Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 9.0.10
Report Generated On: Tue, 9 Apr 2024 12:04:43 -0400
Dependencies Scanned: 105 (98 unique)
Vulnerable Dependencies: 11
Vulnerabilities Found: 20
Vulnerabilities Suppressed: 0
...
NVD API Last Checked: 2024-04-09T10:42:05-04
NVD API Last Modified: 2024-04-09T14:15:08Z

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Highest Severity	CVE Count	Confidence	Evidence Count
Saxon-HE-12.4.jar	cpe:2.3:a:kay_framework_project:kay_framework:12.4:::::::*	pkg:maven/net.sf.saxon/Saxon-HE@12.4		0	Low	55
ant-1.10.14.jar	cpe:2.3:a:apache:ant:1.10.14:::::::*	pkg:maven/org.apache.ant/ant@1.10.14		0	Highest	24
aopalliance-1.0.jar		pkg:maven/aopalliance/aopalliance@1.0		0		20
asm-9.7.jar		pkg:maven/org.ow2.asm/asm@9.7		0		54
asm-analysis-9.7.jar		pkg:maven/org.ow2.asm/asm-analysis@9.7		0		60
asm-commons-9.7.jar		pkg:maven/org.ow2.asm/asm-commons@9.7		0		58
asm-tree-9.7.jar		pkg:maven/org.ow2.asm/asm-tree@9.7		0		58
asm-util-9.7.jar		pkg:maven/org.ow2.asm/asm-util@9.7		0		58
bcel-6.8.2.jar	cpe:2.3:a:apache:commons_bcel:6.8.2:::::::*	pkg:maven/org.apache.bcel/bcel@6.8.2		0	Low	77
checker-qual-3.42.0.jar		pkg:maven/org.checkerframework/checker-qual@3.42.0		0		46
commons-beanutils-1.9.4.jar	cpe:2.3:a:apache:commons_beanutils:1.9.4:::::::*	pkg:maven/commons-beanutils/commons-beanutils@1.9.4		0	Highest	168
commons-chain-1.2.jar		pkg:maven/commons-chain/commons-chain@1.2		0		78
commons-codec-1.16.1.jar		pkg:maven/commons-codec/commons-codec@1.16.1		0		123
commons-collections-3.2.2.jar	cpe:2.3:a:apache:commons_collections:3.2.2:::::::*	pkg:maven/commons-collections/commons-collections@3.2.2		0	Highest	84
commons-digester-2.1.jar		pkg:maven/commons-digester/commons-digester@2.1		0		98
commons-io-2.16.1.jar	cpe:2.3:a:apache:commons_io:2.16.1:::::::*	pkg:maven/commons-io/commons-io@2.16.1		0	Highest	125
commons-lang-2.6.jar		pkg:maven/commons-lang/commons-lang@2.6		0		122
commons-lang3-3.14.0.jar		pkg:maven/org.apache.commons/commons-lang3@3.14.0		0		145
commons-text-1.10.0.jar	cpe:2.3:a:apache:commons_text:1.10.0:::::::*	pkg:maven/org.apache.commons/commons-text@1.10.0		0	Highest	71
dom4j-2.1.4.jar	cpe:2.3:a:dom4j_project:dom4j:2.1.4:::::::*	pkg:maven/org.dom4j/dom4j@2.1.4		0	Highest	21
doxia-core-1.12.0.jar		pkg:maven/org.apache.maven.doxia/doxia-core@1.12.0		0		26
doxia-decoration-model-1.11.1.jar		pkg:maven/org.apache.maven.doxia/doxia-decoration-model@1.11.1		0		26
doxia-integration-tools-1.11.1.jar		pkg:maven/org.apache.maven.doxia/doxia-integration-tools@1.11.1		0		28
doxia-logging-api-1.12.0.jar		pkg:maven/org.apache.maven.doxia/doxia-logging-api@1.12.0		0		28
doxia-module-xhtml-1.11.1.jar		pkg:maven/org.apache.maven.doxia/doxia-module-xhtml@1.11.1		0		28
doxia-module-xhtml5-1.11.1.jar		pkg:maven/org.apache.maven.doxia/doxia-module-xhtml5@1.11.1		0		28
doxia-sink-api-1.12.0.jar		pkg:maven/org.apache.maven.doxia/doxia-sink-api@1.12.0		0		28
doxia-site-renderer-1.11.1.jar		pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1		0		26
doxia-skin-model-1.11.1.jar		pkg:maven/org.apache.maven.doxia/doxia-skin-model@1.11.1		0		26
error_prone_annotations-2.26.1.jar		pkg:maven/com.google.errorprone/error_prone_annotations@2.26.1		0		29
failureaccess-1.0.2.jar		pkg:maven/com.google.guava/failureaccess@1.0.2		0		32
groovy-4.0.21.jar	cpe:2.3:a:apache:groovy:4.0.21:::::::*	pkg:maven/org.apache.groovy/groovy@4.0.21		0	Highest	289
groovy-ant-4.0.21.jar	cpe:2.3:a:apache:ant:4.0.21:::::::* cpe:2.3:a:apache:groovy:4.0.21:::::::*	pkg:maven/org.apache.groovy/groovy-ant@4.0.21		0	Highest	286
gson-2.10.1.jar	cpe:2.3:a:google:gson:2.10.1:::::::*	pkg:maven/com.google.code.gson/gson@2.10.1		0	Highest	33
guava-33.1.0-jre.jar	cpe:2.3:a:google:guava:33.1.0:::::::*	pkg:maven/com.google.guava/guava@33.1.0-jre		0	Highest	27
guice-5.1.0.jar		pkg:maven/com.google.inject/guice@5.1.0		0		34
httpclient-4.5.13.jar	cpe:2.3:a:apache:httpclient:4.5.13:::::::*	pkg:maven/org.apache.httpcomponents/httpclient@4.5.13		0	Highest	32
httpclient5-5.1.3.jar	cpe:2.3:a:apache:httpclient:5.1.3:::::::*	pkg:maven/org.apache.httpcomponents.client5/httpclient5@5.1.3		0	Highest	30
httpcore-4.4.14.jar		pkg:maven/org.apache.httpcomponents/httpcore@4.4.14		0		32
httpcore5-5.1.3.jar		pkg:maven/org.apache.httpcomponents.core5/httpcore5@5.1.3		0		30
httpcore5-h2-5.1.3.jar		pkg:maven/org.apache.httpcomponents.core5/httpcore5-h2@5.1.3		0		30
j2objc-annotations-3.0.0.jar		pkg:maven/com.google.j2objc/j2objc-annotations@3.0.0		0		33
javaparser-core-3.25.10.jar		pkg:maven/com.github.javaparser/javaparser-core@3.25.10		0		27
javax.annotation-api-1.2.jar		pkg:maven/javax.annotation/javax.annotation-api@1.2		0		46
javax.inject-1.jar		pkg:maven/javax.inject/javax.inject@1		0		20
jaxen-2.0.0.jar		pkg:maven/jaxen/jaxen@2.0.0		0		25
jcip-annotations-1.0-1.jar		pkg:maven/com.github.stephenc.jcip/jcip-annotations@1.0-1		0		25
jcl-over-slf4j-2.0.12.jar		pkg:maven/org.slf4j/jcl-over-slf4j@2.0.12		0		31
jsr305-3.0.2.jar		pkg:maven/com.google.code.findbugs/jsr305@3.0.2		0		17
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar		pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava		0		13
log4j-api-2.23.1.jar	cpe:2.3:a:apache:log4j:2.23.1:::::::*	pkg:maven/org.apache.logging.log4j/log4j-api@2.23.1		0	Highest	39
log4j-to-slf4j-2.23.1.jar		pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.23.1		0		37
lombok-1.18.32.jar: mavenEcjBootstrapAgent.jar				0		7
lombok-1.18.32.jar		pkg:maven/org.projectlombok/lombok@1.18.32		0		36
maven-artifact-3.9.6.jar		pkg:maven/org.apache.maven/maven-artifact@3.9.6		0		26
maven-artifact-transfer-0.13.1.jar		pkg:maven/org.apache.maven.shared/maven-artifact-transfer@0.13.1		0		33
maven-builder-support-3.9.6.jar		pkg:maven/org.apache.maven/maven-builder-support@3.9.6		0		24
maven-common-artifact-filters-3.3.2.jar		pkg:maven/org.apache.maven.shared/maven-common-artifact-filters@3.3.2		0		29
maven-core-3.9.6.jar	cpe:2.3:a:apache:maven:3.9.6:::::::*	pkg:maven/org.apache.maven/maven-core@3.9.6		0	Highest	24
maven-model-3.9.6.jar		pkg:maven/org.apache.maven/maven-model@3.9.6		0		26
maven-model-builder-3.9.6.jar		pkg:maven/org.apache.maven/maven-model-builder@3.9.6		0		32
maven-plugin-annotations-3.12.0.jar		pkg:maven/org.apache.maven.plugin-tools/maven-plugin-annotations@3.12.0		0		26
maven-plugin-api-3.9.6.jar		pkg:maven/org.apache.maven/maven-plugin-api@3.9.6		0		26
maven-reporting-api-3.1.1.jar		pkg:maven/org.apache.maven.reporting/maven-reporting-api@3.1.1		0		35
maven-reporting-impl-3.2.0.jar		pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0		0		35
maven-repository-metadata-3.9.6.jar		pkg:maven/org.apache.maven/maven-repository-metadata@3.9.6		0		26
maven-resolver-api-1.9.18.jar		pkg:maven/org.apache.maven.resolver/maven-resolver-api@1.9.18		0		34
maven-resolver-impl-1.9.18.jar		pkg:maven/org.apache.maven.resolver/maven-resolver-impl@1.9.18		0		32
maven-resolver-named-locks-1.9.18.jar		pkg:maven/org.apache.maven.resolver/maven-resolver-named-locks@1.9.18		0		33
maven-resolver-provider-3.9.6.jar		pkg:maven/org.apache.maven/maven-resolver-provider@3.9.6		0		26
maven-resolver-spi-1.9.18.jar		pkg:maven/org.apache.maven.resolver/maven-resolver-spi@1.9.18		0		32
maven-resolver-util-1.9.18.jar		pkg:maven/org.apache.maven.resolver/maven-resolver-util@1.9.18		0		36
maven-settings-3.9.6.jar		pkg:maven/org.apache.maven/maven-settings@3.9.6		0		26
maven-settings-builder-3.9.6.jar		pkg:maven/org.apache.maven/maven-settings-builder@3.9.6		0		26
maven-shared-utils-3.4.2.jar	cpe:2.3:a:apache:maven_shared_utils:3.4.2:::::::* cpe:2.3:a:utils_project:utils:3.4.2:::::::*	pkg:maven/org.apache.maven.shared/maven-shared-utils@3.4.2		0	Highest	29
modernizer-maven-annotations-2.7.0.jar		pkg:maven/org.gaul/modernizer-maven-annotations@2.7.0		0		19
org.eclipse.sisu.inject-0.9.0.M2.jar		pkg:maven/org.eclipse.sisu/org.eclipse.sisu.inject@0.9.0.M2		0		32
org.eclipse.sisu.plexus-0.9.0.M2.jar		pkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.9.0.M2		0		29
oro-2.0.8.jar		pkg:maven/oro/oro@2.0.8		0		16
plexus-cipher-2.0.jar	cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.0:::::::*	pkg:maven/org.codehaus.plexus/plexus-cipher@2.0	HIGH	2	Highest	20
plexus-classworlds-2.7.0.jar	cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.7.0:::::::*	pkg:maven/org.codehaus.plexus/plexus-classworlds@2.7.0	HIGH	2	Highest	28
plexus-component-annotations-2.0.0.jar	cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.0.0:::::::*	pkg:maven/org.codehaus.plexus/plexus-component-annotations@2.0.0	HIGH	2	Highest	27
plexus-i18n-1.0-beta-10.jar	cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0.eta-10:::::::*	pkg:maven/org.codehaus.plexus/plexus-i18n@1.0-beta-10	HIGH	2	Highest	24
plexus-interpolation-1.26.jar	cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.26:::::::*	pkg:maven/org.codehaus.plexus/plexus-interpolation@1.26	HIGH	2	Highest	25
plexus-resources-1.3.0.jar	cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.3.0:::::::*	pkg:maven/org.codehaus.plexus/plexus-resources@1.3.0	HIGH	2	Highest	22
plexus-sec-dispatcher-2.0.jar	cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.0:::::::* cpe:2.3:a:sec_project:sec:2.0:::::::*	pkg:maven/org.codehaus.plexus/plexus-sec-dispatcher@2.0	HIGH	2	Highest	20
plexus-utils-4.0.0.jar	cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:4.0.0:::::::* cpe:2.3:a:plexus-utils_project:plexus-utils:4.0.0:::::::* cpe:2.3:a:utils_project:utils:4.0.0:::::::*	pkg:maven/org.codehaus.plexus/plexus-utils@4.0.0		0	Highest	24
plexus-velocity-1.2.jar	cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:::::::*	pkg:maven/org.codehaus.plexus/plexus-velocity@1.2	HIGH	2	Highest	25
plexus-xml-3.0.0.jar	cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:3.0.0:::::::*	pkg:maven/org.codehaus.plexus/plexus-xml@3.0.0	HIGH	2	Highest	24
qdox-1.12.1.jar		pkg:maven/com.thoughtworks.qdox/qdox@1.12.1		0		55
slf4j-api-2.0.12.jar		pkg:maven/org.slf4j/slf4j-api@2.0.12		0		29
slf4j-simple-2.0.12.jar		pkg:maven/org.slf4j/slf4j-simple@2.0.12		0		37
spotbugs-4.8.4.jar		pkg:maven/com.github.spotbugs/spotbugs@4.8.4		0		48
spotbugs-annotations-4.8.4.jar		pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.4		0		53
velocity-1.7.jar	cpe:2.3:a:apache:velocity_engine:1.7:::::::*	pkg:maven/org.apache.velocity/velocity@1.7	HIGH	1	Low	76
velocity-tools-2.0.jar	cpe:2.3:a:apache:velocity_tools:2.0:::::::*	pkg:maven/org.apache.velocity/velocity-tools@2.0	MEDIUM	1	Highest	76
xmlresolver-5.2.2-data.jar		pkg:maven/org.xmlresolver/xmlresolver@5.2.2		0		12
xmlresolver-5.2.2.jar		pkg:maven/org.xmlresolver/xmlresolver@5.2.2		0		26

