-
The idea is to add security analysis tool like [auditjs](https://github.com/sonatype-nexus-community/auditjs) to eliminate potential risks in release flow.
This can be done both for current and new…
-
**Describe the bug**
CVE-2024-28752 which is CRITICAL according to ossindex is reported as a HIGH by dependency check
**Version of dependency-check used**
The problem occurs using version 9.2.0 o…
-
### Current Behavior
In OssIndexAnalysisTask.java - submit method the implementation swallow http exception so configs on RETRY is never used and from this reason any http call is successful
try …
-
### Package URl
pkg:maven/io.etcd/jetcd-core@0.8.3
### CPE
cpe:2.3:a:etcd:etcd:*:*:*:*:*:*:*:* versions up to (excluding) 3.3.23
### CVE
CVE-2020-15113
### ODC Integration
{"label"=>"Maven Plug…
-
### Package URl
pkg:maven/dnsjava/dnsjava@2.1.7
### CPE
null
### CVE
CVE-2024-25638
### ODC Integration
{"label"=>"Maven Plugin"}
### ODC Version
10.0.3
### Description
https://github.co…
-
I use the ossindex-maven-plugin to produce a report of dependencies with vulnerabilities.
I run `xpath -q -e '/componentReportExport/vulnerable/entry/key/text()' target/ossindex-audit.xml` over the o…
-
Please answer some questions before submitting your issue. Thanks!
### Which version of XXL-JOB do you using?
2.4.0
XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks.
CWE…
iexhx updated
6 months ago
-
Crosspost from https://github.com/OSSIndex/ossindex-gradle-plugin/issues/5
Does gretty highjack connections in gradle?
When OSSIndex tries to set up an connection gretty seems to break it.
https:…
-
* **What are you trying to do?**
Allow for more configurability
* **What feature or behavior is this required for?**
Allow people to set how long the TTL for the cached values from ossindex is s…
-