-
* **What are you trying to do?**
Allow for more configurability
* **What feature or behavior is this required for?**
Allow people to set how long the TTL for the cached values from ossindex is s…
-
Because of security concerns, my employer asks me to run vulnerability assessment for each R package before using it. The current method we have for vulnerability assessment is using the R package oys…
-
On https://sonatype.github.io/ossindex-maven/maven-plugin/ossindex-audit/#clientConfiguration , link to "client configuration" is wrong:
- current : https://sonatype.github.io/ossindex-public/maven/a…
-
Descriptions contain invalid reference links to ossindex.sonatype.org vulnerabilities.
At least for me it looks like sonatype changed their paths from _/resource/vulnerability_ to _/vuln_
Actual…
-
### Package URl
pkg:maven/xerces/xercesImpl@2.12.2
### CPE
`cpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*`
### CVE
CVE-2017-10355
### ODC Integration
{"label"=>"Gradle Plugin"}
### ODC Versio…
-
Package: jquery-ui@1.13.1 or above.
Vulnerability Title: [CVE-2024-30875] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vulnerability Description:
A C…
-
On JDK11, when the reportFile is set to an xml e.g. ossindex-audit.xml the JAXB classes are required and not found:
`Execution default-cli of goal org.sonatype.ossindex.maven:ossindex-maven-plugin…
-
### Current Behavior
Hello,
I'm migrating from OWASP Dependency Check (ODC) to OWASP Dependency track (ODT): so I'm trying to compare results for different projets.
I noticed a recurring differe…
-
Is this a threadsafe issue with v3.2.0 of org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies
```
java.nio.channels.OverlappingFileLockException …
-
### Current Behavior
Hello,
We have NVD + GHSA configured as vulnerability sources within our ODT instance.
Since we activated the GHSA we were used to get most of vulnerabilities twice (once with t…