Dependencies (vulnerable)

Saxon-HE-12.4.jar

Description:

The XSLT and XQuery Processor

License:

Mozilla Public License Version 2.0: http://www.mozilla.org/MPL/2.0/

File Path: C:\Users\Jeremy\.m2\repository\net\sf\saxon\Saxon-HE\12.4\Saxon-HE-12.4.jar
MD5: b6319126413fa812ab937cdfac1e162c
SHA1: b532e44a8bf4007bbce69467801778a955599c52
SHA256:575f8b696e3b6f9aa7a3bf01611b8bf1b84576b55ce29bc16656a53a147ef441
Referenced In Project/Scope: spotbugs-maven-plugin:runtime
pkg:maven/com.github.spotbugs/spotbugs@4.8.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	Saxon-HE	High
Vendor	jar	package name	net	Highest
Vendor	jar	package name	saxon	Highest
Vendor	jar	package name	sf	Highest
Vendor	Manifest	project-name	Saxon-HE	Medium
Vendor	pom	artifactid	Saxon-HE	Highest
Vendor	pom	artifactid	Saxon-HE	Low
Vendor	pom	developer email	debbie@saxonica.com	Low
Vendor	pom	developer email	john@saxonica.com	Low
Vendor	pom	developer email	mike@saxonica.com	Low
Vendor	pom	developer email	norm@saxonica.com	Low
Vendor	pom	developer email	oneil@saxonica.com	Low
Vendor	pom	developer id	debbie	Medium
Vendor	pom	developer id	john	Medium
Vendor	pom	developer id	mike	Medium
Vendor	pom	developer id	norm	Medium
Vendor	pom	developer id	ond1	Medium
Vendor	pom	developer name	Debbie Lockett	Medium
Vendor	pom	developer name	John Lumley	Medium
Vendor	pom	developer name	Michael Kay	Medium
Vendor	pom	developer name	Norman Walsh	Medium
Vendor	pom	developer name	O’Neil Delpratt	Medium
Vendor	pom	groupid	net.sf.saxon	Highest
Vendor	pom	name	Saxon-HE	High
Vendor	pom	organization name	Saxonica	High
Vendor	pom	organization url	https://www.saxonica.com/	Medium
Vendor	pom	url	http://www.saxonica.com/	Highest
Product	file	name	Saxon-HE	High
Product	jar	package name	net	Highest
Product	jar	package name	saxon	Highest
Product	jar	package name	sf	Highest
Product	Manifest	project-name	Saxon-HE	Medium
Product	pom	artifactid	Saxon-HE	Highest
Product	pom	developer email	debbie@saxonica.com	Low
Product	pom	developer email	john@saxonica.com	Low
Product	pom	developer email	mike@saxonica.com	Low
Product	pom	developer email	norm@saxonica.com	Low
Product	pom	developer email	oneil@saxonica.com	Low
Product	pom	developer id	debbie	Low
Product	pom	developer id	john	Low
Product	pom	developer id	mike	Low
Product	pom	developer id	norm	Low
Product	pom	developer id	ond1	Low
Product	pom	developer name	Debbie Lockett	Low
Product	pom	developer name	John Lumley	Low
Product	pom	developer name	Michael Kay	Low
Product	pom	developer name	Norman Walsh	Low
Product	pom	developer name	O’Neil Delpratt	Low
Product	pom	groupid	net.sf.saxon	Highest
Product	pom	name	Saxon-HE	High
Product	pom	organization name	Saxonica	Low
Product	pom	organization url	https://www.saxonica.com/	Low
Product	pom	url	http://www.saxonica.com/	Medium
Version	file	version	12.4	High
Version	pom	version	12.4	Highest

Identifiers

pkg:maven/net.sf.saxon/Saxon-HE@12.4 (Confidence:High)
cpe:2.3:a:kay_framework_project:kay_framework:12.4:*:*:*:*:*:*:* (Confidence:Low)

ant-1.10.14.jar

File Path: C:\Users\Jeremy\.m2\repository\org\apache\ant\ant\1.10.14\ant-1.10.14.jar
MD5: 263e00d844d0e4efa54440ec5ed6362a
SHA1: 1edce9bbfa60dfd51f010879c78f4421dafae7a7
SHA256:4cbbd9243de4c1042d61d9a15db4c43c90ff93b16d78b39481da1c956c8e9671
Referenced In Project/Scope: spotbugs-maven-plugin:compile
ant-1.10.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	ant	High
Vendor	jar	package name	ant	Highest
Vendor	jar	package name	apache	Highest
Vendor	manifest: org/apache/tools/ant/	Implementation-Vendor	Apache Software Foundation	Medium
Vendor	pom	artifactid	ant	Highest
Vendor	pom	artifactid	ant	Low
Vendor	pom	groupid	org.apache.ant	Highest
Vendor	pom	name	Apache Ant Core	High
Vendor	pom	parent-artifactid	ant-parent	Low
Vendor	pom	url	https://ant.apache.org/	Highest
Product	file	name	ant	High
Product	jar	package name	ant	Highest
Product	jar	package name	apache	Highest
Product	jar	package name	tools	Highest
Product	manifest: org/apache/tools/ant/	Implementation-Title	org.apache.tools.ant	Medium
Product	manifest: org/apache/tools/ant/	Specification-Title	Apache Ant	Medium
Product	pom	artifactid	ant	Highest
Product	pom	groupid	org.apache.ant	Highest
Product	pom	name	Apache Ant Core	High
Product	pom	parent-artifactid	ant-parent	Medium
Product	pom	url	https://ant.apache.org/	Medium
Version	file	version	1.10.14	High
Version	manifest: org/apache/tools/ant/	Implementation-Version	1.10.14	Medium
Version	pom	version	1.10.14	Highest

Related Dependencies

Identifiers

pkg:maven/org.apache.ant/ant@1.10.14 (Confidence:High)
cpe:2.3:a:apache:ant:1.10.14:*:*:*:*:*:*:* (Confidence:Highest)

aopalliance-1.0.jar

Description:

AOP Alliance

License:

Public Domain

File Path: C:\Users\Jeremy\.m2\repository\aopalliance\aopalliance\1.0\aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	aopalliance	High
Vendor	jar	package name	aop	Highest
Vendor	jar	package name	aopalliance	Highest
Vendor	jar	package name	aopalliance	Low
Vendor	jar	package name	intercept	Low
Vendor	pom	artifactid	aopalliance	Highest
Vendor	pom	artifactid	aopalliance	Low
Vendor	pom	groupid	aopalliance	Highest
Vendor	pom	name	AOP alliance	High
Vendor	pom	url	http://aopalliance.sourceforge.net	Highest
Product	file	name	aopalliance	High
Product	jar	package name	aop	Highest
Product	jar	package name	aopalliance	Highest
Product	jar	package name	intercept	Low
Product	pom	artifactid	aopalliance	Highest
Product	pom	groupid	aopalliance	Highest
Product	pom	name	AOP alliance	High
Product	pom	url	http://aopalliance.sourceforge.net	Medium
Version	file	version	1.0	High
Version	pom	version	1.0	Highest

Identifiers

pkg:maven/aopalliance/aopalliance@1.0 (Confidence:High)

asm-9.7.jar

Description:

ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html

File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm\9.7\asm-9.7.jar
MD5: 3957b18bf02a62edcb6726d074b90b08
SHA1: 073d7b3086e14beb604ced229c302feff6449723
SHA256:adf46d5e34940bdf148ecdd26a9ee8eea94496a72034ff7141066b3eea5c4e9d
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	asm	High
Vendor	jar	package name	asm	Highest
Vendor	jar	package name	objectweb	Highest
Vendor	Manifest	bundle-docurl	http://asm.ow2.org	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	Manifest	bundle-symbolicname	org.objectweb.asm	Medium
Vendor	pom	artifactid	asm	Highest
Vendor	pom	artifactid	asm	Low
Vendor	pom	developer email	ebruneton@free.fr	Low
Vendor	pom	developer email	eu@javatx.org	Low
Vendor	pom	developer email	forax@univ-mlv.fr	Low
Vendor	pom	developer id	ebruneton	Medium
Vendor	pom	developer id	eu	Medium
Vendor	pom	developer id	forax	Medium
Vendor	pom	developer name	Eric Bruneton	Medium
Vendor	pom	developer name	Eugene Kuleshov	Medium
Vendor	pom	developer name	Remi Forax	Medium
Vendor	pom	groupid	org.ow2.asm	Highest
Vendor	pom	name	asm	High
Vendor	pom	organization name	OW2	High
Vendor	pom	organization url	http://www.ow2.org/	Medium
Vendor	pom	parent-artifactid	ow2	Low
Vendor	pom	parent-groupid	org.ow2	Medium
Vendor	pom	url	http://asm.ow2.io/	Highest
Product	file	name	asm	High
Product	jar	package name	asm	Highest
Product	jar	package name	objectweb	Highest
Product	Manifest	bundle-docurl	http://asm.ow2.org	Low
Product	Manifest	Bundle-Name	org.objectweb.asm	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	bundle-symbolicname	org.objectweb.asm	Medium
Product	Manifest	Implementation-Title	ASM, a very small and fast Java bytecode manipulation framework	High
Product	pom	artifactid	asm	Highest
Product	pom	developer email	ebruneton@free.fr	Low
Product	pom	developer email	eu@javatx.org	Low
Product	pom	developer email	forax@univ-mlv.fr	Low
Product	pom	developer id	ebruneton	Low
Product	pom	developer id	eu	Low
Product	pom	developer id	forax	Low
Product	pom	developer name	Eric Bruneton	Low
Product	pom	developer name	Eugene Kuleshov	Low
Product	pom	developer name	Remi Forax	Low
Product	pom	groupid	org.ow2.asm	Highest
Product	pom	name	asm	High
Product	pom	organization name	OW2	Low
Product	pom	organization url	http://www.ow2.org/	Low
Product	pom	parent-artifactid	ow2	Medium
Product	pom	parent-groupid	org.ow2	Medium
Product	pom	url	http://asm.ow2.io/	Medium
Version	file	version	9.7	High
Version	Manifest	Bundle-Version	9.7	High
Version	Manifest	Implementation-Version	9.7	High
Version	pom	parent-version	9.7	Low
Version	pom	version	9.7	Highest

Identifiers

pkg:maven/org.ow2.asm/asm@9.7 (Confidence:High)

asm-analysis-9.7.jar

Description:

Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html

File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-analysis\9.7\asm-analysis-9.7.jar
MD5: 910ac9c691023f1a9ff33c413ae9fbf6
SHA1: e4a258b7eb96107106c0599f0061cfc1832fe07a
SHA256:7bc6bcbc21379948a0c8c467fb0f864206e5b818f6bc0b546872f5c9f941556f
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	asm-analysis	High
Vendor	jar	package name	analysis	Highest
Vendor	jar	package name	asm	Highest
Vendor	jar	package name	objectweb	Highest
Vendor	jar	package name	tree	Highest
Vendor	Manifest	bundle-docurl	http://asm.ow2.org	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	Manifest	bundle-symbolicname	org.objectweb.asm.tree.analysis	Medium
Vendor	Manifest	module-requires	org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true	Low
Vendor	pom	artifactid	asm-analysis	Highest
Vendor	pom	artifactid	asm-analysis	Low
Vendor	pom	developer email	ebruneton@free.fr	Low
Vendor	pom	developer email	eu@javatx.org	Low
Vendor	pom	developer email	forax@univ-mlv.fr	Low
Vendor	pom	developer id	ebruneton	Medium
Vendor	pom	developer id	eu	Medium
Vendor	pom	developer id	forax	Medium
Vendor	pom	developer name	Eric Bruneton	Medium
Vendor	pom	developer name	Eugene Kuleshov	Medium
Vendor	pom	developer name	Remi Forax	Medium
Vendor	pom	groupid	org.ow2.asm	Highest
Vendor	pom	name	asm-analysis	High
Vendor	pom	organization name	OW2	High
Vendor	pom	organization url	http://www.ow2.org/	Medium
Vendor	pom	parent-artifactid	ow2	Low
Vendor	pom	parent-groupid	org.ow2	Medium
Vendor	pom	url	http://asm.ow2.io/	Highest
Product	file	name	asm-analysis	High
Product	jar	package name	analysis	Highest
Product	jar	package name	asm	Highest
Product	jar	package name	objectweb	Highest
Product	jar	package name	tree	Highest
Product	Manifest	bundle-docurl	http://asm.ow2.org	Low
Product	Manifest	Bundle-Name	org.objectweb.asm.tree.analysis	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	bundle-symbolicname	org.objectweb.asm.tree.analysis	Medium
Product	Manifest	Implementation-Title	Static code analysis API of ASM, a very small and fast Java bytecode manipulation framework	High
Product	Manifest	module-requires	org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true	Low
Product	pom	artifactid	asm-analysis	Highest
Product	pom	developer email	ebruneton@free.fr	Low
Product	pom	developer email	eu@javatx.org	Low
Product	pom	developer email	forax@univ-mlv.fr	Low
Product	pom	developer id	ebruneton	Low
Product	pom	developer id	eu	Low
Product	pom	developer id	forax	Low
Product	pom	developer name	Eric Bruneton	Low
Product	pom	developer name	Eugene Kuleshov	Low
Product	pom	developer name	Remi Forax	Low
Product	pom	groupid	org.ow2.asm	Highest
Product	pom	name	asm-analysis	High
Product	pom	organization name	OW2	Low
Product	pom	organization url	http://www.ow2.org/	Low
Product	pom	parent-artifactid	ow2	Medium
Product	pom	parent-groupid	org.ow2	Medium
Product	pom	url	http://asm.ow2.io/	Medium
Version	file	version	9.7	High
Version	Manifest	Bundle-Version	9.7	High
Version	Manifest	Implementation-Version	9.7	High
Version	pom	parent-version	9.7	Low
Version	pom	version	9.7	Highest

