Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 5.2.4
Report Generated On: Tue, 26 Nov 2019 16:24:37 -0800
Dependencies Scanned: 8 (8 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD CVE Checked: 2019-11-26T16:24:28
NVD CVE Modified: 2019-11-26T15:07:26
VersionCheckOn: 2019-11-26T16:24:28

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Package	Evidence Count
gson-2.8.6.jar	pkg:maven/com.google.code.gson/gson@2.8.6	29
javapoet-1.11.1.jar	pkg:maven/com.squareup/javapoet@1.11.1	23
jgrapht-core-1.3.1.jar	pkg:maven/org.jgrapht/jgrapht-core@1.3.1	26
jheaps-0.10.jar	pkg:maven/org.jheaps/jheaps@0.10	19
jgrapht-ext-1.3.1.jar	pkg:maven/org.jgrapht/jgrapht-ext@1.3.1	27
jgraphx-3.9.8.1.jar	pkg:maven/com.github.vlsi.mxgraph/jgraphx@3.9.8.1	27
AptSpringAPI-2.0.7.jar	pkg:maven/com.salesforce.aptspring/AptSpringAPI@2.0.7	21
AptSpringModel-2.0.7.jar	pkg:maven/com.salesforce.aptspring/AptSpringModel@2.0.7	21

Dependencies

gson-2.8.6.jar

Description:

Gson JSON library

File Path: /Users/rex.hoffman/.m2/repository/com/google/code/gson/gson/2.8.6/gson-2.8.6.jar
MD5: 310f5841387183aca7900fead98d4858
SHA1: 9180733b7df8542621dc12e21e87557e8c99b8cb
SHA256:c8fb4839054d280b3033f800d1f5a97de2f028eb8ba2eb458ad287e536f3f25f
Referenced In Projects/Scopes:

AptSpringProcessor:compile
AptSpringModel:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	google.code.gson	Highest
Vendor	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Vendor	pom	groupid	com.google.code.gson	Highest
Vendor	Manifest	bundle-symbolicname	com.google.gson	Medium
Vendor	file	name	gson	High
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8	Low
Vendor	jar	package name	google	Highest
Vendor	pom	artifactid	gson	Low
Vendor	pom	parent-groupid	com.google.code.gson	Medium
Vendor	jar	package name	gson	Highest
Vendor	pom	name	Gson	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))"	Low
Vendor	pom	parent-artifactid	gson-parent	Low
Product	Manifest	Bundle-Name	Gson	Medium
Product	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Product	pom	groupid	google.code.gson	Low
Product	Manifest	bundle-symbolicname	com.google.gson	Medium
Product	file	name	gson	High
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5, JavaSE-1.6, JavaSE-1.7, JavaSE-1.8	Low
Product	pom	parent-artifactid	gson-parent	Medium
Product	jar	package name	google	Highest
Product	pom	artifactid	gson	Highest
Product	jar	package name	gson	Highest
Product	pom	parent-groupid	com.google.code.gson	Low
Product	pom	name	Gson	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=9.0))"	Low
Version	pom	version	2.8.6	Highest
Version	file	version	2.8.6	Highest
Version	Manifest	Bundle-Version	2.8.6	High

Identifiers

pkg:maven/com.google.code.gson/gson@2.8.6 (Confidence:High)

javapoet-1.11.1.jar

Description:

Use beautiful Java code to generate beautiful Java code.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Users/rex.hoffman/.m2/repository/com/squareup/javapoet/1.11.1/javapoet-1.11.1.jar
MD5: 88fd987568b1a8581eb3b77f611e4240
SHA1: 210e69f58dfa76c5529a303913b4a30c2bfeb76b
SHA256:9cbf2107be499ec6e95afd36b58e3ca122a24166cdd375732e51267d64058e90
Referenced In Projects/Scopes:

AptSpringProcessor:compile
AptSpringModel:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	squareup	Highest
Vendor	pom	name	JavaPoet	High
Vendor	pom	groupid	squareup	Highest
Vendor	pom	organization url	http://squareup.com	Medium
Vendor	jar	package name	javapoet	Highest
Vendor	pom	organization name	Square, Inc.	High
Vendor	pom	url	http://github.com/square/javapoet/	Highest
Vendor	Manifest	automatic-module-name	com.squareup.javapoet	Medium
Vendor	file	name	javapoet	High
Vendor	pom	groupid	com.squareup	Highest
Vendor	pom	artifactid	javapoet	Low
Product	jar	package name	squareup	Highest
Product	pom	organization url	http://squareup.com	Low
Product	pom	name	JavaPoet	High
Product	pom	groupid	squareup	Low
Product	jar	package name	javapoet	Highest
Product	pom	artifactid	javapoet	Highest
Product	Manifest	automatic-module-name	com.squareup.javapoet	Medium
Product	file	name	javapoet	High
Product	pom	organization name	Square, Inc.	Low
Product	pom	url	http://github.com/square/javapoet/	Medium
Version	file	version	1.11.1	Highest
Version	pom	version	1.11.1	Highest

Identifiers

pkg:maven/com.squareup/javapoet@1.11.1 (Confidence:High)

jgrapht-core-1.3.1.jar

Description:

A Java class library for graph-theory data structures and algorithms.

