Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all ):
dependency-check version : 11.1.1Report Generated On : Thu, 2 Jan 2025 01:30:05 GMTDependencies Scanned : 59 (39 unique)Vulnerable Dependencies : 1 Vulnerabilities Found : 2Vulnerabilities Suppressed : 0 ... NVD API Last Checked : 2025-01-02T01:18:14ZNVD API Last Modified : 2025-01-01T14:15:23ZSummary Display:
Showing Vulnerable Dependencies (click to show all) Description:
Byte Buddy is a Java library for creating Java classes at run time.
This artifact is a build of Byte Buddy with all ASM dependencies repackaged into its own name space.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy/1.15.11/byte-buddy-1.15.11.jar
MD5: 603bc53c7a294f23765bfb7e1820ad44
SHA1: f61886478e0f9ee4c21d09574736f0ff45e0a46c
SHA256: fa08998aae1e7bdae83bde0712c50e8444d71c0e0c196bb2247ade8d4ad0eb90
Referenced In Projects/Scopes: waffle-spring-boot3:compile waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile byte-buddy-1.15.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot3@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name byte-buddy High Vendor jar package name asm Highest Vendor jar package name build Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy Highest Vendor pom artifactid byte-buddy Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy (without dependencies) High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy High Product jar package name asm Highest Product jar package name build Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Byte Buddy (without dependencies) Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy Medium Product Manifest multi-release true Low Product pom artifactid byte-buddy Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy (without dependencies) High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.15.11 High Version Manifest Bundle-Version 1.15.11 High Version pom version 1.15.11 Highest
Description:
The Byte Buddy agent offers convenience for attaching an agent to the local or a remote VM. License:
https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar
MD5: 449a1534609bf3535d74cbb10b4ed074
SHA1: a38b16385e867f59a641330f0362ebe742788ed8
SHA256: 316d2c0795c2a4d4c4756f2e6f9349837c7430ac34e0477ead874d05f5cc19e5
Referenced In Projects/Scopes: waffle-spring-boot3:compile waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile byte-buddy-agent-1.15.11.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot3@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name byte-buddy-agent High Vendor jar package name agent Highest Vendor jar package name bytebuddy Highest Vendor jar package name net Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-symbolicname net.bytebuddy.byte-buddy-agent Medium Vendor Manifest can-redefine-classes true Low Vendor Manifest can-retransform-classes true Low Vendor Manifest can-set-native-method-prefix true Low Vendor Manifest multi-release true Low Vendor pom artifactid byte-buddy-agent Highest Vendor pom artifactid byte-buddy-agent Low Vendor pom groupid net.bytebuddy Highest Vendor pom name Byte Buddy agent High Vendor pom parent-artifactid byte-buddy-parent Low Product file name byte-buddy-agent High Product jar package name agent Highest Product jar package name bytebuddy Highest Product jar package name net Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest Bundle-Name Byte Buddy agent Medium Product Manifest bundle-symbolicname net.bytebuddy.byte-buddy-agent Medium Product Manifest can-redefine-classes true Low Product Manifest can-retransform-classes true Low Product Manifest can-set-native-method-prefix true Low Product Manifest multi-release true Low Product pom artifactid byte-buddy-agent Highest Product pom groupid net.bytebuddy Highest Product pom name Byte Buddy agent High Product pom parent-artifactid byte-buddy-parent Medium Version file version 1.15.11 High Version Manifest Bundle-Version 1.15.11 High Version pom version 1.15.11 Highest
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar/win32-x86-64/attach_hotspot_windows.dllMD5: 053a783e5777c6a9867c27d51af89677SHA1: 5ef4d98ae6a033a5707d0b5466e6138beb337e76SHA256: 16d424423f9b09accf132ad35dbeaa52ac9f6bd45bba1406b89df851f651db20Referenced In Projects/Scopes:
waffle-spring-boot3:compile waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile Evidence Type Source Name Value Confidence Vendor file name attach_hotspot_windows High Product file name attach_hotspot_windows High
File Path: /home/runner/.m2/repository/net/bytebuddy/byte-buddy-agent/1.15.11/byte-buddy-agent-1.15.11.jar/win32-x86/attach_hotspot_windows.dllMD5: fbca33102ac97be0ed496c0f78e466b3SHA1: c4df05146a86a6d073769bb697d550ef42518ed5SHA256: 810f94c4a2f5ca1a072c19859f7954fed9aa3a1dcb0d601e92d2338793202e72Referenced In Projects/Scopes:
waffle-spring-boot3:compile waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile Evidence Type Source Name Value Confidence Vendor file name attach_hotspot_windows High Product file name attach_hotspot_windows High
Description:
A high performance caching library License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/github/ben-manes/caffeine/caffeine/3.1.8/caffeine-3.1.8.jar
MD5: b19301179903e8781776397d9923f7c8
SHA1: 24795585df8afaf70a2cd534786904ea5889c047
SHA256: 7dd15f9df1be238ffaa367ce6f556737a88031de4294dad18eef57c474ddf1d3
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile caffeine-3.1.8.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name caffeine High Vendor jar package name benmanes Highest Vendor jar package name cache Highest Vendor jar package name caffeine Highest Vendor jar package name github Highest Vendor Manifest automatic-module-name com.github.benmanes.caffeine Medium Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Vendor pom artifactid caffeine Highest Vendor pom artifactid caffeine Low Vendor pom developer email ben.manes@gmail.com Low Vendor pom developer id ben-manes Medium Vendor pom developer name Ben Manes Medium Vendor pom groupid com.github.ben-manes.caffeine Highest Vendor pom name Caffeine cache High Vendor pom url ben-manes/caffeine Highest Product file name caffeine High Product jar package name benmanes Highest Product jar package name cache Highest Product jar package name caffeine Highest Product jar package name github Highest Product Manifest automatic-module-name com.github.benmanes.caffeine Medium Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name com.github.ben-manes.caffeine Medium Product Manifest bundle-symbolicname com.github.ben-manes.caffeine Medium Product Manifest Implementation-Title A high performance caching library High Product pom artifactid caffeine Highest Product pom developer email ben.manes@gmail.com Low Product pom developer id ben-manes Low Product pom developer name Ben Manes Low Product pom groupid com.github.ben-manes.caffeine Highest Product pom name Caffeine cache High Product pom url ben-manes/caffeine High Version file version 3.1.8 High Version Manifest Bundle-Version 3.1.8 High Version Manifest Implementation-Version 3.1.8 High Version pom version 3.1.8 Highest
Description:
checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework. License:
The MIT License: http://opensource.org/licenses/MIT File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.48.1/checker-qual-3.48.1.jar
MD5: 1594c16f661bec96488b56d4d5b56582
SHA1: 7d8cf1c00aec0042df92f8d71d7f15baaf9773f4
SHA256: 21e8dfe8103e125d96a329653ca81e87ac430326dbdbf299cea3dc1ae3f039a2
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile checker-qual-3.48.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.hazendaz.jmockit/jmockit@1.55.0 pkg:maven/com.github.hazendaz.jmockit/jmockit@1.55.0 Evidence Type Source Name Value Confidence Vendor file name checker-qual High Vendor jar package name checker Highest Vendor jar package name checkerframework Highest Vendor jar package name framework Highest Vendor jar package name qual Highest Vendor Manifest bundle-symbolicname checker-qual Medium Vendor Manifest implementation-url https://checkerframework.org Low Vendor pom artifactid checker-qual Highest Vendor pom artifactid checker-qual Low Vendor pom developer email mernst@cs.washington.edu Low Vendor pom developer email smillst@cs.washington.edu Low Vendor pom developer id mernst Medium Vendor pom developer id smillst Medium Vendor pom developer name Michael Ernst Medium Vendor pom developer name Suzanne Millstein Medium Vendor pom developer org University of Washington Medium Vendor pom developer org URL https://www.cs.washington.edu/ Medium Vendor pom groupid org.checkerframework Highest Vendor pom name Checker Qual High Vendor pom url https://checkerframework.org/ Highest Product file name checker-qual High Product jar package name checker Highest Product jar package name checkerframework Highest Product jar package name framework Highest Product jar package name qual Highest Product Manifest Bundle-Name checker-qual Medium Product Manifest bundle-symbolicname checker-qual Medium Product Manifest implementation-url https://checkerframework.org Low Product pom artifactid checker-qual Highest Product pom developer email mernst@cs.washington.edu Low Product pom developer email smillst@cs.washington.edu Low Product pom developer id mernst Low Product pom developer id smillst Low Product pom developer name Michael Ernst Low Product pom developer name Suzanne Millstein Low Product pom developer org University of Washington Low Product pom developer org URL https://www.cs.washington.edu/ Low Product pom groupid org.checkerframework Highest Product pom name Checker Qual High Product pom url https://checkerframework.org/ Medium Version file version 3.48.1 High Version Manifest Bundle-Version 3.48.1 High Version Manifest Implementation-Version 3.48.1 High Version pom version 3.48.1 Highest
Description:
WAFFLE JNA Jakarta Pakage implementation License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-jna-jakarta/pom.xml
Referenced In Projects/Scopes: waffle-spring-boot-starter3 waffle-spring-boot-autoconfigure3 com.github.waffle:waffle-jna-jakarta:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-jna-jakarta Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-jna-jakarta Highest Product project groupid com.github.waffle Low
Description:
Spring Boot Autoconfigure for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-boot3/waffle-spring-boot-autoconfigure3/pom.xml
Referenced In Project/Scope: waffle-spring-boot-starter3
com.github.waffle:waffle-spring-boot-autoconfigure3:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-spring-boot-autoconfigure3 Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-spring-boot-autoconfigure3 Highest Product project groupid com.github.waffle Low
Description:
Spring Security 6 integration for WAFFLE License:
MIT https://raw.github.com/Waffle/waffle/master/LICENSE File Path: /home/runner/work/waffle/waffle/Source/JNA/waffle-spring-security6/pom.xml
Referenced In Projects/Scopes: waffle-spring-boot-starter3 waffle-spring-boot-autoconfigure3 com.github.waffle:waffle-spring-security6:3.5.2-SNAPSHOT is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name pom High Vendor project artifactid waffle-spring-security6 Low Vendor project groupid com.github.waffle Highest Product file name pom High Product project artifactid waffle-spring-security6 Highest Product project groupid com.github.waffle Low
Description:
Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time. License:
Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
MD5: 0e48e5ba2cd0a8d8d09bad849b99f6a6
SHA1: 227d4d4957ccc3dc5761bd897e3a0ee587e750a7
SHA256: 77440e270b0bc9a249903c5a076c36a722c4886ca4f42675f2903a1c53ed61a5