Identifiers

pkg:maven/org.ow2.asm/asm-analysis@9.7 (Confidence:High)

asm-commons-9.7.jar

Description:

Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html

File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-commons\9.7\asm-commons-9.7.jar
MD5: 53a46610df6a8dbc4ff85b8fd4cdea66
SHA1: e86dda4696d3c185fcc95d8d311904e7ce38a53f
SHA256:389bc247958e049fc9a0408d398c92c6d370c18035120395d4cba1d9d9304b7a
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	asm-commons	High
Vendor	jar	package name	asm	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	objectweb	Highest
Vendor	Manifest	bundle-docurl	http://asm.ow2.org	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	Manifest	bundle-symbolicname	org.objectweb.asm.commons	Medium
Vendor	Manifest	module-requires	org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true	Low
Vendor	pom	artifactid	asm-commons	Highest
Vendor	pom	artifactid	asm-commons	Low
Vendor	pom	developer email	ebruneton@free.fr	Low
Vendor	pom	developer email	eu@javatx.org	Low
Vendor	pom	developer email	forax@univ-mlv.fr	Low
Vendor	pom	developer id	ebruneton	Medium
Vendor	pom	developer id	eu	Medium
Vendor	pom	developer id	forax	Medium
Vendor	pom	developer name	Eric Bruneton	Medium
Vendor	pom	developer name	Eugene Kuleshov	Medium
Vendor	pom	developer name	Remi Forax	Medium
Vendor	pom	groupid	org.ow2.asm	Highest
Vendor	pom	name	asm-commons	High
Vendor	pom	organization name	OW2	High
Vendor	pom	organization url	http://www.ow2.org/	Medium
Vendor	pom	parent-artifactid	ow2	Low
Vendor	pom	parent-groupid	org.ow2	Medium
Vendor	pom	url	http://asm.ow2.io/	Highest
Product	file	name	asm-commons	High
Product	jar	package name	asm	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	objectweb	Highest
Product	Manifest	bundle-docurl	http://asm.ow2.org	Low
Product	Manifest	Bundle-Name	org.objectweb.asm.commons	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	bundle-symbolicname	org.objectweb.asm.commons	Medium
Product	Manifest	Implementation-Title	Usefull class adapters based on ASM, a very small and fast Java bytecode manipulation framework	High
Product	Manifest	module-requires	org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true	Low
Product	pom	artifactid	asm-commons	Highest
Product	pom	developer email	ebruneton@free.fr	Low
Product	pom	developer email	eu@javatx.org	Low
Product	pom	developer email	forax@univ-mlv.fr	Low
Product	pom	developer id	ebruneton	Low
Product	pom	developer id	eu	Low
Product	pom	developer id	forax	Low
Product	pom	developer name	Eric Bruneton	Low
Product	pom	developer name	Eugene Kuleshov	Low
Product	pom	developer name	Remi Forax	Low
Product	pom	groupid	org.ow2.asm	Highest
Product	pom	name	asm-commons	High
Product	pom	organization name	OW2	Low
Product	pom	organization url	http://www.ow2.org/	Low
Product	pom	parent-artifactid	ow2	Medium
Product	pom	parent-groupid	org.ow2	Medium
Product	pom	url	http://asm.ow2.io/	Medium
Version	file	version	9.7	High
Version	Manifest	Bundle-Version	9.7	High
Version	Manifest	Implementation-Version	9.7	High
Version	pom	parent-version	9.7	Low
Version	pom	version	9.7	Highest

Identifiers

pkg:maven/org.ow2.asm/asm-commons@9.7 (Confidence:High)

asm-tree-9.7.jar

Description:

Tree API of ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html

File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-tree\9.7\asm-tree-9.7.jar
MD5: ea5cad3e0cbd2520688e4b0b5c4218e7
SHA1: e446a17b175bfb733b87c5c2560ccb4e57d69f1a
SHA256:62f4b3bc436045c1acb5c3ba2d8ec556ec3369093d7f5d06c747eb04b56d52b1
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	asm-tree	High
Vendor	jar	package name	asm	Highest
Vendor	jar	package name	objectweb	Highest
Vendor	jar	package name	tree	Highest
Vendor	Manifest	bundle-docurl	http://asm.ow2.org	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	Manifest	bundle-symbolicname	org.objectweb.asm.tree	Medium
Vendor	Manifest	module-requires	org.objectweb.asm;transitive=true	Low
Vendor	pom	artifactid	asm-tree	Highest
Vendor	pom	artifactid	asm-tree	Low
Vendor	pom	developer email	ebruneton@free.fr	Low
Vendor	pom	developer email	eu@javatx.org	Low
Vendor	pom	developer email	forax@univ-mlv.fr	Low
Vendor	pom	developer id	ebruneton	Medium
Vendor	pom	developer id	eu	Medium
Vendor	pom	developer id	forax	Medium
Vendor	pom	developer name	Eric Bruneton	Medium
Vendor	pom	developer name	Eugene Kuleshov	Medium
Vendor	pom	developer name	Remi Forax	Medium
Vendor	pom	groupid	org.ow2.asm	Highest
Vendor	pom	name	asm-tree	High
Vendor	pom	organization name	OW2	High
Vendor	pom	organization url	http://www.ow2.org/	Medium
Vendor	pom	parent-artifactid	ow2	Low
Vendor	pom	parent-groupid	org.ow2	Medium
Vendor	pom	url	http://asm.ow2.io/	Highest
Product	file	name	asm-tree	High
Product	jar	package name	asm	Highest
Product	jar	package name	objectweb	Highest
Product	jar	package name	tree	Highest
Product	Manifest	bundle-docurl	http://asm.ow2.org	Low
Product	Manifest	Bundle-Name	org.objectweb.asm.tree	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	bundle-symbolicname	org.objectweb.asm.tree	Medium
Product	Manifest	Implementation-Title	Tree API of ASM, a very small and fast Java bytecode manipulation framework	High
Product	Manifest	module-requires	org.objectweb.asm;transitive=true	Low
Product	pom	artifactid	asm-tree	Highest
Product	pom	developer email	ebruneton@free.fr	Low
Product	pom	developer email	eu@javatx.org	Low
Product	pom	developer email	forax@univ-mlv.fr	Low
Product	pom	developer id	ebruneton	Low
Product	pom	developer id	eu	Low
Product	pom	developer id	forax	Low
Product	pom	developer name	Eric Bruneton	Low
Product	pom	developer name	Eugene Kuleshov	Low
Product	pom	developer name	Remi Forax	Low
Product	pom	groupid	org.ow2.asm	Highest
Product	pom	name	asm-tree	High
Product	pom	organization name	OW2	Low
Product	pom	organization url	http://www.ow2.org/	Low
Product	pom	parent-artifactid	ow2	Medium
Product	pom	parent-groupid	org.ow2	Medium
Product	pom	url	http://asm.ow2.io/	Medium
Version	file	version	9.7	High
Version	Manifest	Bundle-Version	9.7	High
Version	Manifest	Implementation-Version	9.7	High
Version	pom	parent-version	9.7	Low
Version	pom	version	9.7	Highest

Identifiers

pkg:maven/org.ow2.asm/asm-tree@9.7 (Confidence:High)

asm-util-9.7.jar

Description:

Utilities for ASM, a very small and fast Java bytecode manipulation framework

License:

BSD-3-Clause: https://asm.ow2.io/license.html

File Path: C:\Users\Jeremy\.m2\repository\org\ow2\asm\asm-util\9.7\asm-util-9.7.jar
MD5: e7d6e20888e6fd99605f4c5fe1dfa8b0
SHA1: c0655519f24d92af2202cb681cd7c1569df6ead6
SHA256:37a6414d36641973f1af104937c95d6d921b2ddb4d612c66c5a9f2b13fc14211
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	asm-util	High
Vendor	jar	package name	asm	Highest
Vendor	jar	package name	objectweb	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	bundle-docurl	http://asm.ow2.org	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	Manifest	bundle-symbolicname	org.objectweb.asm.util	Medium
Vendor	Manifest	module-requires	org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true	Low
Vendor	pom	artifactid	asm-util	Highest
Vendor	pom	artifactid	asm-util	Low
Vendor	pom	developer email	ebruneton@free.fr	Low
Vendor	pom	developer email	eu@javatx.org	Low
Vendor	pom	developer email	forax@univ-mlv.fr	Low
Vendor	pom	developer id	ebruneton	Medium
Vendor	pom	developer id	eu	Medium
Vendor	pom	developer id	forax	Medium
Vendor	pom	developer name	Eric Bruneton	Medium
Vendor	pom	developer name	Eugene Kuleshov	Medium
Vendor	pom	developer name	Remi Forax	Medium
Vendor	pom	groupid	org.ow2.asm	Highest
Vendor	pom	name	asm-util	High
Vendor	pom	organization name	OW2	High
Vendor	pom	organization url	http://www.ow2.org/	Medium
Vendor	pom	parent-artifactid	ow2	Low
Vendor	pom	parent-groupid	org.ow2	Medium
Vendor	pom	url	http://asm.ow2.io/	Highest
Product	file	name	asm-util	High
Product	jar	package name	asm	Highest
Product	jar	package name	objectweb	Highest
Product	jar	package name	util	Highest
Product	Manifest	bundle-docurl	http://asm.ow2.org	Low
Product	Manifest	Bundle-Name	org.objectweb.asm.util	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	bundle-symbolicname	org.objectweb.asm.util	Medium
Product	Manifest	Implementation-Title	Utilities for ASM, a very small and fast Java bytecode manipulation framework	High
Product	Manifest	module-requires	org.objectweb.asm;transitive=true,org.objectweb.asm.tree;transitive=true,org.objectweb.asm.tree.analysis;transitive=true	Low
Product	pom	artifactid	asm-util	Highest
Product	pom	developer email	ebruneton@free.fr	Low
Product	pom	developer email	eu@javatx.org	Low
Product	pom	developer email	forax@univ-mlv.fr	Low
Product	pom	developer id	ebruneton	Low
Product	pom	developer id	eu	Low
Product	pom	developer id	forax	Low
Product	pom	developer name	Eric Bruneton	Low
Product	pom	developer name	Eugene Kuleshov	Low
Product	pom	developer name	Remi Forax	Low
Product	pom	groupid	org.ow2.asm	Highest
Product	pom	name	asm-util	High
Product	pom	organization name	OW2	Low
Product	pom	organization url	http://www.ow2.org/	Low
Product	pom	parent-artifactid	ow2	Medium
Product	pom	parent-groupid	org.ow2	Medium
Product	pom	url	http://asm.ow2.io/	Medium
Version	file	version	9.7	High
Version	Manifest	Bundle-Version	9.7	High
Version	Manifest	Implementation-Version	9.7	High
Version	pom	parent-version	9.7	Low
Version	pom	version	9.7	Highest

Identifiers

pkg:maven/org.ow2.asm/asm-util@9.7 (Confidence:High)

bcel-6.8.2.jar

Description:

Apache Commons Bytecode Engineering Library

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\org\apache\bcel\bcel\6.8.2\bcel-6.8.2.jar
MD5: 4175796399cc0a92af9c330332947deb
SHA1: d2b23e23425731152cfca72aabe5cc0edecf96e3
SHA256:b656cc4b9a3d11ed1a4f820d10e71926a1e653ded309f657893a52639f9beb1a
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	bcel	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	bcel	Highest
Vendor	Manifest	automatic-module-name	org.apache.bcel	Medium
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-bcel	Low
Vendor	Manifest	bundle-symbolicname	org.apache.bcel	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	bcel	Highest
Vendor	pom	artifactid	bcel	Low
Vendor	pom	developer email	dbrosius at mebigfatguy.com	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	jason at zenplex.com	Low
Vendor	pom	developer email	m.dahm at gmx.de	Low
Vendor	pom	developer email	tcurdt at apache.org	Low
Vendor	pom	developer id	dbrosius	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	mdahm	Medium
Vendor	pom	developer id	tcurdt	Medium
Vendor	pom	developer name	Dave Brosius	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Jason van Zyl	Medium
Vendor	pom	developer name	Markus Dahm	Medium
Vendor	pom	developer name	Torsten Curdt	Medium
Vendor	pom	developer org	ASF	Medium
Vendor	pom	developer org	it-frameworksolutions	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	http://www.apache.org/	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	org.apache.bcel	Highest
Vendor	pom	name	Apache Commons BCEL	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	https://commons.apache.org/proper/commons-bcel	Highest
Product	file	name	bcel	High
Product	jar	package name	apache	Highest
Product	jar	package name	bcel	Highest
Product	Manifest	automatic-module-name	org.apache.bcel	Medium
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-bcel	Low
Product	Manifest	Bundle-Name	Apache Commons BCEL	Medium
Product	Manifest	bundle-symbolicname	org.apache.bcel	Medium
Product	Manifest	Implementation-Title	Apache Commons BCEL	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Apache Commons BCEL	Medium
Product	pom	artifactid	bcel	Highest
Product	pom	developer email	dbrosius at mebigfatguy.com	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	jason at zenplex.com	Low
Product	pom	developer email	m.dahm at gmx.de	Low
Product	pom	developer email	tcurdt at apache.org	Low
Product	pom	developer id	dbrosius	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	mdahm	Low
Product	pom	developer id	tcurdt	Low
Product	pom	developer name	Dave Brosius	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Jason van Zyl	Low
Product	pom	developer name	Markus Dahm	Low
Product	pom	developer name	Torsten Curdt	Low
Product	pom	developer org	ASF	Low
Product	pom	developer org	it-frameworksolutions	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	http://www.apache.org/	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	org.apache.bcel	Highest
Product	pom	name	Apache Commons BCEL	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	https://commons.apache.org/proper/commons-bcel	Medium
Version	file	version	6.8.2	High
Version	Manifest	Bundle-Version	6.8.2	High
Version	Manifest	Implementation-Version	6.8.2	High
Version	pom	parent-version	6.8.2	Low
Version	pom	version	6.8.2	Highest

Identifiers

pkg:maven/org.apache.bcel/bcel@6.8.2 (Confidence:High)
cpe:2.3:a:apache:commons_bcel:6.8.2:*:*:*:*:*:*:* (Confidence:Low)

checker-qual-3.42.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmer
writes to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT

File Path: C:\Users\Jeremy\.m2\repository\org\checkerframework\checker-qual\3.42.0\checker-qual-3.42.0.jar
MD5: 4c55448dcbfe9c3702f7758fc8fe0086
SHA1: 638ec33f363a94d41a4f03c3e7d3dcfba64e402d
SHA256:ccaedd33af0b7894d9f2f3b644f4d19e43928e32902e61ac4d10777830f5aac7
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	checker-qual	High
Vendor	jar	package name	checker	Highest
Vendor	jar	package name	checkerframework	Highest
Vendor	jar	package name	framework	Highest
Vendor	jar	package name	qual	Highest
Vendor	Manifest	automatic-module-name	org.checkerframework.checker.qual	Medium
Vendor	Manifest	bundle-symbolicname	checker-qual	Medium
Vendor	Manifest	implementation-url	https://checkerframework.org	Low
Vendor	pom	artifactid	checker-qual	Highest
Vendor	pom	artifactid	checker-qual	Low
Vendor	pom	developer email	mernst@cs.washington.edu	Low
Vendor	pom	developer email	smillst@cs.washington.edu	Low
Vendor	pom	developer id	mernst	Medium
Vendor	pom	developer id	smillst	Medium
Vendor	pom	developer name	Michael Ernst	Medium
Vendor	pom	developer name	Suzanne Millstein	Medium
Vendor	pom	developer org	University of Washington	Medium
Vendor	pom	developer org URL	https://www.cs.washington.edu/	Medium
Vendor	pom	groupid	org.checkerframework	Highest
Vendor	pom	name	Checker Qual	High
Vendor	pom	url	https://checkerframework.org/	Highest
Product	file	name	checker-qual	High
Product	jar	package name	checker	Highest
Product	jar	package name	checkerframework	Highest
Product	jar	package name	framework	Highest
Product	jar	package name	qual	Highest
Product	Manifest	automatic-module-name	org.checkerframework.checker.qual	Medium
Product	Manifest	Bundle-Name	checker-qual	Medium
Product	Manifest	bundle-symbolicname	checker-qual	Medium
Product	Manifest	implementation-url	https://checkerframework.org	Low
Product	pom	artifactid	checker-qual	Highest
Product	pom	developer email	mernst@cs.washington.edu	Low
Product	pom	developer email	smillst@cs.washington.edu	Low
Product	pom	developer id	mernst	Low
Product	pom	developer id	smillst	Low
Product	pom	developer name	Michael Ernst	Low
Product	pom	developer name	Suzanne Millstein	Low
Product	pom	developer org	University of Washington	Low
Product	pom	developer org URL	https://www.cs.washington.edu/	Low
Product	pom	groupid	org.checkerframework	Highest
Product	pom	name	Checker Qual	High
Product	pom	url	https://checkerframework.org/	Medium
Version	file	version	3.42.0	High
Version	Manifest	Bundle-Version	3.42.0	High
Version	Manifest	Implementation-Version	3.42.0	High
Version	pom	version	3.42.0	Highest

Identifiers

pkg:maven/org.checkerframework/checker-qual@3.42.0 (Confidence:High)

commons-beanutils-1.9.4.jar

Description:

Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\commons-beanutils\commons-beanutils\1.9.4\commons-beanutils-1.9.4.jar
MD5: 07dc532ee316fe1f2f0323e9bd2f8df4
SHA1: d52b9abcd97f38c81342bb7e7ae1eee9b73cba51
SHA256:7d938c81789028045c08c065e94be75fc280527620d5bd62b519d5838532368a
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-beanutils	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	beanutils	Highest
Vendor	jar	package name	commons	Highest
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-beanutils/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-beanutils	Medium
Vendor	Manifest	implementation-build	UNKNOWN_BRANCH@r??????; 2019-07-28 22:14:44+0000	Low
Vendor	Manifest	implementation-url	https://commons.apache.org/proper/commons-beanutils/	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-beanutils	Highest
Vendor	pom	artifactid	commons-beanutils	Low
Vendor	pom	developer email	britter@apache.org	Low
Vendor	pom	developer email	chtompki@apache.org	Low
Vendor	pom	developer email	craigmcc@apache.org	Low
Vendor	pom	developer email	dion@apache.org	Low
Vendor	pom	developer email	epugh@apache.org	Low
Vendor	pom	developer email	geirm@apache.org	Low
Vendor	pom	developer email	ggregory@apache.org	Low
Vendor	pom	developer email	jcarman@apache.org	Low
Vendor	pom	developer email	jconlon@apache.org	Low
Vendor	pom	developer email	jstrachan@apache.org	Low
Vendor	pom	developer email	morgand@apache.org	Low
Vendor	pom	developer email	mvdb@apache.org	Low
Vendor	pom	developer email	niallp@apache.org	Low
Vendor	pom	developer email	rdonkin@apache.org	Low
Vendor	pom	developer email	rwaldhoff@apache.org	Low
Vendor	pom	developer email	sanders@apache.org	Low
Vendor	pom	developer email	scolebourne@apache.org	Low
Vendor	pom	developer email	skitching@apache.org	Low
Vendor	pom	developer email	stain@apache.org	Low
Vendor	pom	developer email	tobrien@apache.org	Low
Vendor	pom	developer email	yoavs@apache.org	Low
Vendor	pom	developer id	britter	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	craigmcc	Medium
Vendor	pom	developer id	dion	Medium
Vendor	pom	developer id	epugh	Medium
Vendor	pom	developer id	geirm	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jcarman	Medium
Vendor	pom	developer id	jconlon	Medium
Vendor	pom	developer id	jstrachan	Medium
Vendor	pom	developer id	morgand	Medium
Vendor	pom	developer id	mvdb	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	rwaldhoff	Medium
Vendor	pom	developer id	sanders	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer id	skitching	Medium
Vendor	pom	developer id	stain	Medium
Vendor	pom	developer id	tobrien	Medium
Vendor	pom	developer id	yoavs	Medium
Vendor	pom	developer name	Benedikt Ritter	Medium
Vendor	pom	developer name	Craig McClanahan	Medium
Vendor	pom	developer name	David Eric Pugh	Medium
Vendor	pom	developer name	Dion Gillard	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Geir Magnusson Jr.	Medium
Vendor	pom	developer name	James Carman	Medium
Vendor	pom	developer name	James Strachan	Medium
Vendor	pom	developer name	John E. Conlon	Medium
Vendor	pom	developer name	Martin van den Bemt	Medium
Vendor	pom	developer name	Morgan James Delagrange	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Rodney Waldhoff	Medium
Vendor	pom	developer name	Scott Sanders	Medium
Vendor	pom	developer name	Simon Kitching	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	developer name	Stian Soiland-Reyes	Medium
Vendor	pom	developer name	Tim O'Brien	Medium
Vendor	pom	developer name	Yoav Shapira	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	groupid	commons-beanutils	Highest
Vendor	pom	name	Apache Commons BeanUtils	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	https://commons.apache.org/proper/commons-beanutils/	Highest
Product	file	name	commons-beanutils	High
Product	jar	package name	apache	Highest
Product	jar	package name	beanutils	Highest
Product	jar	package name	commons	Highest
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-beanutils/	Low
Product	Manifest	Bundle-Name	Apache Commons BeanUtils	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-beanutils	Medium
Product	Manifest	implementation-build	UNKNOWN_BRANCH@r??????; 2019-07-28 22:14:44+0000	Low
Product	Manifest	Implementation-Title	Apache Commons BeanUtils	High
Product	Manifest	implementation-url	https://commons.apache.org/proper/commons-beanutils/	Low
Product	Manifest	specification-title	Apache Commons BeanUtils	Medium
Product	pom	artifactid	commons-beanutils	Highest
Product	pom	developer email	britter@apache.org	Low
Product	pom	developer email	chtompki@apache.org	Low
Product	pom	developer email	craigmcc@apache.org	Low
Product	pom	developer email	dion@apache.org	Low
Product	pom	developer email	epugh@apache.org	Low
Product	pom	developer email	geirm@apache.org	Low
Product	pom	developer email	ggregory@apache.org	Low
Product	pom	developer email	jcarman@apache.org	Low
Product	pom	developer email	jconlon@apache.org	Low
Product	pom	developer email	jstrachan@apache.org	Low
Product	pom	developer email	morgand@apache.org	Low
Product	pom	developer email	mvdb@apache.org	Low
Product	pom	developer email	niallp@apache.org	Low
Product	pom	developer email	rdonkin@apache.org	Low
Product	pom	developer email	rwaldhoff@apache.org	Low
Product	pom	developer email	sanders@apache.org	Low
Product	pom	developer email	scolebourne@apache.org	Low
Product	pom	developer email	skitching@apache.org	Low
Product	pom	developer email	stain@apache.org	Low
Product	pom	developer email	tobrien@apache.org	Low
Product	pom	developer email	yoavs@apache.org	Low
Product	pom	developer id	britter	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	craigmcc	Low
Product	pom	developer id	dion	Low
Product	pom	developer id	epugh	Low
Product	pom	developer id	geirm	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jcarman	Low
Product	pom	developer id	jconlon	Low
Product	pom	developer id	jstrachan	Low
Product	pom	developer id	morgand	Low
Product	pom	developer id	mvdb	Low
Product	pom	developer id	niallp	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	rwaldhoff	Low
Product	pom	developer id	sanders	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer id	skitching	Low
Product	pom	developer id	stain	Low
Product	pom	developer id	tobrien	Low
Product	pom	developer id	yoavs	Low
Product	pom	developer name	Benedikt Ritter	Low
Product	pom	developer name	Craig McClanahan	Low
Product	pom	developer name	David Eric Pugh	Low
Product	pom	developer name	Dion Gillard	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Geir Magnusson Jr.	Low
Product	pom	developer name	James Carman	Low
Product	pom	developer name	James Strachan	Low
Product	pom	developer name	John E. Conlon	Low
Product	pom	developer name	Martin van den Bemt	Low
Product	pom	developer name	Morgan James Delagrange	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Rodney Waldhoff	Low
Product	pom	developer name	Scott Sanders	Low
Product	pom	developer name	Simon Kitching	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	developer name	Stian Soiland-Reyes	Low
Product	pom	developer name	Tim O'Brien	Low
Product	pom	developer name	Yoav Shapira	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	groupid	commons-beanutils	Highest
Product	pom	name	Apache Commons BeanUtils	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	https://commons.apache.org/proper/commons-beanutils/	Medium
Version	file	version	1.9.4	High
Version	Manifest	Bundle-Version	1.9.4	High
Version	Manifest	Implementation-Version	1.9.4	High
Version	pom	parent-version	1.9.4	Low
Version	pom	version	1.9.4	Highest

Identifiers

pkg:maven/commons-beanutils/commons-beanutils@1.9.4 (Confidence:High)
cpe:2.3:a:apache:commons_beanutils:1.9.4:*:*:*:*:*:*:* (Confidence:Highest)

commons-chain-1.2.jar

Description:

        An implementation of the GoF Chain of Responsibility pattern

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\commons-chain\commons-chain\1.2\commons-chain-1.2.jar
MD5: e18e2c87826644e4c8c08635572c154f
SHA1: 744a13e8766e338bd347b6fbc28c6db12979d0c6
SHA256:d5489b5f6b54b74665ad76ad3ffb3ad904830fe4863392784f311897ffcbfca8
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-chain	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	chain	Highest
Vendor	jar	package name	commons	Highest
Vendor	Manifest	bundle-docurl	http://commons.apache.org/chain/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.chain	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-chain	Highest
Vendor	pom	artifactid	commons-chain	Low
Vendor	pom	developer email	craigmcc at apache.org	Low
Vendor	pom	developer email	germuska at apache.org	Low
Vendor	pom	developer email	husted at apache.org	Low
Vendor	pom	developer email	jmitchell at apache.org	Low
Vendor	pom	developer email	martinc at apache.org	Low
Vendor	pom	developer email	mrdon at apache.org	Low
Vendor	pom	developer email	niallp at apache.org	Low
Vendor	pom	developer id	craigmcc	Medium
Vendor	pom	developer id	germuska	Medium
Vendor	pom	developer id	husted	Medium
Vendor	pom	developer id	jmitchell	Medium
Vendor	pom	developer id	martinc	Medium
Vendor	pom	developer id	mrdon	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer name	Craig McClanahan	Medium
Vendor	pom	developer name	Don Brown	Medium
Vendor	pom	developer name	James Mitchell	Medium
Vendor	pom	developer name	Joe Germuska	Medium
Vendor	pom	developer name	Martin Cooper	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Ted Husted	Medium
Vendor	pom	groupid	commons-chain	Highest
Vendor	pom	name	Commons Chain	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	http://commons.apache.org/chain/	Highest
Product	file	name	commons-chain	High
Product	jar	package name	apache	Highest
Product	jar	package name	chain	Highest
Product	jar	package name	commons	Highest
Product	Manifest	bundle-docurl	http://commons.apache.org/chain/	Low
Product	Manifest	Bundle-Name	Commons Chain	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.chain	Medium
Product	Manifest	Implementation-Title	Commons Chain	High
Product	Manifest	specification-title	Commons Chain	Medium
Product	pom	artifactid	commons-chain	Highest
Product	pom	developer email	craigmcc at apache.org	Low
Product	pom	developer email	germuska at apache.org	Low
Product	pom	developer email	husted at apache.org	Low
Product	pom	developer email	jmitchell at apache.org	Low
Product	pom	developer email	martinc at apache.org	Low
Product	pom	developer email	mrdon at apache.org	Low
Product	pom	developer email	niallp at apache.org	Low
Product	pom	developer id	craigmcc	Low
Product	pom	developer id	germuska	Low
Product	pom	developer id	husted	Low
Product	pom	developer id	jmitchell	Low
Product	pom	developer id	martinc	Low
Product	pom	developer id	mrdon	Low
Product	pom	developer id	niallp	Low
Product	pom	developer name	Craig McClanahan	Low
Product	pom	developer name	Don Brown	Low
Product	pom	developer name	James Mitchell	Low
Product	pom	developer name	Joe Germuska	Low
Product	pom	developer name	Martin Cooper	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Ted Husted	Low
Product	pom	groupid	commons-chain	Highest
Product	pom	name	Commons Chain	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	http://commons.apache.org/chain/	Medium
Version	file	version	1.2	High
Version	Manifest	Bundle-Version	1.2	High
Version	Manifest	Implementation-Version	1.2	High
Version	pom	parent-version	1.2	Low
Version	pom	version	1.2	Highest

