Guava InternalFutureFailureAccess and InternalFutures
@@ -1146,7 +1146,7 @@
Dependency Tree
Description: Contains
com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
InternalFutures. Most users will never need to use this artifact. Its
- classes is conceptually a part of Guava, but they're in this separate
+ classes are conceptually a part of Guava, but they're in this separate
artifact so that Android libraries can use them without pulling in all of
Guava (just as they can use ListenableFuture by depending on the
listenablefuture artifact).
Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
-false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
-the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
-implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
-is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
-arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Mozilla Public License Version 2.0: http://www.mozilla.org/MPL/2.0/
File Path: /home/runner/.m2/repository/net/sf/saxon/Saxon-HE/12.4/Saxon-HE-12.4.jar MD5: b6319126413fa812ab937cdfac1e162c SHA1: b532e44a8bf4007bbce69467801778a955599c52 SHA256:575f8b696e3b6f9aa7a3bf01611b8bf1b84576b55ce29bc16656a53a147ef441 Referenced In Project/Scope: spotbugs-maven-plugin:runtime Saxon-HE-12.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs@4.8.3
File Path: /home/runner/.m2/repository/org/apache/ant/ant/1.10.14/ant-1.10.14.jar MD5: 263e00d844d0e4efa54440ec5ed6362a SHA1: 1edce9bbfa60dfd51f010879c78f4421dafae7a7 SHA256:4cbbd9243de4c1042d61d9a15db4c43c90ff93b16d78b39481da1c956c8e9671 Referenced In Project/Scope: spotbugs-maven-plugin:compile ant-1.10.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar MD5: 04177054e180d09e3998808efa0401c7 SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8 SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08 Referenced In Project/Scope: spotbugs-maven-plugin:provided aopalliance-1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
ASM, a very small and fast Java bytecode manipulation framework
License:
BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm/9.6/asm-9.6.jar MD5: 6f8bccf756f170d4185bb24c8c2d2020 SHA1: aa205cf0a06dbd8e04ece91c0b37c3f5d567546a SHA256:3c6fac2424db3d4a853b669f4e3d1d9c3c552235e19a319673f887083c2303a1 Referenced In Project/Scope: spotbugs-maven-plugin:compile asm-9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
asm
High
Vendor
jar
package name
asm
Highest
Vendor
jar
package name
objectweb
Highest
Vendor
Manifest
bundle-docurl
http://asm.ow2.org
Low
Vendor
Manifest
bundle-requiredexecutionenvironment
J2SE-1.5
Low
Vendor
Manifest
bundle-symbolicname
org.objectweb.asm
Medium
Vendor
pom
artifactid
asm
Highest
Vendor
pom
artifactid
asm
Low
Vendor
pom
developer email
ebruneton@free.fr
Low
Vendor
pom
developer email
eu@javatx.org
Low
Vendor
pom
developer email
forax@univ-mlv.fr
Low
Vendor
pom
developer id
ebruneton
Medium
Vendor
pom
developer id
eu
Medium
Vendor
pom
developer id
forax
Medium
Vendor
pom
developer name
Eric Bruneton
Medium
Vendor
pom
developer name
Eugene Kuleshov
Medium
Vendor
pom
developer name
Remi Forax
Medium
Vendor
pom
groupid
org.ow2.asm
Highest
Vendor
pom
name
asm
High
Vendor
pom
organization name
OW2
High
Vendor
pom
organization url
http://www.ow2.org/
Medium
Vendor
pom
parent-artifactid
ow2
Low
Vendor
pom
parent-groupid
org.ow2
Medium
Vendor
pom
url
http://asm.ow2.io/
Highest
Product
file
name
asm
High
Product
jar
package name
asm
Highest
Product
jar
package name
objectweb
Highest
Product
Manifest
bundle-docurl
http://asm.ow2.org
Low
Product
Manifest
Bundle-Name
org.objectweb.asm
Medium
Product
Manifest
bundle-requiredexecutionenvironment
J2SE-1.5
Low
Product
Manifest
bundle-symbolicname
org.objectweb.asm
Medium
Product
Manifest
Implementation-Title
ASM, a very small and fast Java bytecode manipulation framework
Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework
License:
BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-analysis/9.6/asm-analysis-9.6.jar MD5: 31c84ef7cc893fb278952ae2d6a2674f SHA1: 9ce6c7b174bd997fc2552dff47964546bd7a5ec3 SHA256:d92832d7c37edc07c60e2559ac6118b31d642e337a6671edcb7ba9fae68edbbb Referenced In Project/Scope: spotbugs-maven-plugin:compile asm-analysis-9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework
License:
BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-commons/9.6/asm-commons-9.6.jar MD5: 9e317c75534bd1da8c00a67c618ab288 SHA1: f1a9e5508eff490744144565c47326c8648be309 SHA256:7aefd0d5c0901701c69f7513feda765fb6be33af2ce7aa17c5781fc87657c511 Referenced In Project/Scope: spotbugs-maven-plugin:compile asm-commons-9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
Tree API of ASM, a very small and fast Java bytecode manipulation framework
License:
BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-tree/9.6/asm-tree-9.6.jar MD5: 6062608f1a98afe1e853d01fa1221a9e SHA1: c0cdda9d211e965d2a4448aa3fd86110f2f8c2de SHA256:c43ecf17b539c777e15da7b5b86553b377e2d39a683de6285567d5283888e7ef Referenced In Project/Scope: spotbugs-maven-plugin:compile asm-tree-9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
asm-tree
High
Vendor
jar
package name
asm
Highest
Vendor
jar
package name
objectweb
Highest
Vendor
jar
package name
tree
Highest
Vendor
Manifest
bundle-docurl
http://asm.ow2.org
Low
Vendor
Manifest
bundle-requiredexecutionenvironment
J2SE-1.5
Low
Vendor
Manifest
bundle-symbolicname
org.objectweb.asm.tree
Medium
Vendor
Manifest
module-requires
org.objectweb.asm;transitive=true
Low
Vendor
pom
artifactid
asm-tree
Highest
Vendor
pom
artifactid
asm-tree
Low
Vendor
pom
developer email
ebruneton@free.fr
Low
Vendor
pom
developer email
eu@javatx.org
Low
Vendor
pom
developer email
forax@univ-mlv.fr
Low
Vendor
pom
developer id
ebruneton
Medium
Vendor
pom
developer id
eu
Medium
Vendor
pom
developer id
forax
Medium
Vendor
pom
developer name
Eric Bruneton
Medium
Vendor
pom
developer name
Eugene Kuleshov
Medium
Vendor
pom
developer name
Remi Forax
Medium
Vendor
pom
groupid
org.ow2.asm
Highest
Vendor
pom
name
asm-tree
High
Vendor
pom
organization name
OW2
High
Vendor
pom
organization url
http://www.ow2.org/
Medium
Vendor
pom
parent-artifactid
ow2
Low
Vendor
pom
parent-groupid
org.ow2
Medium
Vendor
pom
url
http://asm.ow2.io/
Highest
Product
file
name
asm-tree
High
Product
jar
package name
asm
Highest
Product
jar
package name
objectweb
Highest
Product
jar
package name
tree
Highest
Product
Manifest
bundle-docurl
http://asm.ow2.org
Low
Product
Manifest
Bundle-Name
org.objectweb.asm.tree
Medium
Product
Manifest
bundle-requiredexecutionenvironment
J2SE-1.5
Low
Product
Manifest
bundle-symbolicname
org.objectweb.asm.tree
Medium
Product
Manifest
Implementation-Title
Tree API of ASM, a very small and fast Java bytecode manipulation framework
Utilities for ASM, a very small and fast Java bytecode manipulation framework
License:
BSD-3-Clause: https://asm.ow2.io/license.html
File Path: /home/runner/.m2/repository/org/ow2/asm/asm-util/9.6/asm-util-9.6.jar MD5: bd3bc1c176a787373e9a031073c9574b SHA1: f77caf84eb93786a749b2baa40865b9613e3eaee SHA256:c635a7402f4aa9bf66b2f4230cea62025a0fe1cd63e8729adefc9b1994fac4c3 Referenced In Project/Scope: spotbugs-maven-plugin:compile asm-util-9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/org/apache/bcel/bcel/6.8.0/bcel-6.8.0.jar MD5: 37824998115109405be3d0ffe0f5d3d2 SHA1: 5a6d9b91286e8d8279d4f31fbc9ff26e5944653a SHA256:3acbae591284b06b67180f6a150379cd74d017c43c8ea85b89b57f7871e03a29 Referenced In Project/Scope: spotbugs-maven-plugin:compile bcel-6.8.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
checker-qual contains annotations (type qualifiers) that a programmer
-writes to specify Java code for type-checking by the Checker Framework.
-
License:
The MIT License: http://opensource.org/licenses/MIT
File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.40.0/checker-qual-3.40.0.jar MD5: 8c7fbd29a6763f88a1b138813c57565d SHA1: 0ee3d7f12ee557875f1d93ca275cc4a019b693ab SHA256:e8fce29a11df9934cf04df17bd629bfcf360b4b8ba5a8bd0457f6c4567d1fee4 Referenced In Project/Scope: spotbugs-maven-plugin:provided checker-qual-3.40.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/commons-beanutils/commons-beanutils/1.9.4/commons-beanutils-1.9.4.jar MD5: 07dc532ee316fe1f2f0323e9bd2f8df4 SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51 SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a Referenced In Project/Scope: spotbugs-maven-plugin:compile commons-beanutils-1.9.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/commons-chain/commons-chain/1.2/commons-chain-1.2.jar MD5: e18e2c87826644e4c8c08635572c154f SHA1: 744a13e8766e338bd347b6fbc28c6db12979d0c6 SHA256:d5489b5f6b54b74665ad76ad3ffb3ad904830fe4863392784f311897ffcbfca8 Referenced In Project/Scope: spotbugs-maven-plugin:compile commons-chain-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
- The Apache Commons Codec package contains simple encoder and decoders for
- various formats such as Base64 and Hexadecimal. In addition to these
- widely used encoders and decoders, the codec package also maintains a
- collection of phonetic encoding utilities.