Referenced In Projects/Scopes: waffle-spring-boot-starter3:provided waffle-spring-boot3:provided waffle-spring-boot-autoconfigure3:provided error_prone_annotations-2.36.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot3@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name error_prone_annotations High Vendor jar package name annotations Highest Vendor jar package name errorprone Highest Vendor jar package name google Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-docurl https://errorprone.info/error_prone_annotations Low Vendor Manifest bundle-symbolicname com.google.errorprone.annotations Medium Vendor Manifest multi-release true Low Vendor pom artifactid error_prone_annotations Highest Vendor pom artifactid error_prone_annotations Low Vendor pom groupid com.google.errorprone Highest Vendor pom name error-prone annotations High Vendor pom parent-artifactid error_prone_parent Low Product file name error_prone_annotations High Product jar package name annotations Highest Product jar package name errorprone Highest Product jar package name google Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-docurl https://errorprone.info/error_prone_annotations Low Product Manifest Bundle-Name error-prone annotations Medium Product Manifest bundle-symbolicname com.google.errorprone.annotations Medium Product Manifest multi-release true Low Product pom artifactid error_prone_annotations Highest Product pom groupid com.google.errorprone Highest Product pom name error-prone annotations High Product pom parent-artifactid error_prone_parent Medium Version file version 2.36.0 High Version Manifest Bundle-Version 2.36.0 High Version pom version 2.36.0 Highest
Description:
A set of annotations that provide additional information to the J2ObjC
translator to modify the result of translation.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/3.0.0/j2objc-annotations-3.0.0.jar
MD5: f59529b29202a5baf37f491ea5ec8627
SHA1: 7399e65dd7e9ff3404f4535b2f017093bdb134c7
SHA256: 88241573467ddca44ffd4d74aa04c2bbfd11bf7c17e0c342c94c9de7a70a7c64
Referenced In Projects/Scopes: waffle-spring-boot-starter3:provided waffle-spring-boot3:provided waffle-spring-boot-autoconfigure3:provided j2objc-annotations-3.0.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot3@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name j2objc-annotations High Vendor jar package name annotations Highest Vendor jar package name google Highest Vendor jar package name j2objc Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest multi-release true Low Vendor pom artifactid j2objc-annotations Highest Vendor pom artifactid j2objc-annotations Low Vendor pom developer email tball@google.com Low Vendor pom developer id tomball Medium Vendor pom developer name Tom Ball Medium Vendor pom developer org Google Medium Vendor pom developer org URL https://www.google.com Medium Vendor pom groupid com.google.j2objc Highest Vendor pom name J2ObjC Annotations High Vendor pom url google/j2objc/ Highest Product file name j2objc-annotations High Product jar package name annotations Highest Product jar package name google Highest Product jar package name j2objc Highest Product Manifest build-jdk-spec 11 Low Product Manifest multi-release true Low Product pom artifactid j2objc-annotations Highest Product pom developer email tball@google.com Low Product pom developer id tomball Low Product pom developer name Tom Ball Low Product pom developer org Google Low Product pom developer org URL https://www.google.com Low Product pom groupid com.google.j2objc Highest Product pom name J2ObjC Annotations High Product pom url google/j2objc/ High Version file version 3.0.0 High Version pom version 3.0.0 Highest
Description:
Core Jackson processing abstractions (aka Streaming API), implementation for JSON License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.18.2/jackson-core-2.18.2.jar
MD5: bf935e6eca3a57defa13918661905cb0
SHA1: fb64ccac5c27dca8819418eb4e443a9f496d9ee7
SHA256: d8054ae7c0d1c2d2f55d28e46026ebe5892881f3fab5f439233184381c3b4a1f
Referenced In Project/Scope: waffle-spring-boot-autoconfigure3:compile
jackson-core-2.18.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1
Evidence Type Source Name Value Confidence Vendor file name jackson-core High Vendor jar package name base Highest Vendor jar package name com Highest Vendor jar package name core Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor jar package name json Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-core Highest Vendor pom artifactid jackson-core Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name Jackson-core High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson-core Highest Product file name jackson-core High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name base Highest Product jar package name com Highest Product jar package name core Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product jar package name json Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson-core Low Product Manifest Bundle-Name Jackson-core Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-core Medium Product Manifest Implementation-Title Jackson-core High Product Manifest multi-release true Low Product Manifest specification-title Jackson-core Medium Product pom artifactid jackson-core Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name Jackson-core High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson-core High Version file version 2.18.2 High Version Manifest Bundle-Version 2.18.2 High Version Manifest Implementation-Version 2.18.2 High Version pom version 2.18.2 Highest
Related Dependencies jackson-annotations-2.18.2.jarFile Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.18.2/jackson-annotations-2.18.2.jar MD5: 79d38d3c51068a2bbc40268d02f80763 SHA1: 985d77751ebc7fce5db115a986bc9aa82f973f4a SHA256: 581bd61000ef7648943f781ca05689e56d03f6052748365a8e2b3a9b5d3fa32f pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.18.2 jackson-datatype-jdk8-2.18.2.jarFile Path: /home/runner/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jdk8/2.18.2/jackson-datatype-jdk8-2.18.2.jar MD5: 54d2dc0c44a7188884e8f22fddd947f6 SHA1: 9ed6d538ebcc66864e114a7040953dce6ab6ea53 SHA256: f30d77f5826b9e9813342e84ab412095ed4ed5cf4fef6f93cebb848cb0fd0294 pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.18.2 jackson-datatype-jsr310-2.18.2.jarFile Path: /home/runner/.m2/repository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.18.2/jackson-datatype-jsr310-2.18.2.jar MD5: aaf3adb28aa9de74b3bb87118f93113f SHA1: 7b6ff96adf421f4c6edbd694e797dd8fe434510a SHA256: e2d202d4606e23aeaf8a5a9632db06f5fefd5b63d251c3f503f9faaa78530e5c pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.18.2 jackson-module-parameter-names-2.18.2.jar Description:
General data-binding functionality for Jackson: works on core streaming API License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.18.2/jackson-databind-2.18.2.jar
MD5: 1b56887bcd3eaea1ff710eb673e610b0
SHA1: deef8697b92141fb6caf7aa86966cff4eec9b04f
SHA256: 4b364e6850dc89172fcf1d4dd26b8ff5488eda44ff4657e22dd265203dd5ab3c
Referenced In Project/Scope: waffle-spring-boot-autoconfigure3:compile
jackson-databind-2.18.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1
Evidence Type Source Name Value Confidence Vendor file name jackson-databind High Vendor jar package name databind Highest Vendor jar package name fasterxml Highest Vendor jar package name jackson Highest Vendor Manifest build-jdk-spec 1.8 Low Vendor Manifest bundle-docurl https://github.com/FasterXML/jackson Low Vendor Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Vendor Manifest Implementation-Vendor FasterXML High Vendor Manifest Implementation-Vendor-Id com.fasterxml.jackson.core Medium Vendor Manifest multi-release true Low Vendor Manifest specification-vendor FasterXML Low Vendor pom artifactid jackson-databind Highest Vendor pom artifactid jackson-databind Low Vendor pom groupid com.fasterxml.jackson.core Highest Vendor pom name jackson-databind High Vendor pom parent-artifactid jackson-base Low Vendor pom parent-groupid com.fasterxml.jackson Medium Vendor pom url FasterXML/jackson Highest Product file name jackson-databind High Product hint analyzer product java8 Highest Product hint analyzer product modules Highest Product jar package name databind Highest Product jar package name fasterxml Highest Product jar package name jackson Highest Product Manifest build-jdk-spec 1.8 Low Product Manifest bundle-docurl https://github.com/FasterXML/jackson Low Product Manifest Bundle-Name jackson-databind Medium Product Manifest bundle-symbolicname com.fasterxml.jackson.core.jackson-databind Medium Product Manifest Implementation-Title jackson-databind High Product Manifest multi-release true Low Product Manifest specification-title jackson-databind Medium Product pom artifactid jackson-databind Highest Product pom groupid com.fasterxml.jackson.core Highest Product pom name jackson-databind High Product pom parent-artifactid jackson-base Medium Product pom parent-groupid com.fasterxml.jackson Medium Product pom url FasterXML/jackson High Version file version 2.18.2 High Version Manifest Bundle-Version 2.18.2 High Version Manifest Implementation-Version 2.18.2 High Version pom version 2.18.2 Highest
Description:
Jakarta Annotations API License:
EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/2.1.1/jakarta.annotation-api-2.1.1.jar
MD5: 5dac2f68e8288d0add4dc92cb161711d
SHA1: 48b9bda22b091b1f48b13af03fe36db3be6e1ae3
SHA256: 5f65fdaf424eee2b55e1d882ba9bb376be93fb09b37b808be6e22e8851c909fe
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile jakarta.annotation-api-2.1.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1 pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1 Evidence Type Source Name Value Confidence Vendor file name jakarta.annotation-api High Vendor jar package name annotation Highest Vendor jar package name jakarta Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-docurl https://www.eclipse.org Low Vendor Manifest bundle-symbolicname jakarta.annotation-api Medium Vendor Manifest extension-name jakarta.annotation Medium Vendor Manifest Implementation-Vendor Eclipse Foundation High Vendor Manifest Implementation-Vendor-Id org.glassfish Medium Vendor Manifest specification-vendor Eclipse Foundation Low Vendor pom artifactid jakarta.annotation-api Highest Vendor pom artifactid jakarta.annotation-api Low Vendor pom developer name Dmitry Kornilov Medium Vendor pom developer name Linda De Michiel Medium Vendor pom developer org Oracle Corp. Medium Vendor pom groupid jakarta.annotation Highest Vendor pom name Jakarta Annotations API High Vendor pom parent-artifactid project Low Vendor pom parent-groupid org.eclipse.ee4j Medium Vendor pom url https://projects.eclipse.org/projects/ee4j.ca Highest Product file name jakarta.annotation-api High Product jar package name annotation Highest Product jar package name jakarta Highest Product Manifest build-jdk-spec 11 Low Product Manifest bundle-docurl https://www.eclipse.org Low Product Manifest Bundle-Name Jakarta Annotations API Medium Product Manifest bundle-symbolicname jakarta.annotation-api Medium Product Manifest extension-name jakarta.annotation Medium Product pom artifactid jakarta.annotation-api Highest Product pom developer name Dmitry Kornilov Low Product pom developer name Linda De Michiel Low Product pom developer org Oracle Corp. Low Product pom groupid jakarta.annotation Highest Product pom name Jakarta Annotations API High Product pom parent-artifactid project Medium Product pom parent-groupid org.eclipse.ee4j Medium Product pom url https://projects.eclipse.org/projects/ee4j.ca Medium Version file version 2.1.1 High Version Manifest Bundle-Version 2.1.1 High Version Manifest Implementation-Version 2.1.1 High Version pom parent-version 2.1.1 Low Version pom version 2.1.1 Highest
Description:
Java Native Access License:
LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar
MD5: accc2e2b8676434a87f4f73fb4d90b44
SHA1: ebea09f91dc9f7048099f963fb8d6f919f0a4d9c
SHA256: 3f5233589a799eb66dc2969afa3433fb56859d3d787c58b9bc7dd9e86f0a250c