License:

GNU Lesser General Public License Version 2.1, February 1999: http://jgrapht.sourceforge.net/LGPL.html
Eclipse Public License (EPL) 2.0: http://www.eclipse.org/legal/epl-v20.html

File Path: /Users/rex.hoffman/.m2/repository/org/jgrapht/jgrapht-core/1.3.1/jgrapht-core-1.3.1.jar
MD5: ca4f38f464f7ceb542553af4117e0598
SHA1: 02a60359a72bea12c2336400408cebd0254b63be
SHA256:71dc44221c43ae89e59e42d024cce9d1dfaef844afb544ca1cdbf96a4bdf2736
Referenced In Projects/Scopes:

AptSpringProcessor:compile
AptSpringModel:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.jgrapht	Highest
Vendor	file	name	jgrapht-core	High
Vendor	pom	parent-groupid	org.jgrapht	Medium
Vendor	Manifest	bundle-symbolicname	org.jgrapht.core	Medium
Vendor	pom	groupid	jgrapht	Highest
Vendor	pom	artifactid	jgrapht-core	Low
Vendor	pom	name	JGraphT - Core	High
Vendor	Manifest	automatic-module-name	org.jgrapht.core	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	parent-artifactid	jgrapht	Low
Vendor	jar	package name	jgrapht	Highest
Product	jar	package name	graph	Highest
Product	file	name	jgrapht-core	High
Product	Manifest	automatic-module-name	org.jgrapht.core	Medium
Product	pom	parent-artifactid	jgrapht	Medium
Product	Manifest	Bundle-Name	JGraphT - Core	Medium
Product	jar	package name	jgrapht	Highest
Product	pom	groupid	jgrapht	Low
Product	pom	parent-groupid	org.jgrapht	Low
Product	Manifest	bundle-symbolicname	org.jgrapht.core	Medium
Product	pom	name	JGraphT - Core	High
Product	pom	artifactid	jgrapht-core	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Version	Manifest	Bundle-Version	1.3.1	High
Version	file	version	1.3.1	Highest
Version	pom	version	1.3.1	Highest

Identifiers

pkg:maven/org.jgrapht/jgrapht-core@1.3.1 (Confidence:High)

jheaps-0.10.jar

Description:

A free, production-ready, efficient Java library containing a collection of heap data-structures.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /Users/rex.hoffman/.m2/repository/org/jheaps/jheaps/0.10/jheaps-0.10.jar
MD5: bc6109d64453c1edb97f27d91e146dfb
SHA1: 4a85245d16284f555e94dd2a05b6de377f542e9a
SHA256:1c04ab9ed8bb649fe70baa9996dae58c987da87b91ee21b82db023d98b2af59f
Referenced In Projects/Scopes:

AptSpringProcessor:compile
AptSpringModel:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	automatic-module-name	org.jheaps	Medium
Vendor	file	name	jheaps	High
Vendor	pom	artifactid	jheaps	Low
Vendor	jar	package name	heap	Highest
Vendor	pom	name	JHeaps	High
Vendor	pom	groupid	org.jheaps	Highest
Vendor	pom	groupid	jheaps	Highest
Vendor	pom	url	http://www.jheaps.org	Highest
Vendor	jar	package name	jheaps	Highest
Product	Manifest	automatic-module-name	org.jheaps	Medium
Product	file	name	jheaps	High
Product	jar	package name	heap	Highest
Product	pom	url	http://www.jheaps.org	Medium
Product	pom	name	JHeaps	High
Product	pom	groupid	jheaps	Low
Product	jar	package name	jheaps	Highest
Product	pom	artifactid	jheaps	Highest
Version	file	version	0.10	Highest
Version	pom	version	0.10	Highest

Identifiers

pkg:maven/org.jheaps/jheaps@0.10 (Confidence:High)

jgrapht-ext-1.3.1.jar

Description:

A Java class library for graph-theory data structures and algorithms.