-
File Path: /home/runner/.m2/repository/commons-codec/commons-codec/1.16.0/commons-codec-1.16.0.jar MD5: 6e26920fa7228891980890cce06b718c SHA1: 4e3eb3d79888d76b54e28b350915b5dc3919c9de SHA256:56595fb20b0b85bc91d0d503dad50bb7f1b9afc0eed5dffa6cbb25929000484d Referenced In Project/Scope: spotbugs-maven-plugin:compile commons-codec-1.16.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/commons-collections/commons-collections/3.2.2/commons-collections-3.2.2.jar MD5: f54a8510f834a1a57166970bfc982e94 SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5 SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8 Referenced In Project/Scope: spotbugs-maven-plugin:compile commons-collections-3.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
- The Digester package lets you configure an XML to Java object mapping module
- which triggers certain actions called rules whenever a particular
- pattern of nested XML elements is recognized.
-
File Path: /home/runner/.m2/repository/commons-digester/commons-digester/2.1/commons-digester-2.1.jar MD5: 528445033f22da28f5047b6abcd1c7c9 SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0 SHA256:e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d Referenced In Project/Scope: spotbugs-maven-plugin:compile commons-digester-2.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/commons-io/commons-io/2.15.1/commons-io-2.15.1.jar MD5: 84351f7991a0e6722f00e96a4ccc376f SHA1: f11560da189ab563a5c8e351941415430e9304ea SHA256:a58af12ee1b68cfd2ebb0c27caef164f084381a00ec81a48cc275fd7ea54e154 Referenced In Project/Scope: spotbugs-maven-plugin:compile commons-io-2.15.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
- Commons Lang, a package of Java utility classes for the
- classes that are in java.lang's hierarchy, or are considered to be so
- standard as to justify existence in java.lang.
-
File Path: /home/runner/.m2/repository/commons-lang/commons-lang/2.6/commons-lang-2.6.jar MD5: 4d5c1693079575b362edf41500630bbd SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2 SHA256:50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c Referenced In Project/Scope: spotbugs-maven-plugin:compile commons-lang-2.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
- Apache Commons Lang, a package of Java utility classes for the
- classes that are in java.lang's hierarchy, or are considered to be so
- standard as to justify existence in java.lang.
-
File Path: /home/runner/.m2/repository/org/apache/commons/commons-lang3/3.14.0/commons-lang3-3.14.0.jar MD5: 4e5c3f5e6b0b965ef241d7d72ac8971f SHA1: 1ed471194b02f2c6cb734a0cd6f6f107c673afae SHA256:7b96bf3ee68949abb5bc465559ac270e0551596fa34523fddf890ec418dde13c Referenced In Project/Scope: spotbugs-maven-plugin:compile commons-lang3-3.14.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/org/apache/commons/commons-text/1.10.0/commons-text-1.10.0.jar MD5: 4afc9bfa2d31dbf7330c98fcc954b892 SHA1: 3363381aef8cef2dbc1023b3e3a9433b08b64e01 SHA256:770cd903fa7b604d1f7ef7ba17f84108667294b2b478be8ed1af3bffb4ae0018 Referenced In Project/Scope: spotbugs-maven-plugin:compile commons-text-1.10.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs@4.8.3
File Path: /home/runner/.m2/repository/org/dom4j/dom4j/2.1.4/dom4j-2.1.4.jar MD5: 8246840e53db2781ca941e4d3f9ad715 SHA1: 35c16721b88cf17b8279fcb134c0abb161cc0e9b SHA256:235a9167a8a199be04b5326d92927ca0adeb90d11f69fe2e821b34ce8433b591 Referenced In Project/Scope: spotbugs-maven-plugin:compile dom4j-2.1.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs@4.8.3
File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-core/1.12.0/doxia-core-1.12.0.jar MD5: 6fb71383ea91e6101a75f25b922ce2ad SHA1: 41cdaff3ce98e66714bfca677babaa3746faa2b9 SHA256:5e49cd827bebbcea5829d3b3883d17ad1ce15ebd6394aeb50ad50d7dfd939fcd Referenced In Project/Scope: spotbugs-maven-plugin:compile doxia-core-1.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
The Decoration Model handles the decoration descriptor for sites, also known as site.xml.
File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-decoration-model/1.11.1/doxia-decoration-model-1.11.1.jar MD5: 927ed3e7c39b6fed77875ed385b63447 SHA1: 1e10f4e9268b49edf40bca721eef07271bc91de5 SHA256:411fc167774f2e3573f280c57a278fbe7bae677ee596a8ad24bd6c6bb2c5bbce Referenced In Project/Scope: spotbugs-maven-plugin:compile doxia-decoration-model-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
A collection of tools to help the integration of Doxia Sitetools in Maven plugins.
File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-integration-tools/1.11.1/doxia-integration-tools-1.11.1.jar MD5: 1f3abb6a2c7c65b6f68f3ad45a76b3f5 SHA1: fdc4c4f29d10b0e2b5b9d7f9eea16812d496e478 SHA256:eee789dcb86f37f290c6c22198ea56bf529edf21590294e549a77a490ed21dbe Referenced In Project/Scope: spotbugs-maven-plugin:compile doxia-integration-tools-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-logging-api/1.12.0/doxia-logging-api-1.12.0.jar MD5: 7f3c898809424e826aeab3368c66acd7 SHA1: a31fac8c598c0090ccd2c53b4df7d49f81fb9dba SHA256:985306162c0a9f4c309d46109447f30f02bf6fc9bc16a3e039d59e1dabd0192f Referenced In Project/Scope: spotbugs-maven-plugin:compile doxia-logging-api-1.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-core@1.12.0
- A Doxia module for Xhtml source documents.
- Xhtml format is supported both as source and target formats.
-
File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-module-xhtml/1.11.1/doxia-module-xhtml-1.11.1.jar MD5: 82c4cfb79b666b922e1a8cf7b919df22 SHA1: f1b755a09934cd9c51d87b606c8e8ddf07719ebf SHA256:3d298e2da1e11dba952cf4e5d750fafc41713470767b57c4f6969123c0892a23 Referenced In Project/Scope: spotbugs-maven-plugin:compile doxia-module-xhtml-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1
- A Doxia module for Xhtml5 source documents.
- Xhtml5 format is supported both as source and target formats.
-
File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-module-xhtml5/1.11.1/doxia-module-xhtml5-1.11.1.jar MD5: 37208526e7ed1051bc8c7f8dc076e5c9 SHA1: e4ee721555ff063d7ef9042d6b9237386c6b33e0 SHA256:3583ae17f9ae97db41da038dc67552a386e7a9f850f45fa6fdb0d2b9ef36a31c Referenced In Project/Scope: spotbugs-maven-plugin:compile doxia-module-xhtml5-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1
File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-sink-api/1.12.0/doxia-sink-api-1.12.0.jar MD5: 965677b99fde26ed0b5556dbab622075 SHA1: 92a2fdeaeb59e921fff9c5ca9a2ea6118a494760 SHA256:5dca6aaaa9e70d8a0766e143ddcf9db09de5fde0fbcc78cb635d74e764dfcca5 Referenced In Project/Scope: spotbugs-maven-plugin:compile doxia-sink-api-1.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
The Site Renderer handles the rendering of sites, merging site decoration with document content.
File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-site-renderer/1.11.1/doxia-site-renderer-1.11.1.jar MD5: 871abead02f713fb9c02d5ba36f65bf7 SHA1: 414e3b2049aa6f6710ecca4fa905d9d2ce318773 SHA256:f279a087910d3e0728daad9114da8f3211cfb49b5e8457d05ee9ee5f04284527 Referenced In Project/Scope: spotbugs-maven-plugin:compile doxia-site-renderer-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
The Skin Model defines metadata for Doxia Sitetools skins.
File Path: /home/runner/.m2/repository/org/apache/maven/doxia/doxia-skin-model/1.11.1/doxia-skin-model-1.11.1.jar MD5: 6fa7b3005dad9f4b285a889b3b68d8aa SHA1: b6994a60da09eb429c01362e9a6a510e0f83d24e SHA256:5337efbe45413d24b71422d145062f84bde96271dab9f3a5caa3fab461974bf4 Referenced In Project/Scope: spotbugs-maven-plugin:compile doxia-skin-model-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1
File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.23.0/error_prone_annotations-2.23.0.jar MD5: b3ea764beb68c9b44cf57c1b5a5608b2 SHA1: 43a27853b6c7d54893e0b1997c2c778c347179eb SHA256:ec6f39f068b6ff9ac323c68e28b9299f8c0a80ca512dccb1d4a70f40ac3ec054 Referenced In Project/Scope: spotbugs-maven-plugin:provided error_prone_annotations-2.23.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
- Contains
- com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
- InternalFutures. Most users will never need to use this artifact. Its
- classes is conceptually a part of Guava, but they're in this separate
- artifact so that Android libraries can use them without pulling in all of
- Guava (just as they can use ListenableFuture by depending on the
- listenablefuture artifact).