Identifiers

pkg:maven/commons-chain/commons-chain@1.2 (Confidence:High)

commons-codec-1.16.1.jar

Description:

     The Apache Commons Codec component contains encoder and decoders for
     various formats such as Base16, Base32, Base64, digest, and Hexadecimal. In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\commons-codec\commons-codec\1.16.1\commons-codec-1.16.1.jar
MD5: 6c5be822d8d3fa61c3b54c4c8978dfdc
SHA1: 47bd4d333fba53406f6c6c51884ddbca435c8862
SHA256:ec87bfb55f22cbd1b21e2190eeda28b2b312ed2a431ee49fbdcc01812d04a5e4
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-codec	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	codec	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	digest	Highest
Vendor	jar	package name	encoder	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.codec	Medium
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-codec/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-codec	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-codec	Highest
Vendor	pom	artifactid	commons-codec	Low
Vendor	pom	developer email	bayard@apache.org	Low
Vendor	pom	developer email	chtompki@apache.org	Low
Vendor	pom	developer email	dgraham@apache.org	Low
Vendor	pom	developer email	dlr@finemaltcoding.com	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	jon@collab.net	Low
Vendor	pom	developer email	julius@apache.org	Low
Vendor	pom	developer email	mattsicker@apache.org	Low
Vendor	pom	developer email	rwaldhoff@apache.org	Low
Vendor	pom	developer email	sanders@totalsync.com	Low
Vendor	pom	developer email	tn@apache.org	Low
Vendor	pom	developer email	tobrien@apache.org	Low
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	dgraham	Medium
Vendor	pom	developer id	dlr	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jon	Medium
Vendor	pom	developer id	julius	Medium
Vendor	pom	developer id	mattsicker	Medium
Vendor	pom	developer id	rwaldhoff	Medium
Vendor	pom	developer id	sanders	Medium
Vendor	pom	developer id	tn	Medium
Vendor	pom	developer id	tobrien	Medium
Vendor	pom	developer name	Daniel Rall	Medium
Vendor	pom	developer name	David Graham	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	Jon S. Stevens	Medium
Vendor	pom	developer name	Julius Davies	Medium
Vendor	pom	developer name	Matt Sicker	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer name	Rodney Waldhoff	Medium
Vendor	pom	developer name	Scott Sanders	Medium
Vendor	pom	developer name	Thomas Neidhart	Medium
Vendor	pom	developer name	Tim OBrien	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	http://juliusdavies.ca/	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	commons-codec	Highest
Vendor	pom	name	Apache Commons Codec	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	https://commons.apache.org/proper/commons-codec/	Highest
Product	file	name	commons-codec	High
Product	jar	package name	apache	Highest
Product	jar	package name	codec	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	digest	Highest
Product	jar	package name	encoder	Highest
Product	Manifest	automatic-module-name	org.apache.commons.codec	Medium
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-codec/	Low
Product	Manifest	Bundle-Name	Apache Commons Codec	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-codec	Medium
Product	Manifest	Implementation-Title	Apache Commons Codec	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Apache Commons Codec	Medium
Product	pom	artifactid	commons-codec	Highest
Product	pom	developer email	bayard@apache.org	Low
Product	pom	developer email	chtompki@apache.org	Low
Product	pom	developer email	dgraham@apache.org	Low
Product	pom	developer email	dlr@finemaltcoding.com	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	jon@collab.net	Low
Product	pom	developer email	julius@apache.org	Low
Product	pom	developer email	mattsicker@apache.org	Low
Product	pom	developer email	rwaldhoff@apache.org	Low
Product	pom	developer email	sanders@totalsync.com	Low
Product	pom	developer email	tn@apache.org	Low
Product	pom	developer email	tobrien@apache.org	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	dgraham	Low
Product	pom	developer id	dlr	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jon	Low
Product	pom	developer id	julius	Low
Product	pom	developer id	mattsicker	Low
Product	pom	developer id	rwaldhoff	Low
Product	pom	developer id	sanders	Low
Product	pom	developer id	tn	Low
Product	pom	developer id	tobrien	Low
Product	pom	developer name	Daniel Rall	Low
Product	pom	developer name	David Graham	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	Jon S. Stevens	Low
Product	pom	developer name	Julius Davies	Low
Product	pom	developer name	Matt Sicker	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer name	Rodney Waldhoff	Low
Product	pom	developer name	Scott Sanders	Low
Product	pom	developer name	Thomas Neidhart	Low
Product	pom	developer name	Tim OBrien	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	http://juliusdavies.ca/	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	commons-codec	Highest
Product	pom	name	Apache Commons Codec	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	https://commons.apache.org/proper/commons-codec/	Medium
Version	file	version	1.16.1	High
Version	Manifest	Bundle-Version	1.16.1	High
Version	Manifest	Implementation-Version	1.16.1	High
Version	pom	parent-version	1.16.1	Low
Version	pom	version	1.16.1	Highest

Identifiers

pkg:maven/commons-codec/commons-codec@1.16.1 (Confidence:High)

commons-collections-3.2.2.jar

Description:

Types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\commons-collections\commons-collections\3.2.2\commons-collections-3.2.2.jar
MD5: f54a8510f834a1a57166970bfc982e94
SHA1: 8ad72fe39fa8c91eaaf12aadb21e0c3661fe26d5
SHA256:eeeae917917144a68a741d4c0dff66aa5c5c5fd85593ff217bced3fc8ca783b8
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-collections	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	collections	Highest
Vendor	jar	package name	commons	Highest
Vendor	Manifest	bundle-docurl	http://commons.apache.org/collections/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.collections	Medium
Vendor	Manifest	implementation-build	tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100	Low
Vendor	Manifest	implementation-url	http://commons.apache.org/collections/	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-collections	Highest
Vendor	pom	artifactid	commons-collections	Low
Vendor	pom	developer id	amamment	Medium
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	craigmcc	Medium
Vendor	pom	developer id	geirm	Medium
Vendor	pom	developer id	jcarman	Medium
Vendor	pom	developer id	matth	Medium
Vendor	pom	developer id	morgand	Medium
Vendor	pom	developer id	psteitz	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	rwaldhoff	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer name	Arun M. Thomas	Medium
Vendor	pom	developer name	Craig McClanahan	Medium
Vendor	pom	developer name	Geir Magnusson	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	James Carman	Medium
Vendor	pom	developer name	Matthew Hawthorne	Medium
Vendor	pom	developer name	Morgan Delagrange	Medium
Vendor	pom	developer name	Phil Steitz	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Rodney Waldhoff	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	groupid	commons-collections	Highest
Vendor	pom	name	Apache Commons Collections	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	http://commons.apache.org/collections/	Highest
Product	file	name	commons-collections	High
Product	jar	package name	apache	Highest
Product	jar	package name	collections	Highest
Product	jar	package name	commons	Highest
Product	Manifest	bundle-docurl	http://commons.apache.org/collections/	Low
Product	Manifest	Bundle-Name	Apache Commons Collections	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.collections	Medium
Product	Manifest	implementation-build	tags/COLLECTIONS_3_2_2_RC3@r1714131; 2015-11-13 00:09:45+0100	Low
Product	Manifest	Implementation-Title	Apache Commons Collections	High
Product	Manifest	implementation-url	http://commons.apache.org/collections/	Low
Product	Manifest	specification-title	Apache Commons Collections	Medium
Product	pom	artifactid	commons-collections	Highest
Product	pom	developer id	amamment	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	craigmcc	Low
Product	pom	developer id	geirm	Low
Product	pom	developer id	jcarman	Low
Product	pom	developer id	matth	Low
Product	pom	developer id	morgand	Low
Product	pom	developer id	psteitz	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	rwaldhoff	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer name	Arun M. Thomas	Low
Product	pom	developer name	Craig McClanahan	Low
Product	pom	developer name	Geir Magnusson	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	James Carman	Low
Product	pom	developer name	Matthew Hawthorne	Low
Product	pom	developer name	Morgan Delagrange	Low
Product	pom	developer name	Phil Steitz	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Rodney Waldhoff	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	groupid	commons-collections	Highest
Product	pom	name	Apache Commons Collections	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	http://commons.apache.org/collections/	Medium
Version	file	version	3.2.2	High
Version	Manifest	Bundle-Version	3.2.2	High
Version	Manifest	Implementation-Version	3.2.2	High
Version	pom	parent-version	3.2.2	Low
Version	pom	version	3.2.2	Highest

Identifiers

pkg:maven/commons-collections/commons-collections@3.2.2 (Confidence:High)
cpe:2.3:a:apache:commons_collections:3.2.2:*:*:*:*:*:*:* (Confidence:Highest)

commons-digester-2.1.jar

Description:

    The Digester package lets you configure an XML to Java object mapping module
    which triggers certain actions called rules whenever a particular 
    pattern of nested XML elements is recognized.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\commons-digester\commons-digester\2.1\commons-digester-2.1.jar
MD5: 528445033f22da28f5047b6abcd1c7c9
SHA1: 73a8001e7a54a255eef0f03521ec1805dc738ca0
SHA256:e0b2b980a84fc6533c5ce291f1917b32c507f62bcad64198fff44368c2196a3d
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-digester	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	digester	Highest
Vendor	jar	package name	rules	Highest
Vendor	Manifest	bundle-docurl	http://commons.apache.org/digester/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.digester	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-digester	Highest
Vendor	pom	artifactid	commons-digester	Low
Vendor	pom	developer email	craigmcc@apache.org	Low
Vendor	pom	developer email	jfarcand@apache.org	Low
Vendor	pom	developer email	jstrachan@apache.org	Low
Vendor	pom	developer email	jvanzyl@apache.org	Low
Vendor	pom	developer email	rahul AT apache DOT org	Low
Vendor	pom	developer email	rdonkin@apache.org	Low
Vendor	pom	developer email	sanders@totalsync.com	Low
Vendor	pom	developer email	simonetripodi AT apache DOT org	Low
Vendor	pom	developer email	skitching@apache.org	Low
Vendor	pom	developer email	tobrien@apache.org	Low
Vendor	pom	developer id	craigmcc	Medium
Vendor	pom	developer id	jfarcand	Medium
Vendor	pom	developer id	jstrachan	Medium
Vendor	pom	developer id	jvanzyl	Medium
Vendor	pom	developer id	rahul	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	sanders	Medium
Vendor	pom	developer id	simonetripodi	Medium
Vendor	pom	developer id	skitching	Medium
Vendor	pom	developer id	tobrien	Medium
Vendor	pom	developer name	Craig McClanahan	Medium
Vendor	pom	developer name	James Strachan	Medium
Vendor	pom	developer name	Jason van Zyl	Medium
Vendor	pom	developer name	Jean-Francois Arcand	Medium
Vendor	pom	developer name	Rahul Akolkar	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Scott Sanders	Medium
Vendor	pom	developer name	Simon Kitching	Medium
Vendor	pom	developer name	Simone Tripodi	Medium
Vendor	pom	developer name	Tim OBrien	Medium
Vendor	pom	groupid	commons-digester	Highest
Vendor	pom	name	Commons Digester	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	http://commons.apache.org/digester/	Highest
Product	file	name	commons-digester	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	digester	Highest
Product	jar	package name	rules	Highest
Product	Manifest	bundle-docurl	http://commons.apache.org/digester/	Low
Product	Manifest	Bundle-Name	Commons Digester	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.digester	Medium
Product	Manifest	Implementation-Title	Commons Digester	High
Product	Manifest	specification-title	Commons Digester	Medium
Product	pom	artifactid	commons-digester	Highest
Product	pom	developer email	craigmcc@apache.org	Low
Product	pom	developer email	jfarcand@apache.org	Low
Product	pom	developer email	jstrachan@apache.org	Low
Product	pom	developer email	jvanzyl@apache.org	Low
Product	pom	developer email	rahul AT apache DOT org	Low
Product	pom	developer email	rdonkin@apache.org	Low
Product	pom	developer email	sanders@totalsync.com	Low
Product	pom	developer email	simonetripodi AT apache DOT org	Low
Product	pom	developer email	skitching@apache.org	Low
Product	pom	developer email	tobrien@apache.org	Low
Product	pom	developer id	craigmcc	Low
Product	pom	developer id	jfarcand	Low
Product	pom	developer id	jstrachan	Low
Product	pom	developer id	jvanzyl	Low
Product	pom	developer id	rahul	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	sanders	Low
Product	pom	developer id	simonetripodi	Low
Product	pom	developer id	skitching	Low
Product	pom	developer id	tobrien	Low
Product	pom	developer name	Craig McClanahan	Low
Product	pom	developer name	James Strachan	Low
Product	pom	developer name	Jason van Zyl	Low
Product	pom	developer name	Jean-Francois Arcand	Low
Product	pom	developer name	Rahul Akolkar	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Scott Sanders	Low
Product	pom	developer name	Simon Kitching	Low
Product	pom	developer name	Simone Tripodi	Low
Product	pom	developer name	Tim OBrien	Low
Product	pom	groupid	commons-digester	Highest
Product	pom	name	Commons Digester	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	http://commons.apache.org/digester/	Medium
Version	file	version	2.1	High
Version	Manifest	Bundle-Version	2.1	High
Version	Manifest	Implementation-Version	2.1	High
Version	pom	parent-version	2.1	Low
Version	pom	version	2.1	Highest

