| Key | Value |
|---|---|
| Timestamp | 2023-09-06T12:49:53+00:00 |
| Signature | unsigned |
| Tool |
Vendor: aquasecurity Name: trivy Version: 0.45.0 |
| Component |
bom-ref: 63d1f6b4-abd7-4a33-aaaa-8a9d3eb1c6f8 Type: application Name: . Properties:
|
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow...
pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. N...
A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby in...
The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process...
Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptib...
A series of deserialization vulnerabilities have been discovered in Codehaus 1.9.x implemented in EA...
Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to exec...
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar ut...
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum P...
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and async...
snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. Th...
When logs are written to a widely-writable directory (the default), an unprivileged attacker may pre...
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result...
gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2...
Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential d...
| # | Description | Score | Score Progress |
|---|---|---|---|
| 1 | provided sbom is in a supported sbom format of spdx,cyclonedx | 10.0 |
|
| 2 | provided sbom should be in supported spec version for spec:1.5 and versions: 1.0,1.1,1.2,1.3,1.4,1.5,1.6 | 10.0 |
|
| 3 | provided sbom should be in supported file format for spec: json and version: json,xml | 10.0 |
|
| 4 | provided sbom is parsable | 10.0 |
|
| # | Description | Score | Score Progress |
|---|---|---|---|
| 1 | 0/1210 have supplier names | 0.0 |
|
| 2 | 1210/1210 have names | 10.0 |
|
| 3 | 1073/1210 have versions | 8.9 |
|
| 4 | 1210/1210 have unique ID's | 10.0 |
|
| 5 | doc has 136 dependencies | 10.0 |
|
| 6 | doc has 1 authors | 10.0 |
|
| 7 | doc has creation timestamp 2023-09-06T12:49:53+00:00 | 10.0 |
|
| # | Description | Score | Score Progress |
|---|---|---|---|
| 1 | Doc Fields:true Pkg Fields:true | 10.0 |
|
| 2 | 923/1210 have licenses | 7.6 |
|
| 3 | 0/1210 have checksums | 0.0 |
|
| # | Description | Score | Score Progress |
|---|---|---|---|
| 1 | 191/1210 components with valid license | 1.5 |
|
| 2 | 1210/1210 components have primary purpose specified | 10.0 |
|
| 3 | 1/1210 components have deprecated licenses | 10.0 |
|
| 4 | 0/1210 components have restricted licenses | 10.0 |
|
| 5 | 1073/1210 components have any lookup id | 8.9 |
|
| 6 | 0/1210 components have multiple lookup id | 0.0 |
|
| 7 | 1/1 tools have creator and version | 10.0 |
|
| 8 | primary component found | 10.0 |
|
| # | Description | Score | Score Progress |
|---|---|---|---|
| 1 | doc has a sharable license free 0 :: of 0 | 0.0 |
|