-
File Path: /home/runner/.m2/repository/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar MD5: 091883993ef5bfa91da01dcc8fc52236 SHA1: 1dcf1de382a0bf95a3d8b0849546c88bac1292c9 SHA256:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26 Referenced In Project/Scope: spotbugs-maven-plugin:compile failureaccess-1.0.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@32.1.3-jre
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
failureaccess
High
Vendor
jar
package name
common
Highest
Vendor
jar
package name
concurrent
Highest
Vendor
jar
package name
google
Highest
Vendor
jar
package name
util
Highest
Vendor
Manifest
bundle-docurl
https://github.com/google/guava/
Low
Vendor
Manifest
bundle-symbolicname
com.google.guava.failureaccess
Medium
Vendor
pom
artifactid
failureaccess
Highest
Vendor
pom
artifactid
failureaccess
Low
Vendor
pom
groupid
com.google.guava
Highest
Vendor
pom
name
Guava InternalFutureFailureAccess and InternalFutures
High
Vendor
pom
parent-artifactid
guava-parent
Low
Product
file
name
failureaccess
High
Product
jar
package name
common
Highest
Product
jar
package name
concurrent
Highest
Product
jar
package name
google
Highest
Product
jar
package name
util
Highest
Product
Manifest
bundle-docurl
https://github.com/google/guava/
Low
Product
Manifest
Bundle-Name
Guava InternalFutureFailureAccess and InternalFutures
Medium
Product
Manifest
bundle-symbolicname
com.google.guava.failureaccess
Medium
Product
pom
artifactid
failureaccess
Highest
Product
pom
groupid
com.google.guava
Highest
Product
pom
name
Guava InternalFutureFailureAccess and InternalFutures
Groovy: A powerful multi-faceted language for the JVM
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/groovy/groovy/4.0.16/groovy-4.0.16.jar MD5: 4f27e788b9f5aed0a44fddef40d34ecd SHA1: 4b23ab8f542bbbb517061cf5a0d401b632de9832 SHA256:36eebd7a5ee417b757f564dbf4fe3fcb0f41529940f0877e68bfa56adb0a1698 Referenced In Project/Scope: spotbugs-maven-plugin:compile groovy-4.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
groovy
High
Vendor
jar
package name
apache
Highest
Vendor
jar
package name
groovy
Highest
Vendor
Manifest
automatic-module-name
org.apache.groovy
Medium
Vendor
Manifest
bundle-symbolicname
groovy
Medium
Vendor
Manifest
eclipse-buddypolicy
dependent
Low
Vendor
Manifest
eclipse-extensibleapi
true
Low
Vendor
Manifest
extension-name
groovy
Medium
Vendor
Manifest
Implementation-Vendor
The Apache Software Foundation
High
Vendor
Manifest
specification-vendor
The Apache Software Foundation
Low
Vendor
pom
artifactid
groovy
Highest
Vendor
pom
artifactid
groovy
Low
Vendor
pom
developer email
aalmiray@users.sourceforge.net
Low
Vendor
pom
developer email
b55r@sina.com
Low
Vendor
pom
developer email
blackdrag@gmx.org
Low
Vendor
pom
developer email
bob@werken.com
Low
Vendor
pom
developer email
cedric.champeau@gmail.com
Low
Vendor
pom
developer email
ckl@dacelo.nl
Low
Vendor
pom
developer email
cpoirier@dreaming.org
Low
Vendor
pom
developer email
goetze@dovetail.com
Low
Vendor
pom
developer email
guillaume.alleon@gmail.com
Low
Vendor
pom
developer email
hamletdrc@gmail.com
Low
Vendor
pom
developer email
james@coredevelopers.com
Low
Vendor
pom
developer email
jason@planet57.com
Low
Vendor
pom
developer email
jeremy.rayner@gmail.com
Low
Vendor
pom
developer email
jim@pagesmiths.com
Low
Vendor
pom
developer email
johnstump2@yahoo.com
Low
Vendor
pom
developer email
mguillemot@yahoo.fr
Low
Vendor
pom
developer email
paulk@asert.com.au
Low
Vendor
pom
developer email
phkim@cluecom.co.kr
Low
Vendor
pom
developer email
pniederw@gmail.com
Low
Vendor
pom
developer email
russel@winder.org.uk
Low
Vendor
pom
developer email
sam@sampullara.com
Low
Vendor
pom
developer email
sormuras@gmx.de
Low
Vendor
pom
developer email
tug@wilson.co.uk
Low
Vendor
pom
developer id
aalmiray
Medium
Vendor
pom
developer id
alextkachman
Medium
Vendor
pom
developer id
andresteingress
Medium
Vendor
pom
developer id
blackdrag
Medium
Vendor
pom
developer id
bob
Medium
Vendor
pom
developer id
bran
Medium
Vendor
pom
developer id
ckl
Medium
Vendor
pom
developer id
cpoirier
Medium
Vendor
pom
developer id
cstein
Medium
Vendor
pom
developer id
emilles
Medium
Vendor
pom
developer id
galleon
Medium
Vendor
pom
developer id
glaforge
Medium
Vendor
pom
developer id
goetze
Medium
Vendor
pom
developer id
grocher
Medium
Vendor
pom
developer id
hamletdrc
Medium
Vendor
pom
developer id
jamiemc
Medium
Vendor
pom
developer id
jez
Medium
Vendor
pom
developer id
jimwhite
Medium
Vendor
pom
developer id
joe
Medium
Vendor
pom
developer id
jstrachan
Medium
Vendor
pom
developer id
jstump
Medium
Vendor
pom
developer id
jwill
Medium
Vendor
pom
developer id
jwilson
Medium
Vendor
pom
developer id
kasper
Medium
Vendor
pom
developer id
mattf
Medium
Vendor
pom
developer id
melix
Medium
Vendor
pom
developer id
mguillem
Medium
Vendor
pom
developer id
mittie
Medium
Vendor
pom
developer id
pascalschumacher
Medium
Vendor
pom
developer id
paulk
Medium
Vendor
pom
developer id
phk
Medium
Vendor
pom
developer id
pniederw
Medium
Vendor
pom
developer id
roshandawrani
Medium
Vendor
pom
developer id
rpopma
Medium
Vendor
pom
developer id
russel
Medium
Vendor
pom
developer id
shemnon
Medium
Vendor
pom
developer id
skizz
Medium
Vendor
pom
developer id
spullara
Medium
Vendor
pom
developer id
sunlan
Medium
Vendor
pom
developer id
timyates
Medium
Vendor
pom
developer id
travis
Medium
Vendor
pom
developer id
user57
Medium
Vendor
pom
developer id
zohar
Medium
Vendor
pom
developer name
Alex Tkachman
Medium
Vendor
pom
developer name
Andre Steingress
Medium
Vendor
pom
developer name
Andres Almiray
Medium
Vendor
pom
developer name
Bing Ran
Medium
Vendor
pom
developer name
bob mcwhirter
Medium
Vendor
pom
developer name
Cedric Champeau
Medium
Vendor
pom
developer name
Chris Poirier
Medium
Vendor
pom
developer name
Chris Stevenson
Medium
Vendor
pom
developer name
Christiaan ten Klooster
Medium
Vendor
pom
developer name
Christian Stein
Medium
Vendor
pom
developer name
Daniel Sun
Medium
Vendor
pom
developer name
Danno Ferrin
Medium
Vendor
pom
developer name
Dierk Koenig
Medium
Vendor
pom
developer name
Eric Milles
Medium
Vendor
pom
developer name
Graeme Rocher
Medium
Vendor
pom
developer name
Guillaume Alleon
Medium
Vendor
pom
developer name
Guillaume Laforge
Medium
Vendor
pom
developer name
Hamlet D'Arcy
Medium
Vendor
pom
developer name
James Strachan
Medium
Vendor
pom
developer name
James Williams
Medium
Vendor
pom
developer name
Jamie McCrindle
Medium
Vendor
pom
developer name
Jason Dillon
Medium
Vendor
pom
developer name
Jeremy Rayner
Medium
Vendor
pom
developer name
Jim White
Medium
Vendor
pom
developer name
Jochen Theodorou
Medium
Vendor
pom
developer name
Joe Walnes
Medium
Vendor
pom
developer name
John Stump
Medium
Vendor
pom
developer name
John Wilson
Medium
Vendor
pom
developer name
Kasper Nielsen
Medium
Vendor
pom
developer name
Marc Guillemot
Medium
Vendor
pom
developer name
Matt Foemmel
Medium
Vendor
pom
developer name
Pascal Schumacher
Medium
Vendor
pom
developer name
Paul King
Medium
Vendor
pom
developer name
Peter Niederwieser
Medium
Vendor
pom
developer name
Pilho Kim
Medium
Vendor
pom
developer name
Remko Popma
Medium
Vendor
pom
developer name
Roshan Dawrani
Medium
Vendor
pom
developer name
Russel Winder
Medium
Vendor
pom
developer name
Sam Pullara
Medium
Vendor
pom
developer name
Steve Goetze
Medium
Vendor
pom
developer name
Tim Yates
Medium
Vendor
pom
developer name
Travis Kay
Medium
Vendor
pom
developer name
Zohar Melamed
Medium
Vendor
pom
developer org
Concertant LLP & It'z Interactive Ltd
Medium
Vendor
pom
developer org
Core Developers Network
Medium
Vendor
pom
developer org
CTSR.de
Medium
Vendor
pom
developer org
Dacelo WebDevelopment
Medium
Vendor
pom
developer org
Dovetailed Technologies, LLC
Medium
Vendor
pom
developer org
Google
Medium
Vendor
pom
developer org
IFCX.org
Medium
Vendor
pom
developer org
javanicus
Medium
Vendor
pom
developer org
Karakun AG
Medium
Vendor
pom
developer org
Leadingcare
Medium
Vendor
pom
developer org
OCI, Australia
Medium
Vendor
pom
developer org
The Werken Company
Medium
Vendor
pom
developer org
The Wilson Partnership
Medium
Vendor
