Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 5.2.2
Report Generated On: Mon, 25 Nov 2019 08:15:04 +0100
Dependencies Scanned: 1 (1 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD CVE Checked: 2019-11-25T08:14:48
NVD CVE Modified: 2019-11-25T07:04:10
VersionCheckOn: 2019-11-07T21:27:36

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Highest Severity	CVE Count	Confidence	Evidence Count
jsr305-3.0.2.jar		pkg:maven/com.google.code.findbugs/jsr305@3.0.2		0		17

Dependencies

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\philip\.m2\repository\com\google\code\findbugs\jsr305\3.0.2\jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope:jcodemodel:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	google.code.findbugs	Highest
Vendor	file	name	jsr305	High
Vendor	pom	url	http://findbugs.sourceforge.net/	Highest
Vendor	pom	name	FindBugs-jsr305	High
Vendor	Manifest	bundle-symbolicname	org.jsr-305	Medium
Vendor	pom	groupid	com.google.code.findbugs	Highest
Vendor	pom	artifactid	jsr305	Low
Product	pom	url	http://findbugs.sourceforge.net/	Medium
Product	pom	artifactid	jsr305	Highest
Product	file	name	jsr305	High
Product	pom	name	FindBugs-jsr305	High
Product	Manifest	bundle-symbolicname	org.jsr-305	Medium
Product	Manifest	Bundle-Name	FindBugs-jsr305	Medium
Product	pom	groupid	google.code.findbugs	Low
Version	Manifest	Bundle-Version	3.0.2	High
Version	pom	version	3.0.2	Highest
Version	file	version	3.0.2	Highest

Identifiers

pkg:maven/com.google.code.findbugs/jsr305@3.0.2 (Confidence:High)

How to read the report | Suppressing false positives | Getting Help: github issues

Project: jcodemodel

com.helger:jcodemodel:3.3.0

Summary

Dependencies

jsr305-3.0.2.jar

Evidence

Identifiers