-
### Criticality:
high (8.7)
### CVE-Link or steps to reproduce:
https://nvd.nist.gov/vuln/detail/cve-2023-7272
https://ossindex.sonatype.org/vulnerability/CVE-2023-7272?component-type=maven&comp…
-
### Current Behavior
We have recently performed SBOM analysis and Dependency Track is not assigning the severity for many CVEs, even though the OSSIndex has it assigned.
Example.. (many more if you …
-
The idea is to add security analysis tool like [auditjs](https://github.com/sonatype-nexus-community/auditjs) to eliminate potential risks in release flow.
This can be done both for current and new…
-
**Describe the bug**
CVE-2024-28752 which is CRITICAL according to ossindex is reported as a HIGH by dependency check
**Version of dependency-check used**
The problem occurs using version 9.2.0 o…
-
* **What are you trying to do?**
jake currently uses cyclonedx-bom 3, cyclonedx-bom 4 was released in Jan 2024.
* **What feature or behavior is this required for?**
Update to use latest versions …
-
I use the ossindex-maven-plugin to produce a report of dependencies with vulnerabilities.
I run `xpath -q -e '/componentReportExport/vulnerable/entry/key/text()' target/ossindex-audit.xml` over the o…
-
### Current Behavior
Hello,
Since a while now we noticed that some CVEs are properly returned within the SBOM vulnerability report created by ODT, and then the next day on the exact same project (wi…
-
### Current Behavior:
#1642 introduced tracking of vulnerability aliases. We now know which vulnerabilities describe the same issue, but we don't yet use this data to reduce the overall noise of fi…
-
### Current Behavior
In OssIndexAnalysisTask.java - submit method the implementation swallow http exception so configs on RETRY is never used and from this reason any http call is successful
try …
-
Crosspost from https://github.com/OSSIndex/ossindex-gradle-plugin/issues/5
Does gretty highjack connections in gradle?
When OSSIndex tries to set up an connection gretty seems to break it.
https:…