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile jna-5.16.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jna High Vendor jar package name jna Highest Vendor jar package name native Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name com.sun.jna Medium Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-category jni Low Vendor Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/linux-riscv64/libjnidispatch.so; processor=riscv64;osname=linux, com/sun/jna/dragonflybsd-x86-64/libjnidispatch.so; processor=x86-64;osname=dragonflybsd, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/freebsd-aarch64/libjnidispatch.so; processor=aarch64;osname=freebsd, com/sun/jna/freebsd-ppc64le/libjnidispatch.so; processor=ppc64le;osname=freebsd, com/sun/jna/freebsd-ppc64/libjnidispatch.so; processor=ppc64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 Low Vendor Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Vendor Manifest bundle-symbolicname com.sun.jna Medium Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest specification-vendor JNA Development Team Low Vendor pom artifactid jna Highest Vendor pom artifactid jna Low Vendor pom developer email mblaesing@doppel-helix.eu Low Vendor pom developer id twall Medium Vendor pom developer name Matthias Bläsing Medium Vendor pom developer name Timothy Wall Medium Vendor pom groupid net.java.dev.jna Highest Vendor pom name Java Native Access High Vendor pom url java-native-access/jna Highest Product file name jna High Product jar package name jna Highest Product jar package name library Highest Product jar package name native Highest Product jar package name sun Highest Product jar package name win32 Highest Product Manifest automatic-module-name com.sun.jna Medium Product Manifest bundle-activationpolicy lazy Low Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna Medium Product Manifest bundle-nativecode com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win32, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win32, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win32, com/sun/jna/win32-x86/jnidispatch.dll; processor=x86;osname=win, com/sun/jna/win32-x86-64/jnidispatch.dll; processor=x86-64;osname=win, com/sun/jna/win32-aarch64/jnidispatch.dll; processor=aarch64;osname=win, com/sun/jna/w32ce-arm/jnidispatch.dll; processor=arm;osname=wince, com/sun/jna/sunos-x86/libjnidispatch.so; processor=x86;osname=sunos, com/sun/jna/sunos-x86-64/libjnidispatch.so; processor=x86-64;osname=sunos, com/sun/jna/sunos-sparc/libjnidispatch.so; processor=sparc;osname=sunos, com/sun/jna/sunos-sparcv9/libjnidispatch.so; processor=sparcv9;osname=sunos, com/sun/jna/aix-ppc/libjnidispatch.a; processor=ppc;osname=aix, com/sun/jna/aix-ppc64/libjnidispatch.a; processor=ppc64;osname=aix, com/sun/jna/linux-ppc/libjnidispatch.so; processor=ppc;osname=linux, com/sun/jna/linux-ppc64/libjnidispatch.so; processor=ppc64;osname=linux, com/sun/jna/linux-ppc64le/libjnidispatch.so; processor=ppc64le;osname=linux, com/sun/jna/linux-x86/libjnidispatch.so; processor=x86;osname=linux, com/sun/jna/linux-x86-64/libjnidispatch.so; processor=x86-64;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm;osname=linux, com/sun/jna/linux-arm/libjnidispatch.so; processor=arm_le;osname=linux, com/sun/jna/linux-armel/libjnidispatch.so; processor=armel;osname=linux, com/sun/jna/linux-aarch64/libjnidispatch.so; processor=aarch64;osname=linux, com/sun/jna/linux-ia64/libjnidispatch.so; processor=ia64;osname=linux, com/sun/jna/linux-sparcv9/libjnidispatch.so; processor=sparcv9;osname=linux, com/sun/jna/linux-mips64el/libjnidispatch.so; processor=mips64el;osname=linux, com/sun/jna/linux-s390x/libjnidispatch.so; processor=S390x;osname=linux, com/sun/jna/linux-loongarch64/libjnidispatch.so; processor=loongarch64;osname=linux, com/sun/jna/linux-riscv64/libjnidispatch.so; processor=riscv64;osname=linux, com/sun/jna/dragonflybsd-x86-64/libjnidispatch.so; processor=x86-64;osname=dragonflybsd, com/sun/jna/freebsd-x86/libjnidispatch.so; processor=x86;osname=freebsd, com/sun/jna/freebsd-x86-64/libjnidispatch.so; processor=x86-64;osname=freebsd, com/sun/jna/freebsd-aarch64/libjnidispatch.so; processor=aarch64;osname=freebsd, com/sun/jna/freebsd-ppc64le/libjnidispatch.so; processor=ppc64le;osname=freebsd, com/sun/jna/freebsd-ppc64/libjnidispatch.so; processor=ppc64;osname=freebsd, com/sun/jna/openbsd-x86/libjnidispatch.so; processor=x86;osname=openbsd, com/sun/jna/openbsd-x86-64/libjnidispatch.so; processor=x86-64;osname=openbsd, com/sun/jna/darwin-ppc/libjnidispatch.jnilib; osname=macosx;processor=ppc, com/sun/jna/darwin-ppc64/libjnidispatch.jnilib; osname=macosx;processor=ppc64, com/sun/jna/darwin-x86/libjnidispatch.jnilib; osname=macosx;processor=x86, com/sun/jna/darwin-x86-64/libjnidispatch.jnilib; osname=macosx;processor=x86-64, com/sun/jna/darwin-aarch64/libjnidispatch.jnilib; osname=macosx;processor=aarch64 Low Product Manifest bundle-requiredexecutionenvironment JavaSE-1.6 Low Product Manifest bundle-symbolicname com.sun.jna Medium Product Manifest Implementation-Title com.sun.jna High Product Manifest specification-title Java Native Access (JNA) Medium Product pom artifactid jna Highest Product pom developer email mblaesing@doppel-helix.eu Low Product pom developer id twall Low Product pom developer name Matthias Bläsing Low Product pom developer name Timothy Wall Low Product pom groupid net.java.dev.jna Highest Product pom name Java Native Access High Product pom url java-native-access/jna High Version file version 5.16.0 High Version Manifest Bundle-Version 5.16.0 High Version pom version 5.16.0 Highest
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-aarch64/jnidispatch.dllMD5: 302945a811fd8e21bcdd5226c73b6f74SHA1: 6b05e299ff2b3eb3b7b7aeac44263f715693607cSHA256: b8f98be314234cf12b5b46c29652f70c0f6abb93ae19b63d3fe2692062aa699dReferenced In Projects/Scopes:
waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-x86-64/jnidispatch.dllMD5: 2d2475f1f026dd54e9f3e787ae4f81daSHA1: 27ff882ac271db547aee520b38e3ba9aa91e136cSHA256: 5a7ff949f6d93d86491eb5b26b1cfc60051168a60622650224b89995ac420023Referenced In Projects/Scopes:
waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
File Path: /home/runner/.m2/repository/net/java/dev/jna/jna/5.16.0/jna-5.16.0.jar/com/sun/jna/win32-x86/jnidispatch.dllMD5: 0caa1ef75a807f9dde05084fa2219a5cSHA1: 2f5e1cd82cde192905c7510ce99037b67d980640SHA256: 752d597cee7e95cb517327146bf42f124c0d6c0bc48b3ecc3b1b3b0531a52f44Referenced In Projects/Scopes:
waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile Evidence Type Source Name Value Confidence Vendor file name jnidispatch High Product file name jnidispatch High
Description:
Java Native Access Platform License:
LGPL-2.1-or-later: https://www.gnu.org/licenses/old-licenses/lgpl-2.1
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/net/java/dev/jna/jna-platform/5.16.0/jna-platform-5.16.0.jar
MD5: 12ba6b7a7752ecf0a5baed725f3192c2
SHA1: b2a9065f97c166893d504b164706512338e3bbc2
SHA256: e5a79523964509757555782bb60283e4902611013f107e4600dc93298f73f382
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile jna-platform-5.16.0.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name jna-platform High Vendor jar package name jna Highest Vendor jar package name platform Highest Vendor jar package name sun Highest Vendor jar (hint) package name oracle Highest Vendor Manifest automatic-module-name com.sun.jna.platform Medium Vendor Manifest bundle-category jni Low Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Vendor Manifest bundle-symbolicname com.sun.jna.platform Medium Vendor Manifest Implementation-Vendor JNA Development Team High Vendor Manifest require-bundle com.sun.jna;bundle-version="5.16.0" Low Vendor Manifest specification-vendor JNA Development Team Low Vendor pom artifactid jna-platform Highest Vendor pom artifactid jna-platform Low Vendor pom developer email mblaesing@doppel-helix.eu Low Vendor pom developer id twall Medium Vendor pom developer name Matthias Bläsing Medium Vendor pom developer name Timothy Wall Medium Vendor pom groupid net.java.dev.jna Highest Vendor pom name Java Native Access Platform High Vendor pom url java-native-access/jna Highest Product file name jna-platform High Product jar package name jna Highest Product jar package name platform Highest Product jar package name sun Highest Product Manifest automatic-module-name com.sun.jna.platform Medium Product Manifest bundle-category jni Low Product Manifest Bundle-Name jna-platform Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.4 Low Product Manifest bundle-symbolicname com.sun.jna.platform Medium Product Manifest Implementation-Title com.sun.jna High Product Manifest require-bundle com.sun.jna;bundle-version="5.16.0" Low Product Manifest specification-title Java Native Access (JNA) Medium Product pom artifactid jna-platform Highest Product pom developer email mblaesing@doppel-helix.eu Low Product pom developer id twall Low Product pom developer name Matthias Bläsing Low Product pom developer name Timothy Wall Low Product pom groupid net.java.dev.jna Highest Product pom name Java Native Access Platform High Product pom url java-native-access/jna High Version file version 5.16.0 High Version Manifest Bundle-Version 5.16.0 High Version pom version 5.16.0 Highest
Description:
JSR305 Annotations for Findbugs License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256: 766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Projects/Scopes: waffle-spring-boot-starter3:provided waffle-spring-boot3:provided waffle-spring-boot-autoconfigure3:provided jsr305-3.0.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6 pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6 Evidence Type Source Name Value Confidence Vendor file name jsr305 High Vendor Manifest bundle-symbolicname org.jsr-305 Medium Vendor pom artifactid jsr305 Highest Vendor pom artifactid jsr305 Low Vendor pom groupid com.google.code.findbugs Highest Vendor pom name FindBugs-jsr305 High Vendor pom url http://findbugs.sourceforge.net/ Highest Product file name jsr305 High Product Manifest Bundle-Name FindBugs-jsr305 Medium Product Manifest bundle-symbolicname org.jsr-305 Medium Product pom artifactid jsr305 Highest Product pom groupid com.google.code.findbugs Highest Product pom name FindBugs-jsr305 High Product pom url http://findbugs.sourceforge.net/ Medium Version file version 3.0.2 High Version Manifest Bundle-Version 3.0.2 High Version pom version 3.0.2 Highest
Description:
JUL to SLF4J bridge License:
http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.m2/repository/org/slf4j/jul-to-slf4j/2.0.16/jul-to-slf4j-2.0.16.jar
MD5: 410ad2f2230e0150216d86e12a4af995
SHA1: 6d57da3e961daac65bcca0dd3def6cd11e48a24a
SHA256: 0f2ec396ea29c9a440890d1f09fdb82fdd574b47b298435764235451c193861d
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile jul-to-slf4j-2.0.16.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1 pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1 Evidence Type Source Name Value Confidence Vendor file name jul-to-slf4j High Vendor jar package name bridge Highest Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname jul.to.slf4j Medium Vendor Manifest multi-release true Low Vendor pom artifactid jul-to-slf4j Highest Vendor pom artifactid jul-to-slf4j Low Vendor pom groupid org.slf4j Highest Vendor pom name JUL to SLF4J bridge High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name jul-to-slf4j High Product jar package name bridge Highest Product jar package name slf4j Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name JUL to SLF4J bridge Medium Product Manifest bundle-symbolicname jul.to.slf4j Medium Product Manifest Implementation-Title jul-to-slf4j High Product Manifest multi-release true Low Product pom artifactid jul-to-slf4j Highest Product pom groupid org.slf4j Highest Product pom name JUL to SLF4J bridge High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.16 High Version Manifest Bundle-Version 2.0.16 High Version Manifest Implementation-Version 2.0.16 High Version pom version 2.0.16 Highest
Description:
The logging API of the Log4j project.