pom
developer org
Thomson Reuters
Medium
Vendor
pom
developer org
ThoughtWorks
Medium
Vendor
pom
developer org
Three
Medium
Vendor
pom
groupid
org.apache.groovy
Highest
Vendor
pom
name
Apache Groovy
High
Vendor
pom
organization name
Apache Software Foundation
High
Vendor
pom
organization url
https://apache.org
Medium
Vendor
pom
url
https://groovy-lang.org
Highest
Product
file
name
groovy
High
Product
jar
package name
apache
Highest
Product
jar
package name
groovy
Highest
Product
jar
package name
runtime
Highest
Product
Manifest
automatic-module-name
org.apache.groovy
Medium
Product
Manifest
Bundle-Name
Groovy module: groovy
Medium
Product
Manifest
bundle-symbolicname
groovy
Medium
Product
Manifest
eclipse-buddypolicy
dependent
Low
Product
Manifest
eclipse-extensibleapi
true
Low
Product
Manifest
extension-name
groovy
Medium
Product
Manifest
Implementation-Title
Groovy: a powerful, multi-faceted language for the JVM
High
Product
Manifest
specification-title
Groovy: a powerful, multi-faceted language for the JVM
Groovy: A powerful multi-faceted language for the JVM
License:
The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/groovy/groovy-ant/4.0.16/groovy-ant-4.0.16.jar MD5: c632e8f581f9c656f8c7fd87739cbe94 SHA1: 485b9dc3734100c02c487e004cd5e0f51f3cf25b SHA256:3c6d2fb05057eab9613a879f29d2b7a0852234324fbad9dea2e02c73fdc7c8fe Referenced In Project/Scope: spotbugs-maven-plugin:compile groovy-ant-4.0.16.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
groovy-ant
High
Vendor
jar
package name
ant
Highest
Vendor
jar
package name
groovy
Highest
Vendor
Manifest
automatic-module-name
org.apache.groovy.ant
Medium
Vendor
Manifest
bundle-symbolicname
groovy-ant
Medium
Vendor
Manifest
eclipse-buddypolicy
dependent
Low
Vendor
Manifest
extension-name
groovy
Medium
Vendor
Manifest
Implementation-Vendor
The Apache Software Foundation
High
Vendor
Manifest
specification-vendor
The Apache Software Foundation
Low
Vendor
pom
artifactid
groovy-ant
Highest
Vendor
pom
artifactid
groovy-ant
Low
Vendor
pom
developer email
aalmiray@users.sourceforge.net
Low
Vendor
pom
developer email
b55r@sina.com
Low
Vendor
pom
developer email
blackdrag@gmx.org
Low
Vendor
pom
developer email
bob@werken.com
Low
Vendor
pom
developer email
cedric.champeau@gmail.com
Low
Vendor
pom
developer email
ckl@dacelo.nl
Low
Vendor
pom
developer email
cpoirier@dreaming.org
Low
Vendor
pom
developer email
goetze@dovetail.com
Low
Vendor
pom
developer email
guillaume.alleon@gmail.com
Low
Vendor
pom
developer email
hamletdrc@gmail.com
Low
Vendor
pom
developer email
james@coredevelopers.com
Low
Vendor
pom
developer email
jason@planet57.com
Low
Vendor
pom
developer email
jeremy.rayner@gmail.com
Low
Vendor
pom
developer email
jim@pagesmiths.com
Low
Vendor
pom
developer email
johnstump2@yahoo.com
Low
Vendor
pom
developer email
mguillemot@yahoo.fr
Low
Vendor
pom
developer email
paulk@asert.com.au
Low
Vendor
pom
developer email
phkim@cluecom.co.kr
Low
Vendor
pom
developer email
pniederw@gmail.com
Low
Vendor
pom
developer email
russel@winder.org.uk
Low
Vendor
pom
developer email
sam@sampullara.com
Low
Vendor
pom
developer email
sormuras@gmx.de
Low
Vendor
pom
developer email
tug@wilson.co.uk
Low
Vendor
pom
developer id
aalmiray
Medium
Vendor
pom
developer id
alextkachman
Medium
Vendor
pom
developer id
andresteingress
Medium
Vendor
pom
developer id
blackdrag
Medium
Vendor
pom
developer id
bob
Medium
Vendor
pom
developer id
bran
Medium
Vendor
pom
developer id
ckl
Medium
Vendor
pom
developer id
cpoirier
Medium
Vendor
pom
developer id
cstein
Medium
Vendor
pom
developer id
emilles
Medium
Vendor
pom
developer id
galleon
Medium
Vendor
pom
developer id
glaforge
Medium
Vendor
pom
developer id
goetze
Medium
Vendor
pom
developer id
grocher
Medium
Vendor
pom
developer id
hamletdrc
Medium
Vendor
pom
developer id
jamiemc
Medium
Vendor
pom
developer id
jez
Medium
Vendor
pom
developer id
jimwhite
Medium
Vendor
pom
developer id
joe
Medium
Vendor
pom
developer id
jstrachan
Medium
Vendor
pom
developer id
jstump
Medium
Vendor
pom
developer id
jwill
Medium
Vendor
pom
developer id
jwilson
Medium
Vendor
pom
developer id
kasper
Medium
Vendor
pom
developer id
mattf
Medium
Vendor
pom
developer id
melix
Medium
Vendor
pom
developer id
mguillem
Medium
Vendor
pom
developer id
mittie
Medium
Vendor
pom
developer id
pascalschumacher
Medium
Vendor
pom
developer id
paulk
Medium
Vendor
pom
developer id
phk
Medium
Vendor
pom
developer id
pniederw
Medium
Vendor
pom
developer id
roshandawrani
Medium
Vendor
pom
developer id
rpopma
Medium
Vendor
pom
developer id
russel
Medium
Vendor
pom
developer id
shemnon
Medium
Vendor
pom
developer id
skizz
Medium
Vendor
pom
developer id
spullara
Medium
Vendor
pom
developer id
sunlan
Medium
Vendor
pom
developer id
timyates
Medium
Vendor
pom
developer id
travis
Medium
Vendor
pom
developer id
user57
Medium
Vendor
pom
developer id
zohar
Medium
Vendor
pom
developer name
Alex Tkachman
Medium
Vendor
pom
developer name
Andre Steingress
Medium
Vendor
pom
developer name
Andres Almiray
Medium
Vendor
pom
developer name
Bing Ran
Medium
Vendor
pom
developer name
bob mcwhirter
Medium
Vendor
pom
developer name
Cedric Champeau
Medium
Vendor
pom
developer name
Chris Poirier
Medium
Vendor
pom
developer name
Chris Stevenson
Medium
Vendor
pom
developer name
Christiaan ten Klooster
Medium
Vendor
pom
developer name
Christian Stein
Medium
Vendor
pom
developer name
Daniel Sun
Medium
Vendor
pom
developer name
Danno Ferrin
Medium
Vendor
pom
developer name
Dierk Koenig
Medium
Vendor
pom
developer name
Eric Milles
Medium
Vendor
pom
developer name
Graeme Rocher
Medium
Vendor
pom
developer name
Guillaume Alleon
Medium
Vendor
pom
developer name
Guillaume Laforge
Medium
Vendor
pom
developer name
Hamlet D'Arcy
Medium
Vendor
pom
developer name
James Strachan
Medium
Vendor
pom
developer name
James Williams
Medium
Vendor
pom
developer name
Jamie McCrindle
Medium
Vendor
pom
developer name
Jason Dillon
Medium
Vendor
pom
developer name
Jeremy Rayner
Medium
Vendor
pom
developer name
Jim White
Medium
Vendor
pom
developer name
Jochen Theodorou
Medium
Vendor
pom
developer name
Joe Walnes
Medium
Vendor
pom
developer name
John Stump
Medium
Vendor
pom
developer name
John Wilson
Medium
Vendor
pom
developer name
Kasper Nielsen
Medium
Vendor
pom
developer name
Marc Guillemot
Medium
Vendor
pom
developer name
Matt Foemmel
Medium
Vendor
pom
developer name
Pascal Schumacher
Medium
Vendor
pom
developer name
Paul King
Medium
Vendor
pom
developer name
Peter Niederwieser
Medium
Vendor
pom
developer name
Pilho Kim
Medium
Vendor
pom
developer name
Remko Popma
Medium
Vendor
pom
developer name
Roshan Dawrani
Medium
Vendor
pom
developer name
Russel Winder
Medium
Vendor
pom
developer name
Sam Pullara
Medium
Vendor
pom
developer name
Steve Goetze
Medium
Vendor
pom
developer name
Tim Yates
Medium
Vendor
pom
developer name
Travis Kay
Medium
Vendor
pom
developer name
Zohar Melamed
Medium
Vendor
pom
developer org
Concertant LLP & It'z Interactive Ltd
Medium
Vendor
pom
developer org
Core Developers Network
Medium
Vendor
pom
developer org
CTSR.de
Medium
Vendor
pom
developer org
Dacelo WebDevelopment
Medium
Vendor
pom
developer org
Dovetailed Technologies, LLC
Medium
Vendor
pom
developer org
Google
Medium
Vendor
pom
developer org
IFCX.org
Medium
Vendor
pom
developer org
javanicus
Medium
Vendor
pom
developer org
Karakun AG
Medium
Vendor
pom
developer org
Leadingcare
Medium
Vendor
pom
developer org
OCI, Australia
Medium
Vendor
pom
developer org
The Werken Company
Medium
Vendor
pom
developer org
The Wilson Partnership
Medium
Vendor
pom
developer org
Thomson Reuters
Medium
Vendor
pom
developer org
ThoughtWorks
Medium
Vendor
pom
developer org
Three
Medium
Vendor
pom
groupid
org.apache.groovy
Highest
Vendor
pom
name
Apache Groovy
High
Vendor
pom
organization name
Apache Software Foundation
High
Vendor
pom
organization url
https://apache.org
Medium
Vendor
pom
url
https://groovy-lang.org
Highest
Product
file
name
groovy-ant
High
Product
jar
package name
ant
Highest
Product
jar
package name
groovy
Highest
Product
Manifest
automatic-module-name
org.apache.groovy.ant
Medium
Product
Manifest
Bundle-Name
