-
I faced a problem while using a test jar dependency which results in a failing of `ossindex-maven-plugin` like the following:
```
[INFO] [jenkins-event-spy] Generated /var/jenkins_home/workspace/XXX…
-
### Package URl
pkg:maven/xerces/xercesImpl@2.12.2
### CPE
`cpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*`
### CVE
CVE-2017-10355
### ODC Integration
{"label"=>"Gradle Plugin"}
### ODC Versio…
-
In some machines, `mvn clean package` will fail and has following hint
```
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M1:enforce (vulnerability-checks) on …
MyXOF updated
5 years ago
-
Socket.IO Library has two vulnerabilities which are coming out from the internal OkHttp dependency. I've used the latest socket.io v2.1.0 which is using very old version 3.12.12 of OkHttp.
Followi…
-
Both OWASP Dependency-Check and OWASP Dependency-Track have been reporting "CVE-2024-29857" against "bc-fips". They link to detail here:
https://ossindex.sonatype.org/vulnerability/CVE-2024-29857?co…
-
**Additional context**
```
$ jake ddt --clear-cache
___ ___ ___
___ / /\ / /\ / /\
/__/\ / /::\ …
-
As reported by a users of OWASP dependency-check (https://github.com/jeremylong/DependencyCheck/issues/5154#issuecomment-1354610040) the OSSIndex API errors out (internal server error) on retrieval of…
-
I am trying to use `jake` to query vulnerabilties of conda package as listed from an environment.
This constructs a Conda packge URL (purl) as described in https://github.com/package-url/purl-spec/…
-
**Advisory details**
```
URL: https://ossindex.sonatype.org/component/pkg:rpm/centos/nss-softokn-freebl@3.14.3
format: rpm
namespace: centos (optionnal)
name: nss-softokn-freebl
versio…
-
Using config similar to below (obfuscated) - the excluded artefact is still included in the network request to query the index.
The excluded artefact is one of our internal dependencies. We do not w…