Library and application code can log through this API.
It contains a simple built-in implementation (`SimpleLogger`) for trivial use cases.
Production applications are recommended to use Log4j API in combination with a fully-fledged implementation, such as Log4j Core. License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-api/2.24.3/log4j-api-2.24.3.jar
MD5: d89516699543c5c21be87ee1760695f3
SHA1: b02c125db8b6d295adf72ae6e71af5d83bce2370
SHA256: 5b4a0a0cd0e751ded431c162442bdbdd53328d1f8bb2bae5fc1bbeee0f66d80f
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile log4j-api-2.24.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1 pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1 Evidence Type Source Name Value Confidence Vendor file name log4j-api High Vendor jar package name apache Highest Vendor jar package name log4j Highest Vendor jar package name logging Highest Vendor jar package name org Highest Vendor jar package name simple Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release true Low Vendor Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.util.PropertySource";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.EnvironmentPropertySource",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.SystemPropertiesPropertySource" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-api Highest Vendor pom artifactid log4j-api Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Apache Log4j API High Vendor pom parent-artifactid log4j Low Product file name log4j-api High Product jar package name apache Highest Product jar package name log4j Highest Product jar package name logging Highest Product jar package name org Highest Product jar package name simple Highest Product jar package name util Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-activationpolicy lazy Low Product Manifest Bundle-Name Apache Log4j API Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.api Medium Product Manifest Implementation-Title Apache Log4j API High Product Manifest multi-release true Low Product Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.util.PropertySource";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.EnvironmentPropertySource",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.SystemPropertiesPropertySource" Low Product Manifest specification-title Apache Log4j API Medium Product pom artifactid log4j-api Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Apache Log4j API High Product pom parent-artifactid log4j Medium Version file version 2.24.3 High Version Manifest Bundle-Version 2.24.3 High Version Manifest Implementation-Version 2.24.3 High Version pom version 2.24.3 Highest
Description:
Forwards the Log4j API calls to SLF4J.
(Refer to the `log4j-slf4j[2]-impl` artifacts for forwarding SLF4J to the Log4j API.) License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.24.3/log4j-to-slf4j-2.24.3.jar
MD5: 1f4b63f9c41f2f5179aa10b35d76e805
SHA1: da1143e2a2531ee1c2d90baa98eb50a28a39d5a7
SHA256: c7f2b0c612a4eb05b1587d1c880eb4cf5f4f53850676a8ede8da2b8fabb4f73f
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile log4j-to-slf4j-2.24.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1 pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1 Evidence Type Source Name Value Confidence Vendor file name log4j-to-slf4j High Vendor jar package name apache Highest Vendor jar package name logging Highest Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 17 Low Vendor Manifest bundle-activationpolicy lazy Low Vendor Manifest bundle-symbolicname org.apache.logging.log4j.to.slf4j Medium Vendor Manifest Implementation-Vendor The Apache Software Foundation High Vendor Manifest multi-release false Low Vendor Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.slf4j.SLF4JProvider" Low Vendor Manifest specification-vendor The Apache Software Foundation Low Vendor pom artifactid log4j-to-slf4j Highest Vendor pom artifactid log4j-to-slf4j Low Vendor pom groupid org.apache.logging.log4j Highest Vendor pom name Log4j API to SLF4J Adapter High Vendor pom parent-artifactid log4j Low Product file name log4j-to-slf4j High Product jar package name apache Highest Product jar package name logging Highest Product jar package name slf4j Highest Product jar package name slf4jprovider Highest Product Manifest build-jdk-spec 17 Low Product Manifest bundle-activationpolicy lazy Low Product Manifest Bundle-Name Log4j API to SLF4J Adapter Medium Product Manifest bundle-symbolicname org.apache.logging.log4j.to.slf4j Medium Product Manifest Implementation-Title Log4j API to SLF4J Adapter High Product Manifest multi-release false Low Product Manifest provide-capability osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.slf4j.SLF4JProvider" Low Product Manifest specification-title Log4j API to SLF4J Adapter Medium Product pom artifactid log4j-to-slf4j Highest Product pom groupid org.apache.logging.log4j Highest Product pom name Log4j API to SLF4J Adapter High Product pom parent-artifactid log4j Medium Version file version 2.24.3 High Version Manifest Bundle-Version 2.24.3 High Version Manifest Implementation-Version 2.24.3 High Version pom version 2.24.3 Highest
Description:
logback-classic module License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html File Path: /home/runner/.m2/repository/ch/qos/logback/logback-classic/1.5.12/logback-classic-1.5.12.jar
MD5: 5f752b29e5cf40b79a5bedef12cee8c3
SHA1: 3790d1a62e868f7915776dfb392bd9a29ce8d954
SHA256: ebe1a2ce1072b365090d58af40fcb7482d7864a31cd2b1c62c9b1d13f9a80c09
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile logback-classic-1.5.12.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1 pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1 Evidence Type Source Name Value Confidence Vendor file name logback-classic High Vendor jar package name ch Highest Vendor jar package name classic Highest Vendor jar package name logback Highest Vendor jar package name qos Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.qos.ch Low Vendor Manifest bundle-symbolicname ch.qos.logback.classic Medium Vendor Manifest Implementation-Vendor QOS.ch High Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.8 Low Vendor Manifest provide-capability osgi.service;objectClass:List="jakarta.servlet.ServletContainerInitializer";effective:=active,osgi.service;objectClass:List="org.slf4j.spi.SLF4JServiceProvider";effective:=active,osgi.serviceloader;osgi.serviceloader="jakarta.servlet.ServletContainerInitializer";register:="ch.qos.logback.classic.servlet.LogbackServletContainerInitializer",osgi.serviceloader;osgi.serviceloader="org.slf4j.spi.SLF4JServiceProvider";register:="ch.qos.logback.classic.spi.LogbackServiceProvider" Low Vendor Manifest specification-vendor QOS.ch Low Vendor pom artifactid logback-classic Highest Vendor pom artifactid logback-classic Low Vendor pom groupid ch.qos.logback Highest Vendor pom name Logback Classic Module High Vendor pom parent-artifactid logback-parent Low Product file name logback-classic High Product jar package name ch Highest Product jar package name classic Highest Product jar package name logback Highest Product jar package name qos Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.qos.ch Low Product Manifest Bundle-Name Logback Classic Module Medium Product Manifest bundle-symbolicname ch.qos.logback.classic Medium Product Manifest Implementation-Title Logback Classic Module High Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.8 Low Product Manifest provide-capability osgi.service;objectClass:List="jakarta.servlet.ServletContainerInitializer";effective:=active,osgi.service;objectClass:List="org.slf4j.spi.SLF4JServiceProvider";effective:=active,osgi.serviceloader;osgi.serviceloader="jakarta.servlet.ServletContainerInitializer";register:="ch.qos.logback.classic.servlet.LogbackServletContainerInitializer",osgi.serviceloader;osgi.serviceloader="org.slf4j.spi.SLF4JServiceProvider";register:="ch.qos.logback.classic.spi.LogbackServiceProvider" Low Product Manifest specification-title Logback Classic Module Medium Product pom artifactid logback-classic Highest Product pom groupid ch.qos.logback Highest Product pom name Logback Classic Module High Product pom parent-artifactid logback-parent Medium Version file version 1.5.12 High Version Manifest Bundle-Version 1.5.12 High Version Manifest Implementation-Version 1.5.12 High Version pom version 1.5.12 Highest
Description:
logback-core module License:
http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.5.12/logback-core-1.5.12.jar
MD5: e381425e2c7eb1b0b0f3fa93f6c67355
SHA1: 65b1fa25fe8d8e4bdc140e79eb67ac6741f775e2
SHA256: 3f35b41621c2cbf72a9d9f3ce2270ba2040e4808bd6befdd720866e926d3e84a
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile logback-core-1.5.12.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1 pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1 Evidence Type Source Name Value Confidence Vendor file name logback-core High Vendor jar package name ch Highest Vendor jar package name core Highest Vendor jar package name logback Highest Vendor jar package name qos Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.qos.ch Low Vendor Manifest bundle-symbolicname ch.qos.logback.core Medium Vendor Manifest Implementation-Vendor QOS.ch High Vendor Manifest multi-release true Low Vendor Manifest originally-created-by Apache Maven Bundle Plugin 5.1.8 Low Vendor Manifest specification-vendor QOS.ch Low Vendor pom artifactid logback-core Highest Vendor pom artifactid logback-core Low Vendor pom groupid ch.qos.logback Highest Vendor pom name Logback Core Module High Vendor pom parent-artifactid logback-parent Low Product file name logback-core High Product jar package name 21 Highest Product jar package name ch Highest Product jar package name core Highest Product jar package name logback Highest Product jar package name qos Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.qos.ch Low Product Manifest Bundle-Name Logback Core Module Medium Product Manifest bundle-symbolicname ch.qos.logback.core Medium Product Manifest Implementation-Title Logback Core Module High Product Manifest multi-release true Low Product Manifest originally-created-by Apache Maven Bundle Plugin 5.1.8 Low Product Manifest specification-title Logback Core Module Medium Product pom artifactid logback-core Highest Product pom groupid ch.qos.logback Highest Product pom name Logback Core Module High Product pom parent-artifactid logback-parent Medium Version file version 1.5.12 High Version Manifest Bundle-Version 1.5.12 High Version Manifest Implementation-Version 1.5.12 High Version pom version 1.5.12 Highest
CVE-2024-12798 (OSSINDEX)suppress
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core
upto and including version 1.5.12 in Java applications allows
attacker to execute arbitrary code by compromising an existing
logback configuration file or by injecting an environment variable
before program execution.