Groovy module: groovy-ant
Medium
Product
Manifest
bundle-symbolicname
groovy-ant
Medium
Product
Manifest
eclipse-buddypolicy
dependent
Low
Product
Manifest
extension-name
groovy
Medium
Product
Manifest
Implementation-Title
Groovy: a powerful, multi-faceted language for the JVM
High
Product
Manifest
specification-title
Groovy: a powerful, multi-faceted language for the JVM
File Path: /home/runner/.m2/repository/com/google/code/gson/gson/2.10.1/gson-2.10.1.jar MD5: df6097815738cb31fc56391553210843 SHA1: b3add478d4382b78ea20b1671390a858002feb6c SHA256:4241c14a7727c34feea6507ec801318a3d4a90f070e4525681079fb94ee4c593 Referenced In Project/Scope: spotbugs-maven-plugin:compile gson-2.10.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/com/google/guava/guava/32.1.3-jre/guava-32.1.3-jre.jar MD5: adc3cf557a48d15cb71be90948558923 SHA1: 0f306708742ce2bf0fb0901216183bc14073feae SHA256:6d4e2b5a118aab62e6e5e29d185a0224eed82c85c40ac3d33cf04a270c3b3744 Referenced In Project/Scope: spotbugs-maven-plugin:compile guava-32.1.3-jre.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/com/google/inject/guice/5.1.0/guice-5.1.0.jar MD5: 2560169296aa94492af34af2115e9511 SHA1: da25056c694c54ba16e78e4fc35f17fc60f0d1b4 SHA256:4130e50bfac48099c860f0d903b91860c81a249c90f38245f8fed58fc817bc26 Referenced In Project/Scope: spotbugs-maven-plugin:provided guice-5.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
File Path: /home/runner/.m2/repository/org/hibernate/validator/hibernate-validator-annotation-processor/6.2.5.Final/hibernate-validator-annotation-processor-6.2.5.Final.jar MD5: 9f2a3168a0e9da5c6b0fc6fa5a29525a SHA1: 845f834671380ef9c4c93e3f638bd88f6a4abba7 SHA256:6ad006443f769860af1886cc805d28c3d75c6253a2817f175c6bc7e2b359f55c Referenced In Project/Scope: spotbugs-maven-plugin:provided hibernate-validator-annotation-processor-6.2.5.Final.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar MD5: 40d6b9075fbd28fa10292a45a0db9457 SHA1: e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada SHA256:6fe9026a566c6a5001608cf3fc32196641f6c1e5e1986d1037ccdbd5f31ef743 Referenced In Project/Scope: spotbugs-maven-plugin:compile httpclient-4.5.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-core@1.12.0
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/client5/httpclient5/5.1.3/httpclient5-5.1.3.jar MD5: 757bfb86277b9b11798db8fdb351bf74 SHA1: 13c984b7b881afcff3a7f0bb95878724a48a4b66 SHA256:28c759254f4e35319e078bb6ffea75676608dc12cb243b24fb3c8732522977fe Referenced In Project/Scope: spotbugs-maven-plugin:runtime httpclient5-5.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs@4.8.3
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/httpcore/4.4.14/httpcore-4.4.14.jar MD5: 2b3991eda121042765a5ee299556c200 SHA1: 9dd1a631c082d92ecd4bd8fd4cf55026c720a8c1 SHA256:f956209e450cb1d0c51776dfbd23e53e9dd8db9a1298ed62b70bf0944ba63b28 Referenced In Project/Scope: spotbugs-maven-plugin:compile httpcore-4.4.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-core@1.12.0
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/core5/httpcore5/5.1.3/httpcore5-5.1.3.jar MD5: e3311847fc70a84038fb2c079dd08c4a SHA1: d1638d1e5f2793f187d4144c702a93524ba6fd3b SHA256:f2bf2f2c7772169c9e30699719667ad30f9b46c4e9d7841907deb2d12d9923fe Referenced In Project/Scope: spotbugs-maven-plugin:runtime httpcore5-5.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs@4.8.3
File Path: /home/runner/.m2/repository/org/apache/httpcomponents/core5/httpcore5-h2/5.1.3/httpcore5-h2-5.1.3.jar MD5: e12cc9746f6635675a408e641c95b177 SHA1: 4664b59b09f5ee008e37a963bbb92f4068e91696 SHA256:d0e78ba15aa8ebe77982b660ac4b09a95d6e035dbdbea762577dc1c8e2935807 Referenced In Project/Scope: spotbugs-maven-plugin:runtime httpcore5-h2-5.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs@4.8.3
- A set of annotations that provide additional information to the J2ObjC
- translator to modify the result of translation.
-
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/j2objc/j2objc-annotations/2.8/j2objc-annotations-2.8.jar MD5: c50af69b704dc91050efb98e0dff66d1 SHA1: c85270e307e7b822f1086b93689124b89768e273 SHA256:f02a95fa1a5e95edb3ed859fd0fb7df709d121a35290eff8b74dce2ab7f4d6ed Referenced In Project/Scope: spotbugs-maven-plugin:provided j2objc-annotations-2.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
The core parser functionality. This may be all you need.
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-3.0.html
-Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/javaparser/javaparser-core/3.25.7/javaparser-core-3.25.7.jar MD5: 16f91b37ca8afca619f321948edc70d0 SHA1: a99e13ba0ce0643a51f8d1b31b7401e3673ed417 SHA256:159f5e5024d0548ec63cf9d2488ad410d646164581570235ed04eef69242d2d6 Referenced In Project/Scope: spotbugs-maven-plugin:compile javaparser-core-3.25.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
javaparser-core
High
Vendor
jar
package name
github
Highest
Vendor
jar
package name
javaparser
Highest
Vendor
Manifest
automatic-module-name
com.github.javaparser.core
Medium
Vendor
Manifest
build-jdk-spec
1.8
Low
Vendor
Manifest
bundle-developers
matozoid;email="hexagonaal@gmail.com";name="Danny van Bruggen","jgesser@gmail.com";email="jgesser@gmail.com";name="Júlio Vilmar Gesser",sebastiankirsch;email="sebastian.kirsch@immobilienscout24.de";name="Sebastian Kirsch",before;name="André Rouél",SmiddyPence;email="smiddypence@gmail.com";name="Nicholas Smith",ftomassetti;email="federico@tomassetti.me";name="Federico Tomassetti",ptitjes;email="ptitjes@free.fr";name="Didier Villevalois",MysterAitch;name="Roger Howell",MysterAitch;name="Roger Howell",jlerbsc;name="Jean Pierre Lerbscher",maartenc;name="Maarten Coene"
Low
Vendor
Manifest
bundle-docurl
https://github.com/javaparser/javaparser-core
Low
Vendor
Manifest
bundle-symbolicname
com.github.javaparser.javaparser-core
Medium
Vendor
pom
artifactid
javaparser-core
Highest
Vendor
pom
artifactid
javaparser-core
Low
Vendor
pom
groupid
com.github.javaparser
Highest
Vendor
pom
parent-artifactid
javaparser-parent
Low
Product
file
name
javaparser-core
High
Product
jar
package name
github
Highest
Product
jar
package name
javaparser
Highest
Product
Manifest
automatic-module-name
com.github.javaparser.core
Medium
Product
Manifest
build-jdk-spec
1.8
Low
Product
Manifest
bundle-developers
matozoid;email="hexagonaal@gmail.com";name="Danny van Bruggen","jgesser@gmail.com";email="jgesser@gmail.com";name="Júlio Vilmar Gesser",sebastiankirsch;email="sebastian.kirsch@immobilienscout24.de";name="Sebastian Kirsch",before;name="André Rouél",SmiddyPence;email="smiddypence@gmail.com";name="Nicholas Smith",ftomassetti;email="federico@tomassetti.me";name="Federico Tomassetti",ptitjes;email="ptitjes@free.fr";name="Didier Villevalois",MysterAitch;name="Roger Howell",MysterAitch;name="Roger Howell",jlerbsc;name="Jean Pierre Lerbscher",maartenc;name="Maarten Coene"
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /home/runner/.m2/repository/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar MD5: 75fe320d2b3763bd6883ae1ede35e987 SHA1: 479c1e06db31c432330183f5cae684163f186146 SHA256:5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04 Referenced In Project/Scope: spotbugs-maven-plugin:provided javax.annotation-api-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.9.6
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/javax/inject/javax.inject/1/javax.inject-1.jar MD5: 289075e48b909e9e74e6c915b3631d2e SHA1: 6975da39a7040257bd51d21a231b76c915872d38 SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff Referenced In Project/Scope: spotbugs-maven-plugin:compile javax.inject-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
File Path: /home/runner/.m2/repository/jaxen/jaxen/2.0.0/jaxen-2.0.0.jar MD5: 674d5bd86b7838fe431b0277856e97ae SHA1: bd6a33b0fda054a5678010df843cc999f288dc6c SHA256:9499e487a66268f47b8307d130cd1e13a58392105e98a51f6a525db79c615cc5 Referenced In Project/Scope: spotbugs-maven-plugin:compile jaxen-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
- A clean room implementation of the JCIP Annotations based entirely on the specification provided by the javadocs.