Identifiers

pkg:maven/commons-digester/commons-digester@2.1 (Confidence:High)

commons-io-2.16.1.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\commons-io\commons-io\2.16.1\commons-io-2.16.1.jar
MD5: ed8191a5a217940140001b0acfed18d9
SHA1: 377d592e740dc77124e0901291dbfaa6810a200e
SHA256:f41f7baacd716896447ace9758621f62c1c6b0a91d89acee488da26fc477c84f
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-io	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	file	Highest
Vendor	jar	package name	io	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.io	Medium
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-io/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-io	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-io	Highest
Vendor	pom	artifactid	commons-io	Low
Vendor	pom	developer email	bayard@apache.org	Low
Vendor	pom	developer email	dion@apache.org	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	jeremias@apache.org	Low
Vendor	pom	developer email	jochen.wiedmann@gmail.com	Low
Vendor	pom	developer email	krosenvold@apache.org	Low
Vendor	pom	developer email	martinc@apache.org	Low
Vendor	pom	developer email	matth@apache.org	Low
Vendor	pom	developer email	nicolaken@apache.org	Low
Vendor	pom	developer email	roxspring@apache.org	Low
Vendor	pom	developer email	sanders@apache.org	Low
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	dion	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jeremias	Medium
Vendor	pom	developer id	jochen	Medium
Vendor	pom	developer id	jukka	Medium
Vendor	pom	developer id	krosenvold	Medium
Vendor	pom	developer id	martinc	Medium
Vendor	pom	developer id	matth	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer id	nicolaken	Medium
Vendor	pom	developer id	roxspring	Medium
Vendor	pom	developer id	sanders	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer name	dIon Gillard	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	Jeremias Maerki	Medium
Vendor	pom	developer name	Jochen Wiedmann	Medium
Vendor	pom	developer name	Jukka Zitting	Medium
Vendor	pom	developer name	Kristian Rosenvold	Medium
Vendor	pom	developer name	Martin Cooper	Medium
Vendor	pom	developer name	Matthew Hawthorne	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Nicola Ken Barozzi	Medium
Vendor	pom	developer name	Rob Oxspring	Medium
Vendor	pom	developer name	Scott Sanders	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	commons-io	Highest
Vendor	pom	name	Apache Commons IO	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	https://commons.apache.org/proper/commons-io/	Highest
Product	file	name	commons-io	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	file	Highest
Product	jar	package name	io	Highest
Product	Manifest	automatic-module-name	org.apache.commons.io	Medium
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-io/	Low
Product	Manifest	Bundle-Name	Apache Commons IO	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-io	Medium
Product	Manifest	Implementation-Title	Apache Commons IO	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Apache Commons IO	Medium
Product	pom	artifactid	commons-io	Highest
Product	pom	developer email	bayard@apache.org	Low
Product	pom	developer email	dion@apache.org	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	jeremias@apache.org	Low
Product	pom	developer email	jochen.wiedmann@gmail.com	Low
Product	pom	developer email	krosenvold@apache.org	Low
Product	pom	developer email	martinc@apache.org	Low
Product	pom	developer email	matth@apache.org	Low
Product	pom	developer email	nicolaken@apache.org	Low
Product	pom	developer email	roxspring@apache.org	Low
Product	pom	developer email	sanders@apache.org	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	dion	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jeremias	Low
Product	pom	developer id	jochen	Low
Product	pom	developer id	jukka	Low
Product	pom	developer id	krosenvold	Low
Product	pom	developer id	martinc	Low
Product	pom	developer id	matth	Low
Product	pom	developer id	niallp	Low
Product	pom	developer id	nicolaken	Low
Product	pom	developer id	roxspring	Low
Product	pom	developer id	sanders	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer name	dIon Gillard	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	Jeremias Maerki	Low
Product	pom	developer name	Jochen Wiedmann	Low
Product	pom	developer name	Jukka Zitting	Low
Product	pom	developer name	Kristian Rosenvold	Low
Product	pom	developer name	Martin Cooper	Low
Product	pom	developer name	Matthew Hawthorne	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Nicola Ken Barozzi	Low
Product	pom	developer name	Rob Oxspring	Low
Product	pom	developer name	Scott Sanders	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	commons-io	Highest
Product	pom	name	Apache Commons IO	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	https://commons.apache.org/proper/commons-io/	Medium
Version	file	version	2.16.1	High
Version	Manifest	Bundle-Version	2.16.1	High
Version	Manifest	Implementation-Version	2.16.1	High
Version	pom	parent-version	2.16.1	Low
Version	pom	version	2.16.1	Highest

Identifiers

pkg:maven/commons-io/commons-io@2.16.1 (Confidence:High)
cpe:2.3:a:apache:commons_io:2.16.1:*:*:*:*:*:*:* (Confidence:Highest)

commons-lang-2.6.jar

Description:

        Commons Lang, a package of Java utility classes for the
        classes that are in java.lang's hierarchy, or are considered to be so
        standard as to justify existence in java.lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\commons-lang\commons-lang\2.6\commons-lang-2.6.jar
MD5: 4d5c1693079575b362edf41500630bbd
SHA1: 0ce1edb914c94ebc388f086c6827e8bdeec71ac2
SHA256:50f11b09f877c294d56f24463f47d28f929cf5044f648661c0f0cfbae9a2f49c
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-lang	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	lang	Highest
Vendor	Manifest	bundle-docurl	http://commons.apache.org/lang/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.lang	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-lang	Highest
Vendor	pom	artifactid	commons-lang	Low
Vendor	pom	developer email	bayard@apache.org	Low
Vendor	pom	developer email	dlr@finemaltcoding.com	Low
Vendor	pom	developer email	ggregory@seagullsw.com	Low
Vendor	pom	developer email	jcarman@apache.org	Low
Vendor	pom	developer email	joerg.schaible@gmx.de	Low
Vendor	pom	developer email	oheger@apache.org	Low
Vendor	pom	developer email	pbenedict@apache.org	Low
Vendor	pom	developer email	phil@steitz.com	Low
Vendor	pom	developer email	rdonkin@apache.org	Low
Vendor	pom	developer email	scolebourne@joda.org	Low
Vendor	pom	developer email	stevencaswell@apache.org	Low
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	dlr	Medium
Vendor	pom	developer id	fredrik	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jcarman	Medium
Vendor	pom	developer id	joehni	Medium
Vendor	pom	developer id	mbenson	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer id	oheger	Medium
Vendor	pom	developer id	pbenedict	Medium
Vendor	pom	developer id	psteitz	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	scaswell	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer name	Daniel Rall	Medium
Vendor	pom	developer name	Fredrik Westermarck	Medium
Vendor	pom	developer name	Gary D. Gregory	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	James Carman	Medium
Vendor	pom	developer name	Joerg Schaible	Medium
Vendor	pom	developer name	Matt Benson	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Oliver Heger	Medium
Vendor	pom	developer name	Paul Benedict	Medium
Vendor	pom	developer name	Phil Steitz	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	developer name	Steven Caswell	Medium
Vendor	pom	developer org	Carman Consulting, Inc.	Medium
Vendor	pom	developer org	CollabNet, Inc.	Medium
Vendor	pom	developer org	Seagull Software	Medium
Vendor	pom	developer org	SITA ATS Ltd	Medium
Vendor	pom	groupid	commons-lang	Highest
Vendor	pom	name	Commons Lang	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	http://commons.apache.org/lang/	Highest
Product	file	name	commons-lang	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	lang	Highest
Product	Manifest	bundle-docurl	http://commons.apache.org/lang/	Low
Product	Manifest	Bundle-Name	Commons Lang	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.lang	Medium
Product	Manifest	Implementation-Title	Commons Lang	High
Product	Manifest	specification-title	Commons Lang	Medium
Product	pom	artifactid	commons-lang	Highest
Product	pom	developer email	bayard@apache.org	Low
Product	pom	developer email	dlr@finemaltcoding.com	Low
Product	pom	developer email	ggregory@seagullsw.com	Low
Product	pom	developer email	jcarman@apache.org	Low
Product	pom	developer email	joerg.schaible@gmx.de	Low
Product	pom	developer email	oheger@apache.org	Low
Product	pom	developer email	pbenedict@apache.org	Low
Product	pom	developer email	phil@steitz.com	Low
Product	pom	developer email	rdonkin@apache.org	Low
Product	pom	developer email	scolebourne@joda.org	Low
Product	pom	developer email	stevencaswell@apache.org	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	dlr	Low
Product	pom	developer id	fredrik	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jcarman	Low
Product	pom	developer id	joehni	Low
Product	pom	developer id	mbenson	Low
Product	pom	developer id	niallp	Low
Product	pom	developer id	oheger	Low
Product	pom	developer id	pbenedict	Low
Product	pom	developer id	psteitz	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	scaswell	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer name	Daniel Rall	Low
Product	pom	developer name	Fredrik Westermarck	Low
Product	pom	developer name	Gary D. Gregory	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	James Carman	Low
Product	pom	developer name	Joerg Schaible	Low
Product	pom	developer name	Matt Benson	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Oliver Heger	Low
Product	pom	developer name	Paul Benedict	Low
Product	pom	developer name	Phil Steitz	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	developer name	Steven Caswell	Low
Product	pom	developer org	Carman Consulting, Inc.	Low
Product	pom	developer org	CollabNet, Inc.	Low
Product	pom	developer org	Seagull Software	Low
Product	pom	developer org	SITA ATS Ltd	Low
Product	pom	groupid	commons-lang	Highest
Product	pom	name	Commons Lang	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	http://commons.apache.org/lang/	Medium
Version	file	version	2.6	High
Version	Manifest	Bundle-Version	2.6	High
Version	Manifest	Implementation-Version	2.6	High
Version	pom	parent-version	2.6	Low
Version	pom	version	2.6	Highest

Identifiers

pkg:maven/commons-lang/commons-lang@2.6 (Confidence:High)

commons-lang3-3.14.0.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\org\apache\commons\commons-lang3\3.14.0\commons-lang3-3.14.0.jar
MD5: 4e5c3f5e6b0b965ef241d7d72ac8971f
SHA1: 1ed471194b02f2c6cb734a0cd6f6f107c673afae
SHA256:7b96bf3ee68949abb5bc465559ac270e0551596fa34523fddf890ec418dde13c
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-lang3	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	lang3	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.lang3	Medium
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-lang/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-lang3	Highest
Vendor	pom	artifactid	commons-lang3	Low
Vendor	pom	developer email	bayard@apache.org	Low
Vendor	pom	developer email	britter@apache.org	Low
Vendor	pom	developer email	chtompki@apache.org	Low
Vendor	pom	developer email	djones@apache.org	Low
Vendor	pom	developer email	dlr@finemaltcoding.com	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	jcarman@apache.org	Low
Vendor	pom	developer email	joerg.schaible@gmx.de	Low
Vendor	pom	developer email	lguibert@apache.org	Low
Vendor	pom	developer email	oheger@apache.org	Low
Vendor	pom	developer email	pbenedict@apache.org	Low
Vendor	pom	developer email	rdonkin@apache.org	Low
Vendor	pom	developer email	scolebourne@joda.org	Low
Vendor	pom	developer email	stevencaswell@apache.org	Low
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	britter	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	djones	Medium
Vendor	pom	developer id	dlr	Medium
Vendor	pom	developer id	fredrik	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jcarman	Medium
Vendor	pom	developer id	joehni	Medium
Vendor	pom	developer id	lguibert	Medium
Vendor	pom	developer id	mbenson	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer id	oheger	Medium
Vendor	pom	developer id	pbenedict	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	scaswell	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer name	Benedikt Ritter	Medium
Vendor	pom	developer name	Daniel Rall	Medium
Vendor	pom	developer name	Duncan Jones	Medium
Vendor	pom	developer name	Fredrik Westermarck	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	James Carman	Medium
Vendor	pom	developer name	Joerg Schaible	Medium
Vendor	pom	developer name	Loic Guibert	Medium
Vendor	pom	developer name	Matt Benson	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Oliver Heger	Medium
Vendor	pom	developer name	Paul Benedict	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	developer name	Steven Caswell	Medium
Vendor	pom	developer org	Carman Consulting, Inc.	Medium
Vendor	pom	developer org	CollabNet, Inc.	Medium
Vendor	pom	developer org	SITA ATS Ltd	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	name	Apache Commons Lang	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	url	https://commons.apache.org/proper/commons-lang/	Highest
Product	file	name	commons-lang3	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	lang3	Highest
Product	Manifest	automatic-module-name	org.apache.commons.lang3	Medium
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-lang/	Low
Product	Manifest	Bundle-Name	Apache Commons Lang	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Product	Manifest	Implementation-Title	Apache Commons Lang	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Apache Commons Lang	Medium
Product	pom	artifactid	commons-lang3	Highest
Product	pom	developer email	bayard@apache.org	Low
Product	pom	developer email	britter@apache.org	Low
Product	pom	developer email	chtompki@apache.org	Low
Product	pom	developer email	djones@apache.org	Low
Product	pom	developer email	dlr@finemaltcoding.com	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	jcarman@apache.org	Low
Product	pom	developer email	joerg.schaible@gmx.de	Low
Product	pom	developer email	lguibert@apache.org	Low
Product	pom	developer email	oheger@apache.org	Low
Product	pom	developer email	pbenedict@apache.org	Low
Product	pom	developer email	rdonkin@apache.org	Low
Product	pom	developer email	scolebourne@joda.org	Low
Product	pom	developer email	stevencaswell@apache.org	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	britter	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	djones	Low
Product	pom	developer id	dlr	Low
Product	pom	developer id	fredrik	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jcarman	Low
Product	pom	developer id	joehni	Low
Product	pom	developer id	lguibert	Low
Product	pom	developer id	mbenson	Low
Product	pom	developer id	niallp	Low
Product	pom	developer id	oheger	Low
Product	pom	developer id	pbenedict	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	scaswell	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer name	Benedikt Ritter	Low
Product	pom	developer name	Daniel Rall	Low
Product	pom	developer name	Duncan Jones	Low
Product	pom	developer name	Fredrik Westermarck	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	James Carman	Low
Product	pom	developer name	Joerg Schaible	Low
Product	pom	developer name	Loic Guibert	Low
Product	pom	developer name	Matt Benson	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Oliver Heger	Low
Product	pom	developer name	Paul Benedict	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	developer name	Steven Caswell	Low
Product	pom	developer org	Carman Consulting, Inc.	Low
Product	pom	developer org	CollabNet, Inc.	Low
Product	pom	developer org	SITA ATS Ltd	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	org.apache.commons	Highest
Product	pom	name	Apache Commons Lang	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	url	https://commons.apache.org/proper/commons-lang/	Medium
Version	file	version	3.14.0	High
Version	Manifest	Bundle-Version	3.14.0	High
Version	Manifest	Implementation-Version	3.14.0	High
Version	pom	parent-version	3.14.0	Low
Version	pom	version	3.14.0	Highest