Malicious logback configuration files can allow the attacker to execute
arbitrary code using the JaninoEventEvaluator extension.
A successful attack requires the user to have write access to a
configuration file. Alternatively, the attacker could inject a malicious
environment variable pointing to a malicious configuration file. In both
cases, the attack requires existing privilege. CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVSSv2:
Base Score: MEDIUM (5.900000095367432) Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:ch.qos.logback:logback-core:1.5.12:*:*:*:*:*:*:* CVE-2024-12801 (OSSINDEX)suppress
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to
forge requests by compromising logback configuration files in XML.
The attacks involves the modification of DOCTYPE declaration in XML configuration files.
Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-12801 for details CWE-918 Server-Side Request Forgery (SSRF)
CVSSv2:
Base Score: LOW (2.4000000953674316) Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:L/SC:H/SI:H/SA:H References:
Vulnerable Software & Versions (OSSINDEX):
cpe:2.3:a:ch.qos.logback:logback-core:1.5.12:*:*:*:*:*:*:* Description:
Module containing common code License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/micrometer/micrometer-commons/1.14.2/micrometer-commons-1.14.2.jar
MD5: 534f518acc64c3bd5a9de436130f407b
SHA1: 69c454dbec59c7842cf59a534b7ec03618d75b91
SHA256: d1ff22870b51a59a1d3047580a99c703b165e01ae933c06b713ec9a1826cc753
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile micrometer-commons-1.14.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name micrometer-commons High Vendor jar package name common Highest Vendor jar package name io Highest Vendor jar package name micrometer Highest Vendor Manifest automatic-module-name micrometer.commons Medium Vendor Manifest branch HEAD Low Vendor Manifest build-date 2024-12-10_10:18:33 Low Vendor Manifest build-date-utc 2024-12-10T10:18:33.878998962Z Low Vendor Manifest build-host 183180b9f3cd Low Vendor Manifest build-job deploy Low Vendor Manifest build-number 40141 Low Vendor Manifest build-timezone Etc/UTC Low Vendor Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/40141 Low Vendor Manifest built-os Linux Low Vendor Manifest built-status release Low Vendor Manifest bundle-symbolicname micrometer-commons Medium Vendor Manifest change 4f534a7 Low Vendor Manifest full-change 4f534a77397d189e204a6a087fac3462d832dabf Low Vendor Manifest module-email tludwig@vmware.com Low Vendor Manifest module-origin micrometer-metrics/micrometer.git Low Vendor Manifest module-owner tludwig@vmware.com Low Vendor Manifest module-source /micrometer-commons Low Vendor pom artifactid micrometer-commons Highest Vendor pom artifactid micrometer-commons Low Vendor pom developer email tludwig@vmware.com Low Vendor pom developer id shakuzen Medium Vendor pom developer name Tommy Ludwig Medium Vendor pom groupid io.micrometer Highest Vendor pom name micrometer-commons High Vendor pom url micrometer-metrics/micrometer Highest Product file name micrometer-commons High Product jar package name common Highest Product jar package name io Highest Product jar package name micrometer Highest Product Manifest automatic-module-name micrometer.commons Medium Product Manifest branch HEAD Low Product Manifest build-date 2024-12-10_10:18:33 Low Product Manifest build-date-utc 2024-12-10T10:18:33.878998962Z Low Product Manifest build-host 183180b9f3cd Low Product Manifest build-job deploy Low Product Manifest build-number 40141 Low Product Manifest build-timezone Etc/UTC Low Product Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/40141 Low Product Manifest built-os Linux Low Product Manifest built-status release Low Product Manifest Bundle-Name micrometer-commons Medium Product Manifest bundle-symbolicname micrometer-commons Medium Product Manifest change 4f534a7 Low Product Manifest full-change 4f534a77397d189e204a6a087fac3462d832dabf Low Product Manifest Implementation-Title io.micrometer#micrometer-commons;1.14.2 High Product Manifest module-email tludwig@vmware.com Low Product Manifest module-origin micrometer-metrics/micrometer.git Low Product Manifest module-owner tludwig@vmware.com Low Product Manifest module-source /micrometer-commons Low Product pom artifactid micrometer-commons Highest Product pom developer email tludwig@vmware.com Low Product pom developer id shakuzen Low Product pom developer name Tommy Ludwig Low Product pom groupid io.micrometer Highest Product pom name micrometer-commons High Product pom url micrometer-metrics/micrometer High Version file version 1.14.2 High Version Manifest Bundle-Version 1.14.2 High Version Manifest Implementation-Version 1.14.2 High Version pom version 1.14.2 Highest
Description:
Module containing Observation related code License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/io/micrometer/micrometer-observation/1.14.2/micrometer-observation-1.14.2.jar
MD5: b8dcb10fa3bdd5ca79dd8763102abdc4
SHA1: a9cad29cc04c0f7e30e3e58b454d4cd47ccc54bd
SHA256: 7c639c9a028327f362360c3246e50613f8e120031575ceb557b2ba5feac917aa
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile micrometer-observation-1.14.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name micrometer-observation High Vendor jar package name io Highest Vendor jar package name micrometer Highest Vendor jar package name observation Highest Vendor Manifest automatic-module-name micrometer.observation Medium Vendor Manifest branch HEAD Low Vendor Manifest build-date 2024-12-10_10:18:34 Low Vendor Manifest build-date-utc 2024-12-10T10:18:34.344374015Z Low Vendor Manifest build-host 183180b9f3cd Low Vendor Manifest build-job deploy Low Vendor Manifest build-number 40141 Low Vendor Manifest build-timezone Etc/UTC Low Vendor Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/40141 Low Vendor Manifest built-os Linux Low Vendor Manifest built-status release Low Vendor Manifest bundle-symbolicname micrometer-observation Medium Vendor Manifest change 4f534a7 Low Vendor Manifest full-change 4f534a77397d189e204a6a087fac3462d832dabf Low Vendor Manifest module-email tludwig@vmware.com Low Vendor Manifest module-origin micrometer-metrics/micrometer.git Low Vendor Manifest module-owner tludwig@vmware.com Low Vendor Manifest module-source /micrometer-observation Low Vendor pom artifactid micrometer-observation Highest Vendor pom artifactid micrometer-observation Low Vendor pom developer email tludwig@vmware.com Low Vendor pom developer id shakuzen Medium Vendor pom developer name Tommy Ludwig Medium Vendor pom groupid io.micrometer Highest Vendor pom name micrometer-observation High Vendor pom url micrometer-metrics/micrometer Highest Product file name micrometer-observation High Product jar package name io Highest Product jar package name micrometer Highest Product jar package name observation Highest Product Manifest automatic-module-name micrometer.observation Medium Product Manifest branch HEAD Low Product Manifest build-date 2024-12-10_10:18:34 Low Product Manifest build-date-utc 2024-12-10T10:18:34.344374015Z Low Product Manifest build-host 183180b9f3cd Low Product Manifest build-job deploy Low Product Manifest build-number 40141 Low Product Manifest build-timezone Etc/UTC Low Product Manifest build-url https://circleci.com/gh/micrometer-metrics/micrometer/40141 Low Product Manifest built-os Linux Low Product Manifest built-status release Low Product Manifest Bundle-Name micrometer-observation Medium Product Manifest bundle-symbolicname micrometer-observation Medium Product Manifest change 4f534a7 Low Product Manifest full-change 4f534a77397d189e204a6a087fac3462d832dabf Low Product Manifest Implementation-Title io.micrometer#micrometer-observation;1.14.2 High Product Manifest module-email tludwig@vmware.com Low Product Manifest module-origin micrometer-metrics/micrometer.git Low Product Manifest module-owner tludwig@vmware.com Low Product Manifest module-source /micrometer-observation Low Product pom artifactid micrometer-observation Highest Product pom developer email tludwig@vmware.com Low Product pom developer id shakuzen Low Product pom developer name Tommy Ludwig Low Product pom groupid io.micrometer Highest Product pom name micrometer-observation High Product pom url micrometer-metrics/micrometer High Version file version 1.14.2 High Version Manifest Bundle-Version 1.14.2 High Version Manifest Implementation-Version 1.14.2 High Version pom version 1.14.2 Highest
Description:
The slf4j API License:
http://www.opensource.org/licenses/mit-license.php File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.16/slf4j-api-2.0.16.jar
MD5: c8de8f5d740584cb24b5652cfba8b3c4
SHA1: 0172931663a09a1fa515567af5fbef00897d3c04
SHA256: a12578dde1ba00bd9b816d388a0b879928d00bab3c83c240f7013bf4196c579a
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile slf4j-api-2.0.16.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.slf4j/slf4j-simple@2.0.16 pkg:maven/org.slf4j/slf4j-simple@2.0.16 Evidence Type Source Name Value Confidence Vendor file name slf4j-api High Vendor jar package name slf4j Highest Vendor Manifest build-jdk-spec 21 Low Vendor Manifest bundle-docurl http://www.slf4j.org Low Vendor Manifest bundle-symbolicname slf4j.api Medium Vendor Manifest multi-release true Low Vendor pom artifactid slf4j-api Highest Vendor pom artifactid slf4j-api Low Vendor pom groupid org.slf4j Highest Vendor pom name SLF4J API Module High Vendor pom parent-artifactid slf4j-parent Low Vendor pom url http://www.slf4j.org Highest Product file name slf4j-api High Product jar package name slf4j Highest Product Manifest build-jdk-spec 21 Low Product Manifest bundle-docurl http://www.slf4j.org Low Product Manifest Bundle-Name SLF4J API Module Medium Product Manifest bundle-symbolicname slf4j.api Medium Product Manifest Implementation-Title slf4j-api High Product Manifest multi-release true Low Product pom artifactid slf4j-api Highest Product pom groupid org.slf4j Highest Product pom name SLF4J API Module High Product pom parent-artifactid slf4j-parent Medium Product pom url http://www.slf4j.org Medium Version file version 2.0.16 High Version Manifest Bundle-Version 2.0.16 High Version Manifest Implementation-Version 2.0.16 High Version pom version 2.0.16 Highest