License:

GNU Lesser General Public License Version 2.1, February 1999: http://jgrapht.sourceforge.net/LGPL.html
Eclipse Public License (EPL) 2.0: http://www.eclipse.org/legal/epl-v20.html

File Path: /Users/rex.hoffman/.m2/repository/org/jgrapht/jgrapht-ext/1.3.1/jgrapht-ext-1.3.1.jar
MD5: 043747d320bd40ae6e078ab99476017f
SHA1: 29e8262c9bce3f978b608de538f2367ae9192eb8
SHA256:4ba151731c89833c6b9e0df5410d4852e48d618d961655af42a5af87a37a4000
Referenced In Projects/Scopes:

AptSpringProcessor:compile
AptSpringModel:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	JGraphT - Ext	High
Vendor	pom	parent-groupid	org.jgrapht	Medium
Vendor	pom	groupid	jgrapht	Highest
Vendor	pom	parent-artifactid	jgrapht	Low
Vendor	file	name	jgrapht-ext	High
Vendor	Manifest	automatic-module-name	org.jgrapht.ext	Medium
Vendor	jar	package name	jgrapht	Highest
Vendor	pom	groupid	org.jgrapht	Highest
Vendor	Manifest	bundle-symbolicname	org.jgrapht.ext	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	artifactid	jgrapht-ext	Low
Vendor	jar	package name	ext	Highest
Product	pom	name	JGraphT - Ext	High
Product	Manifest	Bundle-Name	JGraphT - Ext	Medium
Product	pom	parent-artifactid	jgrapht	Medium
Product	file	name	jgrapht-ext	High
Product	Manifest	automatic-module-name	org.jgrapht.ext	Medium
Product	jar	package name	jgrapht	Highest
Product	pom	groupid	jgrapht	Low
Product	pom	parent-groupid	org.jgrapht	Low
Product	Manifest	bundle-symbolicname	org.jgrapht.ext	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	jar	package name	ext	Highest
Product	pom	artifactid	jgrapht-ext	Highest
Version	Manifest	Bundle-Version	1.3.1	High
Version	file	version	1.3.1	Highest
Version	pom	version	1.3.1	Highest

Identifiers

pkg:maven/org.jgrapht/jgrapht-ext@1.3.1 (Confidence:High)

jgraphx-3.9.8.1.jar

Description:

JGraphX is a Java Swing diagramming (graph visualisation) library

License:

BSD: https://github.com/vlsi/jgraphx-publish/LICENSE

File Path: /Users/rex.hoffman/.m2/repository/com/github/vlsi/mxgraph/jgraphx/3.9.8.1/jgraphx-3.9.8.1.jar
MD5: bd65b3d94a7b44ace59bdb61aa207e52
SHA1: e10723d4811701cc7247dcf0fdac5e5b5daaba17
SHA256:91e270af2943f2a80ddff8155fe82e954af2ab5854a3c7020ad5a0baecaba6cc
Referenced In Projects/Scopes:

AptSpringProcessor:compile
AptSpringModel:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-docurl	https://github.com/vlsi/jgraphx-package	Low
Vendor	Manifest	automatic-module-name	com.github.vlsi.mxgraph.jgraphx	Medium
Vendor	file	name	jgraphx	High
Vendor	jar	package name	mxgraph	Highest
Vendor	jar	package name	swing	Highest
Vendor	Manifest	bundle-symbolicname	com.github.vlsi.mxgraph.jgraphx	Medium
Vendor	pom	name	jgraphx	High
Vendor	pom	artifactid	jgraphx	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))"	Low
Vendor	pom	groupid	github.vlsi.mxgraph	Highest
Vendor	pom	url	vlsi/jgraphx-publish	Highest
Vendor	pom	groupid	com.github.vlsi.mxgraph	Highest
Product	Manifest	bundle-docurl	https://github.com/vlsi/jgraphx-package	Low
Product	Manifest	automatic-module-name	com.github.vlsi.mxgraph.jgraphx	Medium
Product	Manifest	Bundle-Name	jgraphx	Medium
Product	file	name	jgraphx	High
Product	jar	package name	mxgraph	Highest
Product	jar	package name	swing	Highest
Product	pom	url	vlsi/jgraphx-publish	High
Product	Manifest	bundle-symbolicname	com.github.vlsi.mxgraph.jgraphx	Medium
Product	pom	groupid	github.vlsi.mxgraph	Low
Product	pom	name	jgraphx	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.5))"	Low
Product	pom	artifactid	jgraphx	Highest
Version	pom	version	3.9.8.1	Highest
Version	file	version	3.9.8.1	Highest
Version	Manifest	Bundle-Version	3.9.8.1	High

Identifiers

pkg:maven/com.github.vlsi.mxgraph/jgraphx@3.9.8.1 (Confidence:High)

AptSpringAPI-2.0.7.jar

Description:

      This project contains one class, a marking annotation, @Verify, that indicates that the AptSpringProcessor should
      verify a spring graph.   All checks are fully enumerated in @Verify's javadoc.