-
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/github/stephenc/jcip/jcip-annotations/1.0-1/jcip-annotations-1.0-1.jar MD5: d62dbfa8789378457ada685e2f614846 SHA1: ef31541dd28ae2cefdd17c7ebf352d93e9058c63 SHA256:4fccff8382aafc589962c4edb262f6aa595e34f1e11e61057d1c6a96e8fc7323 Referenced In Project/Scope: spotbugs-maven-plugin:compile jcip-annotations-1.0-1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs@4.8.3
Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/slf4j/jcl-over-slf4j/2.0.9/jcl-over-slf4j-2.0.9.jar MD5: 4e72ed6776eb9bf14433df7bd0278662 SHA1: 89eb336cf1183ce075253c7c3788aa196d56f71a SHA256:f98f1eb8179bcb312aeb76a607746f4f2d0f03ce265ee78141f5c3c8302102af Referenced In Project/Scope: spotbugs-maven-plugin:compile jcl-over-slf4j-2.0.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar MD5: dd83accb899363c32b07d7a1b2e4ce40 SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7 Referenced In Project/Scope: spotbugs-maven-plugin:compile jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@32.1.3-jre
- An empty artifact that Guava depends on to signal that it is providing
- ListenableFuture -- but is also available in a second "version" that
- contains com.google.common.util.concurrent.ListenableFuture class, without
- any other Guava classes. The idea is:
-
- - If users want only ListenableFuture, they depend on listenablefuture-1.0.
-
- - If users want all of Guava, they depend on guava, which, as of Guava
- 27.0, depends on
- listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
- version number is enough for some build systems (notably, Gradle) to select
- that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
- conflict with the copy of ListenableFuture in guava itself. If users are
- using an older version of Guava or a build system other than Gradle, they
- may see class conflicts. If so, they can solve them by manually excluding
- the listenablefuture artifact or manually forcing their build systems to
- use 9999.0-....
-
File Path: /home/runner/.m2/repository/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar MD5: d094c22570d65e132c19cea5d352e381 SHA1: b421526c5f297295adef1c886e5246c39d4ac629 SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99 Referenced In Project/Scope: spotbugs-maven-plugin:compile listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@32.1.3-jre
File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-api/2.22.0/log4j-api-2.22.0.jar MD5: 5d753db833495ddaedd74f3d45091bab SHA1: 2c7d82708efd430e722562be1993defd9fb2426b SHA256:1342c86c2a0848fc2f3d16b8544849f29fa31bf7af79f6066c2677ba29e47cf3 Referenced In Project/Scope: spotbugs-maven-plugin:compile log4j-api-2.22.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.22.0
File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-to-slf4j/2.22.0/log4j-to-slf4j-2.22.0.jar MD5: 013030e769d6d31a020d24685927a0a3 SHA1: 9c66d112548fab2ac9d78503e725767f729d03d5 SHA256:ec03603d58cec6b306fb4781dd31adb0d1ecd8d36f802b7b4eb168593d87dedb Referenced In Project/Scope: spotbugs-maven-plugin:compile log4j-to-slf4j-2.22.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!
License:
The MIT License: https://projectlombok.org/LICENSE
File Path: /home/runner/.m2/repository/org/projectlombok/lombok/1.18.30/lombok-1.18.30.jar MD5: 14e90bb14cac804c1a6e2024e78f436d SHA1: f195ee86e6c896ea47a1d39defbe20eb59cd149d SHA256:14151b47582d570b4de16a147ece3bdbd19ace4aee5bde3a5578c87db9ecb998 Referenced In Project/Scope: spotbugs-maven-plugin:provided lombok-1.18.30.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/org/apache/maven/maven-artifact/3.9.6/maven-artifact-3.9.6.jar MD5: 96a7982d9a46c5c19696b4558be1bbd2 SHA1: fb0979832c10c1a25d038a33ca862bef055fcdc8 SHA256:ad7a0fb408f8e47585ccc0d0011e0b501d93bfc9888d369bbd4a043d19475073 Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-artifact-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
An API to install, deploy and resolving artifacts with Maven 3
File Path: /home/runner/.m2/repository/org/apache/maven/shared/maven-artifact-transfer/0.13.1/maven-artifact-transfer-0.13.1.jar MD5: 5a73136d65cfc2dd8af0fd365dbda4fb SHA1: 9f6d2088ae64dd926b8ec445afdb7e148eb08060 SHA256:1ac88accde99ed71e65253bd130868c0e654f940f01ade073b895eb2f817cf06 Referenced In Project/Scope: spotbugs-maven-plugin:compile maven-artifact-transfer-0.13.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
Support for descriptor builders (model, setting, toolchains)
File Path: /home/runner/.m2/repository/org/apache/maven/maven-builder-support/3.9.6/maven-builder-support-3.9.6.jar MD5: e004677a88ec086ba79a6a646b120f06 SHA1: bcfc9d8175eaba21111edf21e0355a8523461abc SHA256:e1f4d2784459ce8a34b9dae1829a1999b569e483e21ee9faa7368691e729296e Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-builder-support-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
A collection of ready-made filters to control inclusion/exclusion of artifacts during dependency resolution.
File Path: /home/runner/.m2/repository/org/apache/maven/shared/maven-common-artifact-filters/3.3.2/maven-common-artifact-filters-3.3.2.jar MD5: 5b8bd8a1933dbfa8f9a00029255cf99b SHA1: c1cb1bc78ae8c6a6e64da833d4a9afbda5e0834a SHA256:2be8b810cf0937ff4bb7bef8ce78a8faad17ca2182751055ac7df54d5510b908 Referenced In Project/Scope: spotbugs-maven-plugin:compile maven-common-artifact-filters-3.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/org/apache/maven/maven-core/3.9.6/maven-core-3.9.6.jar MD5: 0d872ce50d16e02ca72e348b9f7b3487 SHA1: 674ab3337566d493df8f95eddfda90e41002d214 SHA256:c1327590398759da1918dbf356eb6d63f8fce7192a805cb3c8e336fbb1155dc0 Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-core-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/org/apache/maven/maven-model/3.9.6/maven-model-3.9.6.jar MD5: ac8747986567850914e2c7f0e85599b3 SHA1: ac9a1c8a8cfa36f3a5489837e653ec0cd530d576 SHA256:4f8f07fdb6b8701fa89a23a2edf830808fd65892d90cce40c0e6df7c8f2fcb62 Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-model-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
The effective model builder, with inheritance, profile activation, interpolation, ...
File Path: /home/runner/.m2/repository/org/apache/maven/maven-model-builder/3.9.6/maven-model-builder-3.9.6.jar MD5: 8b1aa0b78ffdb501dd4a6cbc0cbeff68 SHA1: 983ce00d50a9f78ad1b805e21e4fd71807fa6ebf SHA256:5f96dafbc411ee4b1e8426368d0d31d05ab5a4dace69808143142a0017598721 Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-model-builder-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
File Path: /home/runner/.m2/repository/org/apache/maven/plugin-tools/maven-plugin-annotations/3.10.2/maven-plugin-annotations-3.10.2.jar MD5: b06dba2d701e028fca2951e22043af00 SHA1: 631e7bece9413b0aa45daefff48e48b291a4de66 SHA256:96ecaa2fd230ec1689976f3916650695c2b6b204f8418fc49121deb4a27ccaa5 Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-plugin-annotations-3.10.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/org/apache/maven/maven-plugin-api/3.9.6/maven-plugin-api-3.9.6.jar MD5: d554ff9d1f948ef4ad67dd590e0eb299 SHA1: 64c127e31d9329928c72c403408a01f1871b6733 SHA256:3fd664f7e511463561bc343822347618b8ca0952db85da785809166f0a762411 Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-plugin-api-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/org/apache/maven/reporting/maven-reporting-api/3.1.1/maven-reporting-api-3.1.1.jar MD5: 1e1e0b2f189c861995e33a2a746501bb SHA1: 74ca00a13e46d065071cdf6376d7d231e0208916 SHA256:25be6603c97d28fa3dcd122073054271c8fcaf667d220dce7a26a61a6f3cffd1 Referenced In Project/Scope: spotbugs-maven-plugin:compile maven-reporting-api-3.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/org/apache/maven/reporting/maven-reporting-impl/3.2.0/maven-reporting-impl-3.2.0.jar MD5: 468bb08c4330fd7647405b33edf769be SHA1: 97ffee6a6c3f81e341f42f641651a37f077759c6 SHA256:28f42c2f49f11dcba6d14ab3e365375442a9ed78ca2ec588e3e1f43455a4a14d Referenced In Project/Scope: spotbugs-maven-plugin:compile maven-reporting-impl-3.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
Per-directory local and remote repository metadata.
File Path: /home/runner/.m2/repository/org/apache/maven/maven-repository-metadata/3.9.6/maven-repository-metadata-3.9.6.jar MD5: 58a684bcc774fb44e4f73fa7466dc44d SHA1: 497cda3149f3c661113f9a663e0270ce2566cc95 SHA256:e047a67b204c434994253e2ab5bdff5fe8cb7ada9316ac3e754c39f900ea847b Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-repository-metadata-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-api/1.9.18/maven-resolver-api-1.9.18.jar MD5: 43a87208b9585a61f268843f6a0931ec SHA1: 0cd5174d6e80175398debe4869d484169c0abbf8 SHA256:ebfb9e1dfeea3c2017905184581e007874b4eaac9d28bfffcfe5133d70ac6339 Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-resolver-api-1.9.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-impl/1.9.18/maven-resolver-impl-1.9.18.jar MD5: 0204f7788eb26200ff419d4abe21072b SHA1: e928b128d1e52e6299f94431ce3df74647bc8c26 SHA256:6bb9c90d007098004749c867da2eaf5785fc1139907718749c1097bdb2929bf8 Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-resolver-impl-1.9.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-named-locks/1.9.18/maven-resolver-named-locks-1.9.18.jar MD5: e6da3cfadecd128a47814dfc661163dc SHA1: 31f948d89dcb3d9739e70d5e1000ebd68eb4405d SHA256:098de7bbc5b0b26c3eff74ac30ffba6680fdab9bf4aebab95c3f5e2fe9eaeea8 Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-resolver-named-locks-1.9.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
Extensions to Maven Resolver for utilizing Maven POM and repository metadata.