Description:
YAML 1.1 parser and emitter for Java License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/yaml/snakeyaml/2.3/snakeyaml-2.3.jar
MD5: 2a1c2ee8923dcd6bd6d025751af5df37
SHA1: 936b36210e27320f920536f695cf1af210c44586
SHA256: 63a76fe66b652360bd4c2c107e6f0258daa7d4bb492008ba8c26fcd230ff9146
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile snakeyaml-2.3.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1 pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1 Evidence Type Source Name Value Confidence Vendor file name snakeyaml High Vendor jar package name emitter Highest Vendor jar package name org Highest Vendor jar package name parser Highest Vendor jar package name snakeyaml Highest Vendor jar package name yaml Highest Vendor Manifest build-jdk-spec 11 Low Vendor Manifest bundle-symbolicname org.yaml.snakeyaml Medium Vendor Manifest multi-release true Low Vendor pom artifactid snakeyaml Highest Vendor pom artifactid snakeyaml Low Vendor pom developer email alexander.maslov@gmail.com Low Vendor pom developer email public.somov@gmail.com Low Vendor pom developer id asomov Medium Vendor pom developer id maslovalex Medium Vendor pom developer name Alexander Maslov Medium Vendor pom developer name Andrey Somov Medium Vendor pom groupid org.yaml Highest Vendor pom name SnakeYAML High Vendor pom url https://bitbucket.org/snakeyaml/snakeyaml Highest Product file name snakeyaml High Product jar package name emitter Highest Product jar package name org Highest Product jar package name parser Highest Product jar package name snakeyaml Highest Product jar package name yaml Highest Product Manifest build-jdk-spec 11 Low Product Manifest Bundle-Name SnakeYAML Medium Product Manifest bundle-symbolicname org.yaml.snakeyaml Medium Product Manifest multi-release true Low Product pom artifactid snakeyaml Highest Product pom developer email alexander.maslov@gmail.com Low Product pom developer email public.somov@gmail.com Low Product pom developer id asomov Low Product pom developer id maslovalex Low Product pom developer name Alexander Maslov Low Product pom developer name Andrey Somov Low Product pom groupid org.yaml Highest Product pom name SnakeYAML High Product pom url https://bitbucket.org/snakeyaml/snakeyaml Medium Version file version 2.3 High Version pom version 2.3 Highest
Description:
Annotations the SpotBugs tool supports License:
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.8.6/spotbugs-annotations-4.8.6.jar
MD5: 0806b237c67c69869506ce3ced9a722f
SHA1: 1dcffed3e561ed32134a0dff4717f19bc2fdf4d8
SHA256: 4548b74a815ed44f5480ca4f06204a8b00809dc7e5f6a825a9edf18f40377b65
Referenced In Projects/Scopes: waffle-spring-boot-starter3:provided waffle-spring-boot3:provided waffle-spring-boot-autoconfigure3:provided spotbugs-annotations-4.8.6.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot3@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-starter3@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spotbugs-annotations High Vendor Manifest automatic-module-name com.github.spotbugs.annotations Medium Vendor Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Vendor Manifest bundle-symbolicname spotbugs-annotations Medium Vendor pom artifactid spotbugs-annotations Highest Vendor pom artifactid spotbugs-annotations Low Vendor pom developer email andreas.sewe@codetrails.com Low Vendor pom developer email dbrosius@mebigfatguy.com Low Vendor pom developer email loskutov@gmx.de Low Vendor pom developer email skypencil@gmail.com Low Vendor pom developer id henrik242 Medium Vendor pom developer id iloveeclipse Medium Vendor pom developer id jsotuyod Medium Vendor pom developer id KengoTODA Medium Vendor pom developer id mebigfatguy Medium Vendor pom developer id sewe Medium Vendor pom developer id ThrawnCA Medium Vendor pom developer name Andreas Sewe Medium Vendor pom developer name Andrey Loskutov Medium Vendor pom developer name Dave Brosius Medium Vendor pom developer name Juan Martín Sotuyo Dodero Medium Vendor pom developer name Kengo TODA Medium Vendor pom groupid com.github.spotbugs Highest Vendor pom name SpotBugs Annotations High Vendor pom url https://spotbugs.github.io/ Highest Product file name spotbugs-annotations High Product Manifest automatic-module-name com.github.spotbugs.annotations Medium Product Manifest Bundle-Name spotbugs-annotations Medium Product Manifest bundle-requiredexecutionenvironment J2SE-1.5 Low Product Manifest bundle-symbolicname spotbugs-annotations Medium Product pom artifactid spotbugs-annotations Highest Product pom developer email andreas.sewe@codetrails.com Low Product pom developer email dbrosius@mebigfatguy.com Low Product pom developer email loskutov@gmx.de Low Product pom developer email skypencil@gmail.com Low Product pom developer id henrik242 Low Product pom developer id iloveeclipse Low Product pom developer id jsotuyod Low Product pom developer id KengoTODA Low Product pom developer id mebigfatguy Low Product pom developer id sewe Low Product pom developer id ThrawnCA Low Product pom developer name Andreas Sewe Low Product pom developer name Andrey Loskutov Low Product pom developer name Dave Brosius Low Product pom developer name Juan Martín Sotuyo Dodero Low Product pom developer name Kengo TODA Low Product pom groupid com.github.spotbugs Highest Product pom name SpotBugs Annotations High Product pom url https://spotbugs.github.io/ Medium Version file version 4.8.6 High Version Manifest Bundle-Version 4.8.6 High Version pom version 4.8.6 Highest
Description:
Spring Boot License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot/3.4.1/spring-boot-3.4.1.jar
MD5: 4f7d4f6624312c1ae78bb8a1dd208c80
SHA1: 5fb9890a5eb7c4e86c8f5c0f6960b79240daf3d5
SHA256: 3dffc999ac8eee6b51e8eb9a73c9f29f2a28b7f0f359d45b89aea486268190fa
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile spring-boot-3.4.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-boot High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name boot Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.boot Medium Vendor Manifest build-jdk-spec 17 Low Vendor pom artifactid spring-boot Highest Vendor pom artifactid spring-boot Low Vendor pom developer email ask@spring.io Low Vendor pom developer name Spring Medium Vendor pom developer org VMware, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.boot Highest Vendor pom name spring-boot High Vendor pom organization name VMware, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-boot Highest Product file name spring-boot High Product jar package name boot Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.boot Medium Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Spring Boot High Product pom artifactid spring-boot Highest Product pom developer email ask@spring.io Low Product pom developer name Spring Low Product pom developer org VMware, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.boot Highest Product pom name spring-boot High Product pom organization name VMware, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-boot Medium Version file version 3.4.1 High Version Manifest Implementation-Version 3.4.1 High Version pom version 3.4.1 Highest
Related Dependencies spring-boot-autoconfigure-3.4.1.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/3.4.1/spring-boot-autoconfigure-3.4.1.jar MD5: 6e083185619b2dd1fe6dd0b60147f599 SHA1: f17b54cc5816ec8f06d0aca9df11c330ead97f2a SHA256: dc68c9d977455fb23232cf0771a9079b9e44e246acdc62d872d8acd45edf4783 pkg:maven/org.springframework.boot/spring-boot-autoconfigure@3.4.1 spring-boot-configuration-processor-3.4.1.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-configuration-processor/3.4.1/spring-boot-configuration-processor-3.4.1.jar MD5: dc5b9794eadaa126e8570cfd1be64d67 SHA1: 8dfcdae21f559be9c8a4d6d515e77cfd1d9c06a8 SHA256: 0289610f8fa60105ebfced1a306590170e1b385805adb24e8bab707e3545ce93 pkg:maven/org.springframework.boot/spring-boot-configuration-processor@3.4.1 spring-boot-starter-3.4.1.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter/3.4.1/spring-boot-starter-3.4.1.jar MD5: 56b53e331476cb78cd719666f96dbf4b SHA1: 2c97b6fdc451ea69cd04dcfa54980439b7c7cb34 SHA256: e095d43127dbc507f49119d43b7cecb0977257855d5eed989f3905acc897d9cb pkg:maven/org.springframework.boot/spring-boot-starter@3.4.1 spring-boot-starter-json-3.4.1.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-json/3.4.1/spring-boot-starter-json-3.4.1.jar MD5: 6566e30fe7f10446c43ade44fd722622 SHA1: c1d084f65d8d9f2de9daccab47c4f452fb0464de SHA256: 9ed29b5fa76d96f3a6f0756cb91ff7def2d795736d275a540c1e18fa9ea7b460 pkg:maven/org.springframework.boot/spring-boot-starter-json@3.4.1 spring-boot-starter-logging-3.4.1.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-logging/3.4.1/spring-boot-starter-logging-3.4.1.jar MD5: aff6dc47456162415ad41396be9904bf SHA1: 5cd01e208b15113c7f88b3ea40e843ea9989f38a SHA256: 3a2b5aa454fa876e08273c8437d340aa24518f774e1c2f2bf8b5970259f2e604 pkg:maven/org.springframework.boot/spring-boot-starter-logging@3.4.1 spring-boot-starter-security-3.4.1.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-security/3.4.1/spring-boot-starter-security-3.4.1.jar MD5: 7f1fdb5543d9b7691e496efdb3b8a9ac SHA1: 6a82a9f484d265c73a203d551b614cd8bdde5825 SHA256: 12a88f1f25949f88d13328f7960d4b42a2a71556b8b9d114e85df1d3ccab37c6 pkg:maven/org.springframework.boot/spring-boot-starter-security@3.4.1 spring-boot-starter-tomcat-3.4.1.jarFile Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-tomcat/3.4.1/spring-boot-starter-tomcat-3.4.1.jar MD5: db03a88193f0ae195d0ffe4ccf9ee534 SHA1: ac4bb51582c57cfb0d2beb102a76fe1a4d8b8b21 SHA256: 7b64ce41136c44a3e81b0d49770ca57076173c4cf024421ee58da707a41f024a pkg:maven/org.springframework.boot/spring-boot-starter-tomcat@3.4.1 Description:
Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/boot/spring-boot-starter-web/3.4.1/spring-boot-starter-web-3.4.1.jar
MD5: 6bb883295af01365da52b519b931e1f9
SHA1: ff7227fc62338e0f6eba3f9f94c12eb952d4da95
SHA256: 2a8d7c6079209b47f50b2901794988a1cd152aad59f06bd4c31e202ef908937f
Referenced In Project/Scope: waffle-spring-boot-autoconfigure3:compile
spring-boot-starter-web-3.4.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-boot-autoconfigure3@3.5.2-SNAPSHOT
