Get Vulnerability Updates

Data for SBOM Document ID: 61124625-e14e-495b-8b36-c2ea8cce360e

OWASP depscan Vulnerability Scan Trivy Vulnerability Scan Grype Vulnerability Scan sbomqs SBOM Score
Download SBOM (original upload) Download Signed SBOM (original upload) Download SBOM (recent vulnerability scan)
Share by Email ? Get Badge URL ? Get Badge markdown code ?
Key Value
Timestamp 2023-10-20T09:18:41Z
Signature unsigned
Tool Vendor: anchore
Name: grype
Version: 0.71.0
Component bom-ref: 84bac610dd1ce1a5
Type: container
Name: jenkins/jenkins
Total Components

478

SBOM Quality Score

7.11 / 10

Vulnerability Severity Distribution

EPSS Exploitability Score (lower is better)

Total Vulnerabilities

123

Critical

3

High

12

Medium

9

Low

5

None

92

CVE-2023-45853
Severity: Critical

MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipO...

GHSA-4wrc-f8pq-fpqp
Severity: Critical

Pivotal Spring Framework contains unsafe Java deserialization methods...

CVE-2023-28531
Severity: Critical

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destinat...

CVE-2023-31484
Severity: High

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS....

CVE-2023-31484
Severity: High

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS....

CVE-2023-29007
Severity: High

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, ...

CVE-2023-31484
Severity: High

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS....

CVE-2023-31484
Severity: High

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS....

CVE-2023-2953
Severity: High

A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_m...

CVE-2023-25652
Severity: High

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, ...

CVE-2023-29007
Severity: High

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, ...

GHSA-mjmj-j48q-9wg2
Severity: High

SnakeYaml Constructor Deserialization Remote Code Execution...

CVE-2023-25652
Severity: High

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, ...

GHSA-rm7j-f5g5-27vv
Severity: High

Denial of Service in JSON-Java...

GHSA-rm7j-f5g5-27vv
Severity: High

Denial of Service in JSON-Java...

Structural

Average: 7.5

# Description Score Score Progress
1 provided sbom is in a supported sbom format of spdx,cyclonedx 10.0
2 provided sbom should be in supported spec version for spec:1.5 and versions: 1.0,1.1,1.2,1.3,1.4 0.0
3 provided sbom should be in supported file format for spec: json and version: json,xml 10.0
4 provided sbom is parsable 10.0

NTIA-minimum-elements

Average: 7.1

# Description Score Score Progress
1 0/479 have supplier names 0.0
2 479/479 have names 10.0
3 478/479 have versions 10.0
4 479/479 have unique ID's 10.0
5 doc has 0 relationships 0.0
6 doc has 1 authors 10.0
7 doc has creation timestamp 2023-10-20T09:18:41Z 10.0

Semantic

Average: 4.4

# Description Score Score Progress
1 Doc Fields:true Pkg Fields:true 10.0
2 159/479 have licenses 3.3
3 0/479 have checksums 0.0

Quality

Average: 9.0

# Description Score Score Progress
1 159/479 components with valid license 3.3
2 479/479 components have primary purpose specified 10.0
3 0/479 components have deprecated licenses 10.0
4 6/479 components have restricted licenses 9.9
5 478/479 components have any lookup id 10.0
6 478/479 components have multiple lookup id 10.0
7 1/1 tools have creator and version 10.0

Sharing

Average: 0.0

# Description Score Score Progress
1 doc has a sharable license free 0 :: of 0 0.0