File Path: /home/runner/.m2/repository/org/apache/maven/maven-resolver-provider/3.9.6/maven-resolver-provider-3.9.6.jar MD5: 74c2e9695842a46c2c2c1cd5179266c4 SHA1: 848c45d334f6cc5c8dd602b0e58fd4482964eddc SHA256:73b00b244b7b9e285654a45e765892bf5d369da77d42b5b4b5429122ed198a33 Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-resolver-provider-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-spi/1.9.18/maven-resolver-spi-1.9.18.jar MD5: b99c631156da02290d0c95cf40c4917b SHA1: 7fa176b3353ef6d78d02db39e025f3c27a983158 SHA256:d364fce9a17b0e0b073c26efa92af95b29c00c42943dced4a1168a7923fd3fe1 Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-resolver-spi-1.9.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
File Path: /home/runner/.m2/repository/org/apache/maven/resolver/maven-resolver-util/1.9.18/maven-resolver-util-1.9.18.jar MD5: 0e6aa5f372550f4239361df35a53b4a1 SHA1: 5ae9406f188ae4a999c353fce3fd77273797a216 SHA256:2eb0ea667bc489384478231dda7516407d4b5b22a138077229871de9362a7ae2 Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-resolver-util-1.9.18.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
File Path: /home/runner/.m2/repository/org/apache/maven/maven-settings/3.9.6/maven-settings-3.9.6.jar MD5: 144dfb04d530da655c5f96d80adb4ef4 SHA1: 7687311690b68c935753c55dd3f016d8c4a7820f SHA256:0d200fd3b354d653d2a02cdba6a39b6dc2744a8539ff36ea423fe62cac736799 Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-settings-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
The effective settings builder, with inheritance and password decryption.
File Path: /home/runner/.m2/repository/org/apache/maven/maven-settings-builder/3.9.6/maven-settings-builder-3.9.6.jar MD5: 5480ba40c9ae1cac6931abf16f7e8b81 SHA1: 2b75954b6f0c7eef38f388d97b91ce1ae3229f21 SHA256:e97cc245e4ef833c589fce0b5a8a4d77e3a0e01e619c57b5342c5e16d37a791d Referenced In Project/Scope: spotbugs-maven-plugin:provided maven-settings-builder-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
Shared utilities for use by Maven core and plugins
File Path: /home/runner/.m2/repository/org/apache/maven/shared/maven-shared-utils/3.4.2/maven-shared-utils-3.4.2.jar MD5: 53a038f77a81cb5816ad2b1c7daa8711 SHA1: bfa28296272a5915b08de9f11f34a94b0a818fd0 SHA256:b613357e1bad4dfc1dead801691c9460f9585fe7c6b466bc25186212d7d18487 Referenced In Project/Scope: spotbugs-maven-plugin:compile maven-shared-utils-3.4.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/org/gaul/modernizer-maven-annotations/2.7.0/modernizer-maven-annotations-2.7.0.jar MD5: 0af0d3c9187c7dc13fcbcb7257c0fd5b SHA1: 25fb27f1a54d193b52b5baa7dee26ef0ba6c03fe SHA256:9e8340d07c2226e28a8f5d115418b2e2ab02139f2f3966dcd9163fa5902e267f Referenced In Project/Scope: spotbugs-maven-plugin:provided modernizer-maven-annotations-2.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
JSR330-based container; supports classpath scanning, auto-binding, and dynamic auto-wiring
License:
"Eclipse Public License, Version 1.0";link="http://www.eclipse.org/legal/epl-v10.html"
File Path: /home/runner/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.inject/0.9.0.M2/org.eclipse.sisu.inject-0.9.0.M2.jar MD5: eb805c5b2e22c8002877f0caadc6a87c SHA1: 5ace70e1ea696d156f5034a42a615df13a52003a SHA256:9b62bcfc352a2ec87da8b01e37c952a54d358bbb1af3f212648aeafe7ab2dbb5 Referenced In Project/Scope: spotbugs-maven-plugin:provided org.eclipse.sisu.inject-0.9.0.M2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
org.eclipse.sisu.inject
High
Vendor
jar
package name
eclipse
Highest
Vendor
jar
package name
inject
Highest
Vendor
jar
package name
sisu
Highest
Vendor
Manifest
build-jdk-spec
11
Low
Vendor
Manifest
bundle-copyright
Copyright (c) 2010-present Sonatype, Inc. and others
Plexus-JSR330 adapter; adds Plexus support to the Sisu-Inject container
License:
"Eclipse Public License, Version 1.0";link="http://www.eclipse.org/legal/epl-v10.html"
File Path: /home/runner/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.plexus/0.9.0.M2/org.eclipse.sisu.plexus-0.9.0.M2.jar MD5: 98e320df2caac742b2ae33d938c69df8 SHA1: 31456dd2293197bb282c03168f6767acca3dec96 SHA256:9500d303ce467e26d129dda8559c3f3a91277d41ab49d2c4b4a5779536a62fc1 Referenced In Project/Scope: spotbugs-maven-plugin:provided org.eclipse.sisu.plexus-0.9.0.M2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.9.6
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
org.eclipse.sisu.plexus
High
Vendor
jar
package name
eclipse
Highest
Vendor
jar
package name
plexus
Highest
Vendor
jar
package name
sisu
Highest
Vendor
Manifest
build-jdk-spec
11
Low
Vendor
Manifest
bundle-copyright
Copyright (c) 2010-present Sonatype, Inc. and others
File Path: /home/runner/.m2/repository/oro/oro/2.0.8/oro-2.0.8.jar MD5: 42e940d5d2d822f4dc04c65053e630ab SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698 SHA256:e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e Referenced In Project/Scope: spotbugs-maven-plugin:compile oro-2.0.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-cipher/2.0/plexus-cipher-2.0.jar MD5: 55d612839faf248cbe3e273969c002c2 SHA1: 425ea8e534716b4bff1ea90f39bd76be951d651b SHA256:9a7f1b5c5a9effd61eadfd8731452a2f76a8e79111fac391ef75ea801bea203a Referenced In Project/Scope: spotbugs-maven-plugin:provided plexus-cipher-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-classworlds/2.7.0/plexus-classworlds-2.7.0.jar MD5: 6ed852b1a004288c44438381e6aaee1e SHA1: fe6f1acefd1a302dd4bc6d9d7f15358828d2a44d SHA256:c60ae538ba66adbc06aae205fbe2306211d3d213ab6df3239ec03cdde2458ad6 Referenced In Project/Scope: spotbugs-maven-plugin:provided plexus-classworlds-2.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.9.6
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference
- Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with
- standard annotations instead of javadoc annotations.
-
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar MD5: be18d50372002ba958de0ae4850b18a7 SHA1: 6897b9fa8b67c900b52996f845e2d179eea13441 SHA256:405eef6fc9188241ec88579c3e473f5c8997455c69bcd62e142492aca15106bc Referenced In Project/Scope: spotbugs-maven-plugin:compile plexus-component-annotations-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.shared/maven-artifact-transfer@0.13.1
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-i18n/1.0-beta-10/plexus-i18n-1.0-beta-10.jar MD5: 7f36c0459c853750c627f682ec7bcf52 SHA1: 27506f59e54cc80b8c28b977c2bcd0478094e0cc SHA256:b87f25b512ffafcafbf4a05ab943812e9c6915291370c6b46016eb3836886c41 Referenced In Project/Scope: spotbugs-maven-plugin:compile plexus-i18n-1.0-beta-10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar MD5: 1049ae9f5cd8cf618abf5bc5805e6b94 SHA1: 25b919c664b79795ccde0ede5cee0fd68b544197 SHA256:b3b5412ce17889103ea564bcdfcf9fb3dfa540344ffeac6b538a73c9d7182662 Referenced In Project/Scope: spotbugs-maven-plugin:compile plexus-interpolation-1.26.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference
A component to transparently retrieve resources from the filesystem, classpath or internet.
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-resources/1.2.0/plexus-resources-1.2.0.jar MD5: 381b55d2f89114d360529e4674baf4f0 SHA1: 3685d3f2e7157fc70a39aa74c7667caa81d886e7 SHA256:898fc46841ce7defce320b78b748e285cc4790f9db931045d1f4b139a35f065d Referenced In Project/Scope: spotbugs-maven-plugin:compile plexus-resources-1.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-sec-dispatcher/2.0/plexus-sec-dispatcher-2.0.jar MD5: e68635a721630177ac70173e441336b6 SHA1: f89c5080614ffd0764e49861895dbedde1b47237 SHA256:873139960c4c780176dda580b003a2c4bf82188bdce5bb99234e224ef7acfceb Referenced In Project/Scope: spotbugs-maven-plugin:provided plexus-sec-dispatcher-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference
A collection of various utility classes to ease working with strings, files, command lines and
- more.
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-utils/4.0.0/plexus-utils-4.0.0.jar MD5: 16481d9d3af602d73a6355e79d2de889 SHA1: ff00a04ba971655ed10e9fb93bce0ed3014e9477 SHA256:270cd703b48c6e5c8c691f1875f22d62d22cfe072c73ae2f5814d83d68c1da0b Referenced In Project/Scope: spotbugs-maven-plugin:compile plexus-utils-4.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-velocity/1.2/plexus-velocity-1.2.jar MD5: 7d7805136e8165f53c944612a809f1a6 SHA1: 1331b9d6bbf99ead362c68c2f318ebe5fedda598 SHA256:b4c4a0dbeacad54306a1ae230eff5ab45d58e3ab88c86ab7245d3a0772be57ab Referenced In Project/Scope: spotbugs-maven-plugin:compile plexus-velocity-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference
A collection of various utility classes to ease working with XML in Maven 3.
File Path: /home/runner/.m2/repository/org/codehaus/plexus/plexus-xml/3.0.0/plexus-xml-3.0.0.jar MD5: cccca4a03a8367cd20e4efaead5fba0b SHA1: d16b91678bc3734276886132923d6919c935c9f7 SHA256:d2622dc9339b16f5b8c9cad2add440e965831d0e16f19ae1de24e1202b0de536 Referenced In Project/Scope: spotbugs-maven-plugin:compile plexus-xml-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CWE-611 Improper Restriction of XML External Entity Reference
- QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files
- complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools.