Evidence Type Source Name Value Confidence Vendor file name spring-boot-starter-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor Manifest automatic-module-name spring.boot.starter.web Medium Vendor Manifest build-jdk-spec 17 Low Vendor Manifest spring-boot-jar-type dependencies-starter Low Vendor pom artifactid spring-boot-starter-web Highest Vendor pom artifactid spring-boot-starter-web Low Vendor pom developer email ask@spring.io Low Vendor pom developer name Spring Medium Vendor pom developer org VMware, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.boot Highest Vendor pom name spring-boot-starter-web High Vendor pom organization name VMware, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-boot Highest Product file name spring-boot-starter-web High Product Manifest automatic-module-name spring.boot.starter.web Medium Product Manifest build-jdk-spec 17 Low Product Manifest Implementation-Title Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container High Product Manifest spring-boot-jar-type dependencies-starter Low Product pom artifactid spring-boot-starter-web Highest Product pom developer email ask@spring.io Low Product pom developer name Spring Low Product pom developer org VMware, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.boot Highest Product pom name spring-boot-starter-web High Product pom organization name VMware, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-boot Medium Version file version 3.4.1 High Version Manifest Implementation-Version 3.4.1 High Version pom version 3.4.1 Highest
Description:
Spring Core License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/spring-core/6.2.1/spring-core-6.2.1.jar
MD5: 394df39af63d06af987c5629c15c3154
SHA1: f42e6b51d9c0c2fcf95df9e5848470d173adc9af
SHA256: 67f0e17811dc8d5d6c3aed5540afaee02c83e3a8b3f9abbc510d4d95db5cc226
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile spring-core-6.2.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name io Highest Vendor jar package name org Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.core Medium Vendor Manifest multi-release true Low Vendor pom artifactid spring-core Highest Vendor pom artifactid spring-core Low Vendor pom developer email juergen.hoeller@broadcom.com Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Core High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-core High Product hint analyzer product springsource_spring_framework Highest Product jar package name core Highest Product jar package name io Highest Product jar package name org Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.core Medium Product Manifest Implementation-Title spring-core High Product Manifest multi-release true Low Product pom artifactid spring-core Highest Product pom developer email juergen.hoeller@broadcom.com Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Core High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 6.2.1 High Version Manifest Implementation-Version 6.2.1 High Version pom version 6.2.1 Highest
Related Dependencies spring-aop-6.2.1.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-aop/6.2.1/spring-aop-6.2.1.jar MD5: ebfcdfe96624e5a3de3d0d6522c8593a SHA1: a9384de38fc00751084446ba014a0c4962240244 SHA256: a9cb0dddec1312c1cc6bc6a1762ad880f0e8b2a82ea2243b91abf2ac9debb86b pkg:maven/org.springframework/spring-aop@6.2.1 spring-beans-6.2.1.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-beans/6.2.1/spring-beans-6.2.1.jar MD5: 8478f819bdba583b002b45fcfc44c7fb SHA1: ab57ec03ba6900075bf28e3cd70ccce173205b8d SHA256: 3afc928c036bc557b650df75ae33ccdd440bc48f9184d19b463df0d2ea74c509 pkg:maven/org.springframework/spring-beans@6.2.1 spring-context-6.2.1.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-context/6.2.1/spring-context-6.2.1.jar MD5: 6c650372cd5aef72f5cd4eea1194ef60 SHA1: f56c7431b03860bfdb016e68f484c5c35531ef2e SHA256: 226617237451b420f5742517d1aaa27fb20bb3dbe23db6fb5ea1570bf97ce162 pkg:maven/org.springframework/spring-context@6.2.1 spring-expression-6.2.1.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-expression/6.2.1/spring-expression-6.2.1.jar MD5: cba4fb289daba10c26882d49062e3e6d SHA1: 91fcf6b9501705c31c8337e2713fe823bb512b24 SHA256: e4efd330d907a506a4ebc558f5ab2f2320a399527474c95316c16d510c9e222e pkg:maven/org.springframework/spring-expression@6.2.1 spring-jcl-6.2.1.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-jcl/6.2.1/spring-jcl-6.2.1.jar MD5: 0580c8806b325bd0fcc984ae7a5e8b45 SHA1: a5d662d64470aff0ae51d210147bb6ede31a8ea3 SHA256: 83604b743df124b064836bc930d7e7c8e81832144b9e4292e7b816fca0cd42cd pkg:maven/org.springframework/spring-jcl@6.2.1 Description:
Spring Security License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-core/6.4.2/spring-security-core-6.4.2.jar
MD5: 495087db51c5f60a47680ffbbf2dcb65
SHA1: 51302b2af3f01eb79fdc7164a4cc3a3aa7e3b541
SHA256: 6b8f4d017c6926d351710604f71f91e9b810b3c2b759ede76f606b4e1942cdcc
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile spring-security-core-6.4.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-security-core High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name core Highest Vendor jar package name security Highest Vendor jar package name springframework Highest Vendor Manifest automatic-module-name spring.security.core Medium Vendor pom artifactid spring-security-core Highest Vendor pom artifactid spring-security-core Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-core High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product file name spring-security-core High Product jar package name core Highest Product jar package name security Highest Product jar package name springframework Highest Product Manifest automatic-module-name spring.security.core Medium Product Manifest Implementation-Title spring-security-core High Product pom artifactid spring-security-core Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-core High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version file version 6.4.2 High Version Manifest Implementation-Version 6.4.2 High Version pom version 6.4.2 Highest
Related Dependencies spring-security-config-6.4.2.jarFile Path: /home/runner/.m2/repository/org/springframework/security/spring-security-config/6.4.2/spring-security-config-6.4.2.jar MD5: 79be0e9518340dca861e0b47234a5dde SHA1: 5ed985329eb14b1c61045160c8dcbbcab179ddd3 SHA256: 5fab4c9578e52f034c20a1c7192c887f8e79aa08b9fd0c517a9e7aff05f70c70 pkg:maven/org.springframework.security/spring-security-config@6.4.2 spring-security-crypto-6.4.2.jarFile Path: /home/runner/.m2/repository/org/springframework/security/spring-security-crypto/6.4.2/spring-security-crypto-6.4.2.jar MD5: be30b5edf5c7e976e3361f1af8a6e069 SHA1: a4d5bf27ca449200fc39e07de6ae016eb1ad21da SHA256: 00026ef0a248a208920c653abb6b6bfd0c896349dcdc6dda38af8776921d999c pkg:maven/org.springframework.security/spring-security-crypto@6.4.2 Description:
Spring Security License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-web/6.4.2/spring-security-web-6.4.2.jar
MD5: aac3216773e5e76ace30f4c434f0163e
SHA1: 733a3bbbdca56225676fb7f4e3f317c2075fc383
SHA256: bc625e47c2cbcd55da04a6939d786da789cb270cd06d418c1adecca165e1e0ff
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile spring-security-web-6.4.2.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-security-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name security Highest Vendor jar package name springframework Highest Vendor jar package name web Highest Vendor Manifest automatic-module-name spring.security.web Medium Vendor pom artifactid spring-security-web Highest Vendor pom artifactid spring-security-web Low Vendor pom developer email info@pivotal.io Low Vendor pom developer name Pivotal Medium Vendor pom developer org Pivotal Software, Inc. Medium Vendor pom developer org URL https://www.spring.io Medium Vendor pom groupid org.springframework.security Highest Vendor pom name spring-security-web High Vendor pom organization name Pivotal Software, Inc. High Vendor pom organization url https://spring.io Medium Vendor pom url https://spring.io/projects/spring-security Highest Product file name spring-security-web High Product jar package name security Highest Product jar package name springframework Highest Product jar package name web Highest Product Manifest automatic-module-name spring.security.web Medium Product Manifest Implementation-Title spring-security-web High Product pom artifactid spring-security-web Highest Product pom developer email info@pivotal.io Low Product pom developer name Pivotal Low Product pom developer org Pivotal Software, Inc. Low Product pom developer org URL https://www.spring.io Low Product pom groupid org.springframework.security Highest Product pom name spring-security-web High Product pom organization name Pivotal Software, Inc. Low Product pom organization url https://spring.io Low Product pom url https://spring.io/projects/spring-security Medium Version file version 6.4.2 High Version Manifest Implementation-Version 6.4.2 High Version pom version 6.4.2 Highest
File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-web/6.4.2/spring-security-web-6.4.2.jar/org/springframework/security/spring-security-webauthn.jsMD5: a1047a2317a49f0f2a7f25960435784dSHA1: 27fb3541c8f1d2fbdeaeab2f5fdc6c5712afcf6fSHA256: cc3fcb0966b1f9562ea3164ef59fad3131789744cdd598c18e3ddc74017f57a4Referenced In Projects/Scopes:
waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile Evidence Type Source Name Value Confidence
Description:
Spring Web License:
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0 File Path: /home/runner/.m2/repository/org/springframework/spring-web/6.2.1/spring-web-6.2.1.jar
MD5: 66614877f218caec4797e7bd5559198f
SHA1: 877acb94c5b3a0c92e652b6bebdfdc7c60922ac8
SHA256: 6bf5a036390de810a4e78a07a17051e7f222e802b2249bde18c05740504a7888