File Path: /Users/rex.hoffman/.m2/repository/com/salesforce/aptspring/AptSpringAPI/2.0.7/AptSpringAPI-2.0.7.jar
MD5: e4e6ff0ea0ea900e747317e08b02e332
SHA1: 719e76ddea22a1940c9e7c3ee40c391a206a9dee
SHA256:f8e7202da679bde45692a2ee74c3967c69de5bc7910aab5c244c9447048e5197
Referenced In Project/Scope:AptSpringProcessor:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	AptSpringAPI	High
Vendor	pom	artifactid	AptSpringAPI	Low
Vendor	pom	name	${project.artifactId}	High
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	groupid	com.salesforce.aptspring	Highest
Vendor	pom	groupid	salesforce.aptspring	Highest
Vendor	jar	package name	aptspring	Highest
Vendor	pom	parent-groupid	com.salesforce.aptspring	Medium
Vendor	jar	package name	salesforce	Highest
Vendor	pom	parent-artifactid	AptSpringParent	Low
Product	file	name	AptSpringAPI	High
Product	pom	name	${project.artifactId}	High
Product	pom	parent-artifactid	AptSpringParent	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	pom	parent-groupid	com.salesforce.aptspring	Low
Product	pom	groupid	salesforce.aptspring	Low
Product	jar	package name	aptspring	Highest
Product	jar	package name	salesforce	Highest
Product	pom	artifactid	AptSpringAPI	Highest
Version	file	version	2.0.7	Highest
Version	pom	version	2.0.7	Highest

Identifiers

pkg:maven/com.salesforce.aptspring/AptSpringAPI@2.0.7 (Confidence:High)

AptSpringModel-2.0.7.jar

Description:

      This is the spring agnostic 'meat' of the project.  It models and analyzes a graph of declarations of object (bean) 
      definitions, as well as the graph of the objects (beans) themselves.
      This project should be reusable in CDI or any other DI/IoC annotation based system.

File Path: /Users/rex.hoffman/.m2/repository/com/salesforce/aptspring/AptSpringModel/2.0.7/AptSpringModel-2.0.7.jar
MD5: 1599d6a1b5f090ead1cc2d77aa397f99
SHA1: 8cd69179843f1de642f96161f803f9942d4bb306
SHA256:ff39e6a0daf9f4eed1e401594b35358ea74e8d743693a9765a8e4efd884e600d
Referenced In Project/Scope:AptSpringProcessor:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	${project.artifactId}	High
Vendor	jar	package name	graph	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	groupid	com.salesforce.aptspring	Highest
Vendor	pom	groupid	salesforce.aptspring	Highest
Vendor	pom	parent-groupid	com.salesforce.aptspring	Medium
Vendor	file	name	AptSpringModel	High
Vendor	jar	package name	salesforce	Highest
Vendor	pom	artifactid	AptSpringModel	Low
Vendor	pom	parent-artifactid	AptSpringParent	Low
Product	pom	name	${project.artifactId}	High
Product	jar	package name	graph	Highest
Product	pom	parent-artifactid	AptSpringParent	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	pom	parent-groupid	com.salesforce.aptspring	Low
Product	pom	groupid	salesforce.aptspring	Low
Product	pom	artifactid	AptSpringModel	Highest
Product	file	name	AptSpringModel	High
Product	jar	package name	salesforce	Highest
Version	file	version	2.0.7	Highest
Version	pom	version	2.0.7	Highest

Identifiers

pkg:maven/com.salesforce.aptspring/AptSpringModel@2.0.7 (Confidence:High)

How to read the report | Suppressing false positives | Getting Help: github issues

Project: AptSpringParent

com.salesforce.aptspring:AptSpringParent:2.0.7

Summary

Dependencies

gson-2.8.6.jar

Evidence

Identifiers

javapoet-1.11.1.jar

Evidence

Identifiers

jgrapht-core-1.3.1.jar

Evidence

Identifiers

jheaps-0.10.jar

Evidence

Identifiers

jgrapht-ext-1.3.1.jar

Evidence

Identifiers

jgraphx-3.9.8.1.jar

Evidence

Identifiers

AptSpringAPI-2.0.7.jar

Evidence

Identifiers

AptSpringModel-2.0.7.jar

Evidence

Identifiers