-
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/com/thoughtworks/qdox/qdox/1.12.1/qdox-1.12.1.jar MD5: 9fb6970f934f8d836ae8e6d133316ab4 SHA1: f7122f6ab1f64bdf9f5970b0e89bfb355e036897 SHA256:21fba22f830e9268f07cf4ab2d99e8181abbdcb0cb91ee0228eb3cb918dcdd1d Referenced In Project/Scope: spotbugs-maven-plugin:runtime qdox-1.12.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.groovy/groovy-docgenerator@4.0.16
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.9/slf4j-api-2.0.9.jar MD5: 45630e54b0f0ac2b3c80462515ad8fda SHA1: 7cf2726fdcfbc8610f9a71fb3ed639871f315340 SHA256:0818930dc8d7debb403204611691da58e49d42c50b6ffcfdce02dadb7c3c2b6c Referenced In Project/Scope: spotbugs-maven-plugin:compile slf4j-api-2.0.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
File Path: /home/runner/.m2/repository/org/slf4j/slf4j-simple/2.0.9/slf4j-simple-2.0.9.jar MD5: adb5121003554fa33fae318e98fc3d48 SHA1: 6367825de95d8885aae056afa793f25a76a84b7d SHA256:71f9c6de6dbaec2d10caa303faf08c5e749be53b242896c64c96b7c6bb6d62dc Referenced In Project/Scope: spotbugs-maven-plugin:compile slf4j-simple-2.0.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs/4.8.3/spotbugs-4.8.3.jar MD5: 5fe80eaedf469948a72d19d0c34f8818 SHA1: 2c69bdcdbf555750155b3ad46a774ba8a23236e9 SHA256:84a286b65d1c2441ac24a57a998c83d43b9d287fd68ac0df7c7524b5f419fc2b Referenced In Project/Scope: spotbugs-maven-plugin:compile spotbugs-4.8.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.8.3/spotbugs-annotations-4.8.3.jar MD5: cd5917b77643c3a7ba5420aea78f940c SHA1: 05d2dc4ca5b632976371155252499819aea372ed SHA256:e5d4f60be8e57595766ba7f1d4535dc46aebf98dae05e16372a4d4120d3ebb6b Referenced In Project/Scope: spotbugs-maven-plugin:provided spotbugs-annotations-4.8.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.3.0-SNAPSHOT
Apache Velocity is a general purpose template engine.
File Path: /home/runner/.m2/repository/org/apache/velocity/velocity/1.7/velocity-1.7.jar MD5: 3692dd72f8367cb35fb6280dc2916725 SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7a SHA256:ec92dae810034f4b46dbb16ef4364a4013b0efb24a8c5dd67435cae46a290d8e Referenced In Project/Scope: spotbugs-maven-plugin:compile velocity-1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.
- VelocityTools is an integrated collection of Velocity subprojects
- with the common goal of creating tools and infrastructure to speed and ease
- development of both web and non-web applications using the Velocity template
- engine.
-
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /home/runner/.m2/repository/org/apache/velocity/velocity-tools/2.0/velocity-tools-2.0.jar MD5: 51ed2c6c0103cf3fdbeb9aa5170f5288 SHA1: 69936384de86857018b023a8c56ae0635c56b6a0 SHA256:b174eb36bc48c25dce10571c7d3d5dca4e4c1b3e2e31a92b9ed68fe9dea688d9 Referenced In Project/Scope: spotbugs-maven-plugin:compile velocity-tools-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1
Evidence
Type
Source
Name
Value
Confidence
Vendor
file
name
velocity-tools
High
Vendor
jar
package name
apache
Highest
Vendor
jar
package name
tools
Highest
Vendor
jar
package name
velocity
Highest
Vendor
Manifest
extension-name
velocity-tools
Medium
Vendor
Manifest
Implementation-Vendor
Apache Software Foundation
High
Vendor
Manifest
Implementation-Vendor-Id
org.apache
Medium
Vendor
Manifest
specification-vendor
Apache Software Foundation
Low
Vendor
pom
artifactid
velocity-tools
Highest
Vendor
pom
artifactid
velocity-tools
Low
Vendor
pom
developer email
cbrisson@apache.org
Low
Vendor
pom
developer email
dlr@apache.org
Low
Vendor
pom
developer email
geirm@apache.org
Low
Vendor
pom
developer email
henning@apache.org
Low
Vendor
pom
developer email
marino@apache.org
Low
Vendor
pom
developer email
nbubna@apache.org
Low
Vendor
pom
developer email
wglass@apache.org
Low
Vendor
pom
developer id
cbrisson
Medium
Vendor
pom
developer id
dlr
Medium
Vendor
pom
developer id
geirm
Medium
Vendor
pom
developer id
henning
Medium
Vendor
pom
developer id
marino
Medium
Vendor
pom
developer id
nbubna
Medium
Vendor
pom
developer id
wglass
Medium
Vendor
pom
developer name
Claude Brisson
Medium
Vendor
pom
developer name
Daniel Rall
Medium
Vendor
pom
developer name
Geir Magnusson Jr.
Medium
Vendor
pom
developer name
Henning Schmiedehausen
Medium
Vendor
pom
developer name
Marinó A. Jónsson
Medium
Vendor
pom
developer name
Nathan Bubna
Medium
Vendor
pom
developer name
Will Glass-Husain
Medium
Vendor
pom
developer org
ESHA Research
Medium
Vendor
pom
groupid
org.apache.velocity
Highest
Vendor
pom
name
VelocityTools
High
Vendor
pom
organization name
Apache Software Foundation
High
Vendor
pom
organization url
http://velocity.apache.org/
Medium
Vendor
pom
url
http://velocity.apache.org/tools/devel/
Highest
Product
file
name
velocity-tools
High
Product
jar
package name
apache
Highest
Product
jar
package name
struts
Highest
Product
jar
package name
tools
Highest
Product
jar
package name
velocity
Highest
Product
Manifest
extension-name
velocity-tools
Medium
Product
Manifest
Implementation-Title
org.apache.velocity
High
Product
Manifest
specification-title
VelocityTools is a set of utilities for use with the Velocity template engine and Struts web framework
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
File Path: /home/runner/.m2/repository/org/xmlresolver/xmlresolver/5.2.2/xmlresolver-5.2.2-data.jar MD5: 0e77f628aa613bbe3145c6a24f8973f3 SHA1: 5624ede8b8e374979194acaae9f34cff23b62b3e SHA256:173904bdbd783ba0fac92c5bcc05da5d09f0ce7eed24346666ea0a239461f9b4 Referenced In Project/Scope: spotbugs-maven-plugin:runtime xmlresolver-5.2.2-data.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs@4.8.3
Apache License version 2.0: https://www.apache.org/licenses/LICENSE-2.0
File Path: /home/runner/.m2/repository/org/xmlresolver/xmlresolver/5.2.2/xmlresolver-5.2.2.jar MD5: 0de20e8f7acfa5942d78c239d3034deb SHA1: 152378e04ba01898847bf38fad5023c7d52f0c9d SHA256:efc92bd7ed32b3e57095e0b3e872051ccfbbdcc980831ef33e89e38161a85222 Referenced In Project/Scope: spotbugs-maven-plugin:runtime xmlresolver-5.2.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs@4.8.3
- File names of the baseline files. Bugs found in the baseline files won't be reported.
-
+
File names of the baseline files. Bugs found in the baseline files won't be reported.
Potential values are a filesystem path, a URL, or a classpath resource.
-
This parameter is resolved as resource, URL, then file. If successfully
resolved, the contents of the configuration is copied into the
${project.build.directory}
directory before being passed to Spotbugs as a filter file.
-
- File name of the exclude filter. Bugs matching the filters are not reported.
-
+
File name of the exclude filter. Bugs matching the filters are not reported.
Potential values are a filesystem path, a URL, or a classpath resource.
-
This parameter is resolved as resource, URL, then file. If successfully
resolved, the contents of the configuration is copied into the
${project.build.directory}
directory before being passed to Spotbugs as a filter file.
- It supports multiple files separated by a comma
-
Prioritiy threshold which bugs have to reach to cause a failure. Valid values are High, Medium or Low.
+
Priority threshold which bugs have to reach to cause a failure. Valid values are High, Medium or Low.
Bugs below this threshold will just issue a warning log entry.
- File name of the include filter. Only bugs in matching the filters are reported.
-
+
File name of the include filter. Only bugs in matching the filters are reported.
Potential values are a filesystem path, a URL, or a classpath resource.
-
This parameter is resolved as resource, URL, then file. If successfully
resolved, the contents of the configuration is copied into the
${project.build.directory}
directory before being passed to Spotbugs as a filter file.
- It supports multiple files separated by a comma
-
- The plugin list to include in the report. This is a comma-delimited list.
-
+
The plugin list to include in the report. This is a comma-delimited list.
Potential values are a filesystem path, a URL, or a classpath resource.
-
This parameter is resolved as resource, URL, then file. If successfully
resolved, the contents of the configuration is copied into the
${project.build.directory}
- directory before being passed to Spotbugs as a plugin file.
-
Since:
1.0-beta-1
+ directory before being passed to Spotbugs as a plugin file.
Exception thrown in class org.codehaus.mojo.spotbugs.XDocsReporter at new org.codehaus.mojo.spotbugs.XDocsReporter(ResourceBundle, Log, String, String, String) will leave the constructor. The object under construction remains partially initialized and may be vulnerable to Finalizer attacks.
![[Information]](./images/icon_info_sml.gif){kind=icon}
![[Error]](images/icon_error_sml.gif){kind=icon}
Error