Referenced In Projects/Scopes: waffle-spring-boot-autoconfigure3:compile waffle-spring-boot-starter3:compile spring-web-6.2.1.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT pkg:maven/com.github.waffle/waffle-spring-security6@3.5.2-SNAPSHOT Evidence Type Source Name Value Confidence Vendor file name spring-web High Vendor hint analyzer vendor pivotal software Highest Vendor hint analyzer vendor SpringSource Highest Vendor hint analyzer vendor vmware Highest Vendor jar package name springframework Highest Vendor jar package name web Highest Vendor Manifest automatic-module-name spring.web Medium Vendor pom artifactid spring-web Highest Vendor pom artifactid spring-web Low Vendor pom developer email juergen.hoeller@broadcom.com Low Vendor pom developer id jhoeller Medium Vendor pom developer name Juergen Hoeller Medium Vendor pom groupid org.springframework Highest Vendor pom name Spring Web High Vendor pom organization name Spring IO High Vendor pom organization url https://spring.io/projects/spring-framework Medium Vendor pom url spring-projects/spring-framework Highest Product file name spring-web High Product hint analyzer product springsource_spring_framework Highest Product jar package name springframework Highest Product jar package name web Highest Product Manifest automatic-module-name spring.web Medium Product Manifest Implementation-Title spring-web High Product pom artifactid spring-web Highest Product pom developer email juergen.hoeller@broadcom.com Low Product pom developer id jhoeller Low Product pom developer name Juergen Hoeller Low Product pom groupid org.springframework Highest Product pom name Spring Web High Product pom organization name Spring IO Low Product pom organization url https://spring.io/projects/spring-framework Low Product pom url spring-projects/spring-framework High Version file version 6.2.1 High Version Manifest Implementation-Version 6.2.1 High Version pom version 6.2.1 Highest
Related Dependencies spring-webmvc-6.2.1.jarFile Path: /home/runner/.m2/repository/org/springframework/spring-webmvc/6.2.1/spring-webmvc-6.2.1.jar MD5: 44c1d4bf31b0c81eab2ba9e5d27d80f3 SHA1: 44bdf7e5641d44044ac52d7bb5c1fc46004e7754 SHA256: 42ba27630eb6acb1f2e236ced1f5679eed6037277b06986d7e2cf009537757be pkg:maven/org.springframework/spring-webmvc@6.2.1 Description:
Core Tomcat implementation License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/10.1.34/tomcat-embed-core-10.1.34.jar
MD5: 697a86b4e96b0e0bfc7790d4aad03fe7
SHA1: f610f84be607fbc82e393cc220f0ad45f92afc91
SHA256: 5817bbb6c3a8d405a9f51ea0d402786114b4e8fd6d7ac4dd23ca34ac8d38a593
Referenced In Project/Scope: waffle-spring-boot-autoconfigure3:compile
tomcat-embed-core-10.1.34.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1
Evidence Type Source Name Value Confidence Vendor file name tomcat-embed-core High Vendor jar package name apache Highest Vendor jar package name core Highest Vendor jar package name tomcat Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-embed-core Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest provide-capability osgi.contract;osgi.contract=JakartaAuthentication;version:Version="3.0";uses:="jakarta.security.auth.message,jakarta.security.auth.message.callback,jakarta.security.auth.message.config,jakarta.security.auth.message.module",osgi.contract;osgi.contract=JakartaServlet;version:Version="6.0";uses:="jakarta.servlet,jakarta.servlet.annotation,jakarta.servlet.descriptor,jakarta.servlet.http,jakarta.servlet.resources" Low Vendor Manifest specification-vendor Apache Software Foundation Low Vendor manifest: jakarta/security/auth/message/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/security/auth/message/callback/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/security/auth/message/config/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/security/auth/message/module/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/annotation/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/descriptor/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/http/ Implementation-Vendor Apache Software Foundation Medium Vendor manifest: jakarta/servlet/resources/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-embed-core Highest Vendor pom artifactid tomcat-embed-core Low Vendor pom groupid org.apache.tomcat.embed Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-embed-core High Product jar package name annotation Highest Product jar package name apache Highest Product jar package name auth Highest Product jar package name core Highest Product jar package name descriptor Highest Product jar package name http Highest Product jar package name jakarta Highest Product jar package name message Highest Product jar package name security Highest Product jar package name servlet Highest Product jar package name tomcat Highest Product Manifest Bundle-Name tomcat-embed-core Medium Product Manifest bundle-symbolicname org.apache.tomcat-embed-core Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest provide-capability osgi.contract;osgi.contract=JakartaAuthentication;version:Version="3.0";uses:="jakarta.security.auth.message,jakarta.security.auth.message.callback,jakarta.security.auth.message.config,jakarta.security.auth.message.module",osgi.contract;osgi.contract=JakartaServlet;version:Version="6.0";uses:="jakarta.servlet,jakarta.servlet.annotation,jakarta.servlet.descriptor,jakarta.servlet.http,jakarta.servlet.resources" Low Product Manifest specification-title Apache Tomcat Medium Product manifest: jakarta/security/auth/message/ Implementation-Title jakarta.security.auth.message Medium Product manifest: jakarta/security/auth/message/ Specification-Title Jakarta Authentication SPI for Containers Medium Product manifest: jakarta/security/auth/message/callback/ Implementation-Title jakarta.security.auth.message Medium Product manifest: jakarta/security/auth/message/callback/ Specification-Title Jakarta Authentication SPI for Containers Medium Product manifest: jakarta/security/auth/message/config/ Implementation-Title jakarta.security.auth.message Medium Product manifest: jakarta/security/auth/message/config/ Specification-Title Jakarta Authentication SPI for Containers Medium Product manifest: jakarta/security/auth/message/module/ Implementation-Title jakarta.security.auth.message Medium Product manifest: jakarta/security/auth/message/module/ Specification-Title Jakarta Authentication SPI for Containers Medium Product manifest: jakarta/servlet/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/annotation/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/annotation/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/descriptor/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/descriptor/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/http/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/http/ Specification-Title Jakarta Servlet Medium Product manifest: jakarta/servlet/resources/ Implementation-Title jakarta.servlet Medium Product manifest: jakarta/servlet/resources/ Specification-Title Jakarta Servlet Medium Product pom artifactid tomcat-embed-core Highest Product pom groupid org.apache.tomcat.embed Highest Product pom url https://tomcat.apache.org/ Medium Version file version 10.1.34 High Version Manifest Bundle-Version 10.1.34 High Version Manifest Implementation-Version 10.1.34 High Version pom version 10.1.34 Highest
Related Dependencies tomcat-embed-websocket-10.1.34.jarFile Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/10.1.34/tomcat-embed-websocket-10.1.34.jar MD5: 06387e32dee7984a6cacb765d8628c44 SHA1: eef6d430f34b6e393b8d9e40f10db9043732b4e5 SHA256: acbb59e0ada75ecc5d82a0513d453f036d87b53eed3c6537db3fbcb54105454b pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.34 Description:
Core Tomcat implementation License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt File Path: /home/runner/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/10.1.34/tomcat-embed-el-10.1.34.jar
MD5: 0e6b9caed9d638343f532ccd365a9708
SHA1: d2b2daca3bc999c62e58ae36b45ba0582530fb25
SHA256: 54f10ed773387621f5c4fb7e526c2d1674f5d72fc4d86ed87238a750b7fdbfa0
Referenced In Project/Scope: waffle-spring-boot-autoconfigure3:compile
tomcat-embed-el-10.1.34.jar is in the transitive dependency tree of the listed items. Included by: pkg:maven/org.springframework.boot/spring-boot-starter-web@3.4.1
Evidence Type Source Name Value Confidence Vendor file name tomcat-embed-el High Vendor jar package name apache Highest Vendor jar package name el Highest Vendor Manifest bundle-symbolicname org.apache.tomcat-embed-jasper-el Medium Vendor Manifest Implementation-Vendor Apache Software Foundation High Vendor Manifest provide-capability osgi.contract;osgi.contract=JakartaExpressionLanguage;version:Version="5.0";uses:="jakarta.el",osgi.service;objectClass:List="jakarta.el.ExpressionFactory";effective:=active,osgi.serviceloader;osgi.serviceloader="jakarta.el.ExpressionFactory";register:="org.apache.el.ExpressionFactoryImpl" Low Vendor Manifest specification-vendor Apache Software Foundation Low Vendor manifest: jakarta/el/ Implementation-Vendor Apache Software Foundation Medium Vendor pom artifactid tomcat-embed-el Highest Vendor pom artifactid tomcat-embed-el Low Vendor pom groupid org.apache.tomcat.embed Highest Vendor pom url https://tomcat.apache.org/ Highest Product file name tomcat-embed-el High Product jar package name apache Highest Product jar package name el Highest Product jar package name expression Highest Product jar package name expressionfactory Highest Product jar package name expressionfactoryimpl Highest Product jar package name jakarta Highest Product Manifest Bundle-Name tomcat-embed-jasper-el Medium Product Manifest bundle-symbolicname org.apache.tomcat-embed-jasper-el Medium Product Manifest Implementation-Title Apache Tomcat High Product Manifest provide-capability osgi.contract;osgi.contract=JakartaExpressionLanguage;version:Version="5.0";uses:="jakarta.el",osgi.service;objectClass:List="jakarta.el.ExpressionFactory";effective:=active,osgi.serviceloader;osgi.serviceloader="jakarta.el.ExpressionFactory";register:="org.apache.el.ExpressionFactoryImpl" Low Product Manifest specification-title Apache Tomcat Medium Product manifest: jakarta/el/ Implementation-Title jakarta.annotation Medium Product manifest: jakarta/el/ Specification-Title Jakarta Expression Language Medium Product pom artifactid tomcat-embed-el Highest Product pom groupid org.apache.tomcat.embed Highest Product pom url https://tomcat.apache.org/ Medium Version file version 10.1.34 High Version Manifest Bundle-Version 10.1.34 High Version Manifest Implementation-Version 10.1.34 High Version pom version 10.1.34 Highest