce.aptspring
Manifest	Implementation-Version	1.1.0
Manifest	specification-title	AptSpringAPI
pom	artifactid	AptSpringAPI
pom	description	This project contains one class, a marking annotation, @Verify, that indicates that the AptSpringProcessor should verify a spring graph. All checks are fully enumerated in @Verify's javadoc.
pom	groupid	com.salesforce.aptspring
pom	groupid	salesforce.aptspring
pom	name	${project.artifactId}
pom	parent-artifactid	AptSpringParent
pom	parent-groupid	com.salesforce.aptspring
pom	version	1.1.0

Identifiers

maven: com.salesforce.aptspring:AptSpringAPI:1.1.0 Confidence:HIGH
cpe: cpe:/a:id:id-software:1.1.0 Confidence:LOW

AptSpringModel-1.1.0.jar

Description: This is the spring agnostic 'meat' of the project. It models and analyzes a graph of declarations of object (bean) definitions, as well as the graph of the objects (beans) themselves. This project should be reusable in CDI or any other DI/IoC annotation based system.

File Path: /Users/rex.hoffman/.m2/repository/com/salesforce/aptspring/AptSpringModel/1.1.0/AptSpringModel-1.1.0.jar
MD5: 1784c8a2c8d9c634c63ea14e5490175b
SHA1: 90588c70e43cefdf55e4948be5db374c1c657c74
Referenced In Project/Scope: AptSpringProcessor:compile

Evidence

Source	Name	Value
file	name	AptSpringModel
file	version	1.1.0
Manifest	Implementation-Title	AptSpringModel
Manifest	Implementation-Vendor-Id	com.salesforce.aptspring
Manifest	Implementation-Version	1.1.0
Manifest	specification-title	AptSpringModel
pom	artifactid	AptSpringModel
pom	description	This is the spring agnostic 'meat' of the project. It models and analyzes a graph of declarations of object (bean) definitions, as well as the graph of the objects (beans) themselves. This project should be reusable in CDI or any other DI/IoC annotation based system.
pom	groupid	com.salesforce.aptspring
pom	groupid	salesforce.aptspring
pom	name	${project.artifactId}
pom	parent-artifactid	AptSpringParent
pom	parent-groupid	com.salesforce.aptspring
pom	version	1.1.0

Identifiers

maven: com.salesforce.aptspring:AptSpringModel:1.1.0 Confidence:HIGH
cpe: cpe:/a:id:id-software:1.1.0 Confidence:LOW

javapoet-1.9.0.jar

Description: Use beautiful Java code to generate beautiful Java code.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Users/rex.hoffman/.m2/repository/com/squareup/javapoet/1.9.0/javapoet-1.9.0.jar
MD5: e92008edb0ea9929cb9d50f9801ccce8
SHA1: 00ecc5cf9c221d55481163e773b24336db149e51
Referenced In Projects/Scopes:

AptSpringProcessor:compile
AptSpringModel:compile

Evidence

Source	Name	Value
central	artifactid	javapoet
central	groupid	com.squareup
central	version	1.9.0
file	name	javapoet
file	version	1.9.0
jar	package name	javapoet
jar	package name	squareup
pom	artifactid	javapoet
pom	description	Use beautiful Java code to generate beautiful Java code.
pom	groupid	com.squareup
pom	groupid	squareup
pom	name	JavaPoet
pom	organization name	Square, Inc.
pom	organization url	http://squareup.com
pom	url	http://github.com/square/javapoet/
pom	version	1.9.0

Identifiers

maven: com.squareup:javapoet:1.9.0 ✓ Confidence:HIGHEST

jgrapht-core-1.0.1.jar

Description: A Java class library for graph-theory data structures and algorithms.

License:

GNU Lesser General Public License Version 2.1, February 1999: http://jgrapht.sourceforge.net/LGPL.html
Eclipse Public License (EPL) 1.0: http://www.eclipse.org/legal/epl-v10.html

File Path: /Users/rex.hoffman/.m2/repository/org/jgrapht/jgrapht-core/1.0.1/jgrapht-core-1.0.1.jar
MD5: b827590449da3085ce7cc39736e999af
SHA1: 9ecbb2734a9b16126a56bf6544cafba2767d0f44
Referenced In Projects/Scopes:

AptSpringProcessor:compile
AptSpringModel:compile

Evidence

Source	Name	Value
central	artifactid	jgrapht-core
central	groupid	org.jgrapht
central	version	1.0.1
file	name	jgrapht-core
file	version	1.0.1
manifest	Bundle-Description	A Java class library for graph-theory data structures and algorithms.
Manifest	Bundle-Name	JGraphT - Core
Manifest	bundle-symbolicname	org.jgrapht.core
Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"
pom	artifactid	jgrapht-core
pom	groupid	jgrapht
pom	groupid	org.jgrapht
pom	name	JGraphT - Core
pom	parent-artifactid	jgrapht
pom	parent-groupid	org.jgrapht
pom	version	1.0.1

Identifiers

maven: org.jgrapht:jgrapht-core:1.0.1 ✓ Confidence:HIGHEST

jgrapht-ext-1.0.1.jar

Description: A Java class library for graph-theory data structures and algorithms.

License:

GNU Lesser General Public License Version 2.1, February 1999: http://jgrapht.sourceforge.net/LGPL.html
Eclipse Public License (EPL) 1.0: http://www.eclipse.org/legal/epl-v10.html

File Path: /Users/rex.hoffman/.m2/repository/org/jgrapht/jgrapht-ext/1.0.1/jgrapht-ext-1.0.1.jar
MD5: 407260aa727b906138b712b175f808b0
SHA1: 9c0dbf85af4c72a67c158e85b8e2725bdb670a80
Referenced In Projects/Scopes:

AptSpringProcessor:compile
AptSpringModel:compile

Evidence

Source	Name	Value
central	artifactid	jgrapht-ext
central	groupid	org.jgrapht
central	version	1.0.1
file	name	jgrapht-ext
file	version	1.0.1
manifest	Bundle-Description	A Java class library for graph-theory data structures and algorithms.
Manifest	Bundle-Name	JGraphT - Ext
Manifest	bundle-symbolicname	org.jgrapht.ext
Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"
pom	artifactid	jgrapht-ext
pom	groupid	jgrapht
pom	groupid	org.jgrapht
pom	name	JGraphT - Ext
pom	parent-artifactid	jgrapht
pom	parent-groupid	org.jgrapht
pom	version	1.0.1

Identifiers

maven: org.jgrapht:jgrapht-ext:1.0.1 ✓ Confidence:HIGHEST

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: AptSpringParent

Dependencies

gson-2.8.1.jar

Evidence

Identifiers

AptSpringAPI-1.1.0.jar

Evidence

Identifiers

AptSpringModel-1.1.0.jar

Evidence

Identifiers

javapoet-1.9.0.jar

Evidence

Identifiers

jgrapht-core-1.0.1.jar

Evidence

Identifiers

jgrapht-ext-1.0.1.jar

Evidence

Identifiers