Identifiers

pkg:maven/org.apache.commons/commons-lang3@3.14.0 (Confidence:High)

commons-text-1.10.0.jar

Description:

Apache Commons Text is a library focused on algorithms working on strings.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\org\apache\commons\commons-text\1.10.0\commons-text-1.10.0.jar
MD5: 4afc9bfa2d31dbf7330c98fcc954b892
SHA1: 3363381aef8cef2dbc1023b3e3a9433b08b64e01
SHA256:770cd903fa7b604d1f7ef7ba17f84108667294b2b478be8ed1af3bffb4ae0018
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs@4.8.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-text	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	text	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.text	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-text	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-text	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-text	Highest
Vendor	pom	artifactid	commons-text	Low
Vendor	pom	developer email	britter@apache.org	Low
Vendor	pom	developer email	chtompki@apache.org	Low
Vendor	pom	developer email	djones@apache.org	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	kinow@apache.org	Low
Vendor	pom	developer id	britter	Medium
Vendor	pom	developer id	chtompki	Medium
Vendor	pom	developer id	djones	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	kinow	Medium
Vendor	pom	developer name	Benedikt Ritter	Medium
Vendor	pom	developer name	Bruno P. Kinoshita	Medium
Vendor	pom	developer name	Duncan Jones	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Rob Tompkins	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	name	Apache Commons Text	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	url	https://commons.apache.org/proper/commons-text	Highest
Product	file	name	commons-text	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	text	Highest
Product	Manifest	automatic-module-name	org.apache.commons.text	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-text	Low
Product	Manifest	Bundle-Name	Apache Commons Text	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-text	Medium
Product	Manifest	Implementation-Title	Apache Commons Text	High
Product	Manifest	specification-title	Apache Commons Text	Medium
Product	pom	artifactid	commons-text	Highest
Product	pom	developer email	britter@apache.org	Low
Product	pom	developer email	chtompki@apache.org	Low
Product	pom	developer email	djones@apache.org	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	kinow@apache.org	Low
Product	pom	developer id	britter	Low
Product	pom	developer id	chtompki	Low
Product	pom	developer id	djones	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	kinow	Low
Product	pom	developer name	Benedikt Ritter	Low
Product	pom	developer name	Bruno P. Kinoshita	Low
Product	pom	developer name	Duncan Jones	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Rob Tompkins	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	org.apache.commons	Highest
Product	pom	name	Apache Commons Text	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	url	https://commons.apache.org/proper/commons-text	Medium
Version	file	version	1.10.0	High
Version	Manifest	Bundle-Version	1.10.0	High
Version	Manifest	Implementation-Version	1.10.0	High
Version	pom	parent-version	1.10.0	Low
Version	pom	version	1.10.0	Highest

Identifiers

pkg:maven/org.apache.commons/commons-text@1.10.0 (Confidence:High)
cpe:2.3:a:apache:commons_text:1.10.0:*:*:*:*:*:*:* (Confidence:Highest)

dom4j-2.1.4.jar

Description:

flexible XML framework for Java

License:

Plexus: https://github.com/dom4j/dom4j/blob/master/LICENSE

File Path: C:\Users\Jeremy\.m2\repository\org\dom4j\dom4j\2.1.4\dom4j-2.1.4.jar
MD5: 8246840e53db2781ca941e4d3f9ad715
SHA1: 35c16721b88cf17b8279fcb134c0abb161cc0e9b
SHA256:235a9167a8a199be04b5326d92927ca0adeb90d11f69fe2e821b34ce8433b591
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs@4.8.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	dom4j	High
Vendor	jar	package name	dom4j	Highest
Vendor	Manifest	automatic-module-name	org.dom4j	Medium
Vendor	pom	artifactid	dom4j	Highest
Vendor	pom	artifactid	dom4j	Low
Vendor	pom	developer email	filip@jirsak.org	Low
Vendor	pom	developer name	Filip Jirsák	Medium
Vendor	pom	groupid	org.dom4j	Highest
Vendor	pom	name	dom4j	High
Vendor	pom	url	http://dom4j.github.io/	Highest
Product	file	name	dom4j	High
Product	jar	package name	dom4j	Highest
Product	Manifest	automatic-module-name	org.dom4j	Medium
Product	pom	artifactid	dom4j	Highest
Product	pom	developer email	filip@jirsak.org	Low
Product	pom	developer name	Filip Jirsák	Low
Product	pom	groupid	org.dom4j	Highest
Product	pom	name	dom4j	High
Product	pom	url	http://dom4j.github.io/	Medium
Version	file	version	2.1.4	High
Version	pom	version	2.1.4	Highest

Identifiers

pkg:maven/org.dom4j/dom4j@2.1.4 (Confidence:High)
cpe:2.3:a:dom4j_project:dom4j:2.1.4:*:*:*:*:*:*:* (Confidence:Highest)

doxia-core-1.12.0.jar

Description:

Doxia core classes and interfaces.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-core\1.12.0\doxia-core-1.12.0.jar
MD5: 6fb71383ea91e6101a75f25b922ce2ad
SHA1: 41cdaff3ce98e66714bfca677babaa3746faa2b9
SHA256:5e49cd827bebbcea5829d3b3883d17ad1ce15ebd6394aeb50ad50d7dfd939fcd
Referenced In Project/Scope: spotbugs-maven-plugin:compile
doxia-core-1.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	doxia-core	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	doxia	Highest
Vendor	jar	package name	maven	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	doxia-core	Highest
Vendor	pom	artifactid	doxia-core	Low
Vendor	pom	groupid	org.apache.maven.doxia	Highest
Vendor	pom	name	Doxia :: Core	High
Vendor	pom	parent-artifactid	doxia	Low
Product	file	name	doxia-core	High
Product	jar	package name	apache	Highest
Product	jar	package name	doxia	Highest
Product	jar	package name	maven	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Doxia :: Core	High
Product	Manifest	specification-title	Doxia :: Core	Medium
Product	pom	artifactid	doxia-core	Highest
Product	pom	groupid	org.apache.maven.doxia	Highest
Product	pom	name	Doxia :: Core	High
Product	pom	parent-artifactid	doxia	Medium
Version	file	version	1.12.0	High
Version	Manifest	Implementation-Version	1.12.0	High
Version	pom	version	1.12.0	Highest

Identifiers

pkg:maven/org.apache.maven.doxia/doxia-core@1.12.0 (Confidence:High)

doxia-decoration-model-1.11.1.jar

Description:

The Decoration Model handles the decoration descriptor for sites, also known as site.xml.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-decoration-model\1.11.1\doxia-decoration-model-1.11.1.jar
MD5: 927ed3e7c39b6fed77875ed385b63447
SHA1: 1e10f4e9268b49edf40bca721eef07271bc91de5
SHA256:411fc167774f2e3573f280c57a278fbe7bae677ee596a8ad24bd6c6bb2c5bbce
Referenced In Project/Scope: spotbugs-maven-plugin:compile
doxia-decoration-model-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	doxia-decoration-model	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	doxia	Highest
Vendor	jar	package name	maven	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	doxia-decoration-model	Highest
Vendor	pom	artifactid	doxia-decoration-model	Low
Vendor	pom	groupid	org.apache.maven.doxia	Highest
Vendor	pom	name	Doxia Sitetools :: Decoration Model	High
Vendor	pom	parent-artifactid	doxia-sitetools	Low
Product	file	name	doxia-decoration-model	High
Product	jar	package name	apache	Highest
Product	jar	package name	doxia	Highest
Product	jar	package name	maven	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Doxia Sitetools :: Decoration Model	High
Product	Manifest	specification-title	Doxia Sitetools :: Decoration Model	Medium
Product	pom	artifactid	doxia-decoration-model	Highest
Product	pom	groupid	org.apache.maven.doxia	Highest
Product	pom	name	Doxia Sitetools :: Decoration Model	High
Product	pom	parent-artifactid	doxia-sitetools	Medium
Version	file	version	1.11.1	High
Version	Manifest	Implementation-Version	1.11.1	High
Version	pom	version	1.11.1	Highest

Identifiers

pkg:maven/org.apache.maven.doxia/doxia-decoration-model@1.11.1 (Confidence:High)

doxia-integration-tools-1.11.1.jar

Description:

A collection of tools to help the integration of Doxia Sitetools in Maven plugins.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-integration-tools\1.11.1\doxia-integration-tools-1.11.1.jar
MD5: 1f3abb6a2c7c65b6f68f3ad45a76b3f5
SHA1: fdc4c4f29d10b0e2b5b9d7f9eea16812d496e478
SHA256:eee789dcb86f37f290c6c22198ea56bf529edf21590294e549a77a490ed21dbe
Referenced In Project/Scope: spotbugs-maven-plugin:compile
doxia-integration-tools-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	doxia-integration-tools	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	doxia	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	tools	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	doxia-integration-tools	Highest
Vendor	pom	artifactid	doxia-integration-tools	Low
Vendor	pom	groupid	org.apache.maven.doxia	Highest
Vendor	pom	name	Doxia Sitetools :: Integration Tools	High
Vendor	pom	parent-artifactid	doxia-sitetools	Low
Product	file	name	doxia-integration-tools	High
Product	jar	package name	apache	Highest
Product	jar	package name	doxia	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	tools	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Doxia Sitetools :: Integration Tools	High
Product	Manifest	specification-title	Doxia Sitetools :: Integration Tools	Medium
Product	pom	artifactid	doxia-integration-tools	Highest
Product	pom	groupid	org.apache.maven.doxia	Highest
Product	pom	name	Doxia Sitetools :: Integration Tools	High
Product	pom	parent-artifactid	doxia-sitetools	Medium
Version	file	version	1.11.1	High
Version	Manifest	Implementation-Version	1.11.1	High
Version	pom	version	1.11.1	Highest

Identifiers

pkg:maven/org.apache.maven.doxia/doxia-integration-tools@1.11.1 (Confidence:High)

doxia-logging-api-1.12.0.jar

Description:

Doxia Logging API.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-logging-api\1.12.0\doxia-logging-api-1.12.0.jar
MD5: 7f3c898809424e826aeab3368c66acd7
SHA1: a31fac8c598c0090ccd2c53b4df7d49f81fb9dba
SHA256:985306162c0a9f4c309d46109447f30f02bf6fc9bc16a3e039d59e1dabd0192f
Referenced In Project/Scope: spotbugs-maven-plugin:compile
doxia-logging-api-1.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-core@1.12.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	doxia-logging-api	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	doxia	Highest
Vendor	jar	package name	logging	Highest
Vendor	jar	package name	maven	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	doxia-logging-api	Highest
Vendor	pom	artifactid	doxia-logging-api	Low
Vendor	pom	groupid	org.apache.maven.doxia	Highest
Vendor	pom	name	Doxia :: Logging API	High
Vendor	pom	parent-artifactid	doxia	Low
Product	file	name	doxia-logging-api	High
Product	jar	package name	apache	Highest
Product	jar	package name	doxia	Highest
Product	jar	package name	logging	Highest
Product	jar	package name	maven	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Doxia :: Logging API	High
Product	Manifest	specification-title	Doxia :: Logging API	Medium
Product	pom	artifactid	doxia-logging-api	Highest
Product	pom	groupid	org.apache.maven.doxia	Highest
Product	pom	name	Doxia :: Logging API	High
Product	pom	parent-artifactid	doxia	Medium
Version	file	version	1.12.0	High
Version	Manifest	Implementation-Version	1.12.0	High
Version	pom	version	1.12.0	Highest

Identifiers

pkg:maven/org.apache.maven.doxia/doxia-logging-api@1.12.0 (Confidence:High)

doxia-module-xhtml-1.11.1.jar

Description:

    A Doxia module for Xhtml source documents.
    Xhtml format is supported both as source and target formats.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-module-xhtml\1.11.1\doxia-module-xhtml-1.11.1.jar
MD5: 82c4cfb79b666b922e1a8cf7b919df22
SHA1: f1b755a09934cd9c51d87b606c8e8ddf07719ebf
SHA256:3d298e2da1e11dba952cf4e5d750fafc41713470767b57c4f6969123c0892a23
Referenced In Project/Scope: spotbugs-maven-plugin:compile
doxia-module-xhtml-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	doxia-module-xhtml	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	doxia	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	module	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	doxia-module-xhtml	Highest
Vendor	pom	artifactid	doxia-module-xhtml	Low
Vendor	pom	groupid	org.apache.maven.doxia	Highest
Vendor	pom	name	Doxia :: XHTML Module	High
Vendor	pom	parent-artifactid	doxia-modules	Low
Product	file	name	doxia-module-xhtml	High
Product	jar	package name	apache	Highest
Product	jar	package name	doxia	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	module	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Doxia :: XHTML Module	High
Product	Manifest	specification-title	Doxia :: XHTML Module	Medium
Product	pom	artifactid	doxia-module-xhtml	Highest
Product	pom	groupid	org.apache.maven.doxia	Highest
Product	pom	name	Doxia :: XHTML Module	High
Product	pom	parent-artifactid	doxia-modules	Medium
Version	file	version	1.11.1	High
Version	Manifest	Implementation-Version	1.11.1	High
Version	pom	version	1.11.1	Highest

Identifiers

pkg:maven/org.apache.maven.doxia/doxia-module-xhtml@1.11.1 (Confidence:High)

doxia-module-xhtml5-1.11.1.jar

Description:

    A Doxia module for Xhtml5 source documents.
    Xhtml5 format is supported both as source and target formats.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-module-xhtml5\1.11.1\doxia-module-xhtml5-1.11.1.jar
MD5: 37208526e7ed1051bc8c7f8dc076e5c9
SHA1: e4ee721555ff063d7ef9042d6b9237386c6b33e0
SHA256:3583ae17f9ae97db41da038dc67552a386e7a9f850f45fa6fdb0d2b9ef36a31c
Referenced In Project/Scope: spotbugs-maven-plugin:compile
doxia-module-xhtml5-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	doxia-module-xhtml5	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	doxia	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	module	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	doxia-module-xhtml5	Highest
Vendor	pom	artifactid	doxia-module-xhtml5	Low
Vendor	pom	groupid	org.apache.maven.doxia	Highest
Vendor	pom	name	Doxia :: XHTML5 Module	High
Vendor	pom	parent-artifactid	doxia-modules	Low
Product	file	name	doxia-module-xhtml5	High
Product	jar	package name	apache	Highest
Product	jar	package name	doxia	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	module	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Doxia :: XHTML5 Module	High
Product	Manifest	specification-title	Doxia :: XHTML5 Module	Medium
Product	pom	artifactid	doxia-module-xhtml5	Highest
Product	pom	groupid	org.apache.maven.doxia	Highest
Product	pom	name	Doxia :: XHTML5 Module	High
Product	pom	parent-artifactid	doxia-modules	Medium
Version	file	version	1.11.1	High
Version	Manifest	Implementation-Version	1.11.1	High
Version	pom	version	1.11.1	Highest

Identifiers

pkg:maven/org.apache.maven.doxia/doxia-module-xhtml5@1.11.1 (Confidence:High)

doxia-sink-api-1.12.0.jar

Description:

Doxia Sink API.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-sink-api\1.12.0\doxia-sink-api-1.12.0.jar
MD5: 965677b99fde26ed0b5556dbab622075
SHA1: 92a2fdeaeb59e921fff9c5ca9a2ea6118a494760
SHA256:5dca6aaaa9e70d8a0766e143ddcf9db09de5fde0fbcc78cb635d74e764dfcca5
Referenced In Project/Scope: spotbugs-maven-plugin:compile
doxia-sink-api-1.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	doxia-sink-api	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	doxia	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	sink	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	doxia-sink-api	Highest
Vendor	pom	artifactid	doxia-sink-api	Low
Vendor	pom	groupid	org.apache.maven.doxia	Highest
Vendor	pom	name	Doxia :: Sink API	High
Vendor	pom	parent-artifactid	doxia	Low
Product	file	name	doxia-sink-api	High
Product	jar	package name	apache	Highest
Product	jar	package name	doxia	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	sink	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Doxia :: Sink API	High
Product	Manifest	specification-title	Doxia :: Sink API	Medium
Product	pom	artifactid	doxia-sink-api	Highest
Product	pom	groupid	org.apache.maven.doxia	Highest
Product	pom	name	Doxia :: Sink API	High
Product	pom	parent-artifactid	doxia	Medium
Version	file	version	1.12.0	High
Version	Manifest	Implementation-Version	1.12.0	High
Version	pom	version	1.12.0	Highest

Identifiers

pkg:maven/org.apache.maven.doxia/doxia-sink-api@1.12.0 (Confidence:High)

doxia-site-renderer-1.11.1.jar

Description:

The Site Renderer handles the rendering of sites, merging site decoration with document content.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-site-renderer\1.11.1\doxia-site-renderer-1.11.1.jar
MD5: 871abead02f713fb9c02d5ba36f65bf7
SHA1: 414e3b2049aa6f6710ecca4fa905d9d2ce318773
SHA256:f279a087910d3e0728daad9114da8f3211cfb49b5e8457d05ee9ee5f04284527
Referenced In Project/Scope: spotbugs-maven-plugin:compile
doxia-site-renderer-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	doxia-site-renderer	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	doxia	Highest
Vendor	jar	package name	maven	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	doxia-site-renderer	Highest
Vendor	pom	artifactid	doxia-site-renderer	Low
Vendor	pom	groupid	org.apache.maven.doxia	Highest
Vendor	pom	name	Doxia Sitetools :: Site Renderer	High
Vendor	pom	parent-artifactid	doxia-sitetools	Low
Product	file	name	doxia-site-renderer	High
Product	jar	package name	apache	Highest
Product	jar	package name	doxia	Highest
Product	jar	package name	maven	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Doxia Sitetools :: Site Renderer	High
Product	Manifest	specification-title	Doxia Sitetools :: Site Renderer	Medium
Product	pom	artifactid	doxia-site-renderer	Highest
Product	pom	groupid	org.apache.maven.doxia	Highest
Product	pom	name	Doxia Sitetools :: Site Renderer	High
Product	pom	parent-artifactid	doxia-sitetools	Medium
Version	file	version	1.11.1	High
Version	Manifest	Implementation-Version	1.11.1	High
Version	pom	version	1.11.1	Highest

Identifiers

pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1 (Confidence:High)

doxia-skin-model-1.11.1.jar

Description:

The Skin Model defines metadata for Doxia Sitetools skins.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\doxia\doxia-skin-model\1.11.1\doxia-skin-model-1.11.1.jar
MD5: 6fa7b3005dad9f4b285a889b3b68d8aa
SHA1: b6994a60da09eb429c01362e9a6a510e0f83d24e
SHA256:5337efbe45413d24b71422d145062f84bde96271dab9f3a5caa3fab461974bf4
Referenced In Project/Scope: spotbugs-maven-plugin:compile
doxia-skin-model-1.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	doxia-skin-model	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	doxia	Highest
Vendor	jar	package name	maven	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	doxia-skin-model	Highest
Vendor	pom	artifactid	doxia-skin-model	Low
Vendor	pom	groupid	org.apache.maven.doxia	Highest
Vendor	pom	name	Doxia Sitetools :: Skin Model	High
Vendor	pom	parent-artifactid	doxia-sitetools	Low
Product	file	name	doxia-skin-model	High
Product	jar	package name	apache	Highest
Product	jar	package name	doxia	Highest
Product	jar	package name	maven	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Doxia Sitetools :: Skin Model	High
Product	Manifest	specification-title	Doxia Sitetools :: Skin Model	Medium
Product	pom	artifactid	doxia-skin-model	Highest
Product	pom	groupid	org.apache.maven.doxia	Highest
Product	pom	name	Doxia Sitetools :: Skin Model	High
Product	pom	parent-artifactid	doxia-sitetools	Medium
Version	file	version	1.11.1	High
Version	Manifest	Implementation-Version	1.11.1	High
Version	pom	version	1.11.1	Highest

Identifiers

pkg:maven/org.apache.maven.doxia/doxia-skin-model@1.11.1 (Confidence:High)

error_prone_annotations-2.26.1.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\google\errorprone\error_prone_annotations\2.26.1\error_prone_annotations-2.26.1.jar
MD5: 64c623e550068e3b2708e5d901865c56
SHA1: c1fde57694bdc14e8618899aaa6e857d9465d7de
SHA256:de25f2d9a2156529bd765f51d8efdfc0dfa7301e04efb9cc75b7f10cf5d0e0fb
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	error_prone_annotations	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	errorprone	Highest
Vendor	jar	package name	google	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-docurl	https://errorprone.info/error_prone_annotations	Low
Vendor	Manifest	bundle-symbolicname	com.google.errorprone.annotations	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	error_prone_annotations	Highest
Vendor	pom	artifactid	error_prone_annotations	Low
Vendor	pom	groupid	com.google.errorprone	Highest
Vendor	pom	name	error-prone annotations	High
Vendor	pom	parent-artifactid	error_prone_parent	Low
Product	file	name	error_prone_annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	errorprone	Highest
Product	jar	package name	google	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-docurl	https://errorprone.info/error_prone_annotations	Low
Product	Manifest	Bundle-Name	error-prone annotations	Medium
Product	Manifest	bundle-symbolicname	com.google.errorprone.annotations	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	error_prone_annotations	Highest
Product	pom	groupid	com.google.errorprone	Highest
Product	pom	name	error-prone annotations	High
Product	pom	parent-artifactid	error_prone_parent	Medium
Version	file	version	2.26.1	High
Version	Manifest	Bundle-Version	2.26.1	High
Version	pom	version	2.26.1	Highest

Identifiers

pkg:maven/com.google.errorprone/error_prone_annotations@2.26.1 (Confidence:High)

failureaccess-1.0.2.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes are conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\failureaccess\1.0.2\failureaccess-1.0.2.jar
MD5: 3f75955b49b6758fd6d1e1bd9bf777b3
SHA1: c4a06a64e650562f30b7bf9aaec1bfed43aca12b
SHA256:8a8f81cf9b359e3f6dfa691a1e776985c061ef2f223c9b2c80753e1b458e8064
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.google.guava/guava@33.1.0-jre

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	failureaccess	High
Vendor	jar	package name	common	Highest
Vendor	jar	package name	concurrent	Highest
Vendor	jar	package name	google	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	automatic-module-name	com.google.common.util.concurrent.internal	Medium
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://github.com/google/guava/	Low
Vendor	Manifest	bundle-symbolicname	com.google.guava.failureaccess	Medium
Vendor	pom	artifactid	failureaccess	Highest
Vendor	pom	artifactid	failureaccess	Low
Vendor	pom	groupid	com.google.guava	Highest
Vendor	pom	name	Guava InternalFutureFailureAccess and InternalFutures	High
Vendor	pom	parent-artifactid	guava-parent	Low
Product	file	name	failureaccess	High
Product	jar	package name	common	Highest
Product	jar	package name	concurrent	Highest
Product	jar	package name	google	Highest
Product	jar	package name	util	Highest
Product	Manifest	automatic-module-name	com.google.common.util.concurrent.internal	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://github.com/google/guava/	Low
Product	Manifest	Bundle-Name	Guava InternalFutureFailureAccess and InternalFutures	Medium
Product	Manifest	bundle-symbolicname	com.google.guava.failureaccess	Medium
Product	pom	artifactid	failureaccess	Highest
Product	pom	groupid	com.google.guava	Highest
Product	pom	name	Guava InternalFutureFailureAccess and InternalFutures	High
Product	pom	parent-artifactid	guava-parent	Medium
Version	file	version	1.0.2	High
Version	Manifest	Bundle-Version	1.0.2	High
Version	pom	parent-version	1.0.2	Low
Version	pom	version	1.0.2	Highest

Identifiers

pkg:maven/com.google.guava/failureaccess@1.0.2 (Confidence:High)

groovy-4.0.21.jar

Description:

Groovy: A powerful multi-faceted language for the JVM

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\org\apache\groovy\groovy\4.0.21\groovy-4.0.21.jar
MD5: 56f1004f1c65355f884584967b7deb69
SHA1: 6ff3635d098b128f899c064dbc17cc1fe0db9bdc
SHA256:6743c1fef504a404945821e33cf746a6456caf686c6c6e72931716ec81c6516c
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	groovy	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	groovy	Highest
Vendor	Manifest	automatic-module-name	org.apache.groovy	Medium
Vendor	Manifest	bundle-symbolicname	groovy	Medium
Vendor	Manifest	eclipse-buddypolicy	dependent	Low
Vendor	Manifest	eclipse-extensibleapi	true	Low
Vendor	Manifest	extension-name	groovy	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	groovy	Highest
Vendor	pom	artifactid	groovy	Low
Vendor	pom	developer email	aalmiray@users.sourceforge.net	Low
Vendor	pom	developer email	b55r@sina.com	Low
Vendor	pom	developer email	blackdrag@gmx.org	Low
Vendor	pom	developer email	bob@werken.com	Low
Vendor	pom	developer email	cedric.champeau@gmail.com	Low
Vendor	pom	developer email	ckl@dacelo.nl	Low
Vendor	pom	developer email	cpoirier@dreaming.org	Low
Vendor	pom	developer email	goetze@dovetail.com	Low
Vendor	pom	developer email	guillaume.alleon@gmail.com	Low
Vendor	pom	developer email	hamletdrc@gmail.com	Low
Vendor	pom	developer email	james@coredevelopers.com	Low
Vendor	pom	developer email	jason@planet57.com	Low
Vendor	pom	developer email	jeremy.rayner@gmail.com	Low
Vendor	pom	developer email	jim@pagesmiths.com	Low
Vendor	pom	developer email	johnstump2@yahoo.com	Low
Vendor	pom	developer email	mguillemot@yahoo.fr	Low
Vendor	pom	developer email	paulk@asert.com.au	Low
Vendor	pom	developer email	phkim@cluecom.co.kr	Low
Vendor	pom	developer email	pniederw@gmail.com	Low
Vendor	pom	developer email	russel@winder.org.uk	Low
Vendor	pom	developer email	sam@sampullara.com	Low
Vendor	pom	developer email	sormuras@gmx.de	Low
Vendor	pom	developer email	tug@wilson.co.uk	Low
Vendor	pom	developer id	aalmiray	Medium
Vendor	pom	developer id	alextkachman	Medium
Vendor	pom	developer id	andresteingress	Medium
Vendor	pom	developer id	blackdrag	Medium
Vendor	pom	developer id	bob	Medium
Vendor	pom	developer id	bran	Medium
Vendor	pom	developer id	ckl	Medium
Vendor	pom	developer id	cpoirier	Medium
Vendor	pom	developer id	cstein	Medium
Vendor	pom	developer id	emilles	Medium
Vendor	pom	developer id	galleon	Medium
Vendor	pom	developer id	glaforge	Medium
Vendor	pom	developer id	goetze	Medium
Vendor	pom	developer id	grocher	Medium
Vendor	pom	developer id	hamletdrc	Medium
Vendor	pom	developer id	jamiemc	Medium
Vendor	pom	developer id	jez	Medium
Vendor	pom	developer id	jimwhite	Medium
Vendor	pom	developer id	joe	Medium
Vendor	pom	developer id	jstrachan	Medium
Vendor	pom	developer id	jstump	Medium
Vendor	pom	developer id	jwill	Medium
Vendor	pom	developer id	jwilson	Medium
Vendor	pom	developer id	kasper	Medium
Vendor	pom	developer id	mattf	Medium
Vendor	pom	developer id	melix	Medium
Vendor	pom	developer id	mguillem	Medium
Vendor	pom	developer id	mittie	Medium
Vendor	pom	developer id	pascalschumacher	Medium
Vendor	pom	developer id	paulk	Medium
Vendor	pom	developer id	phk	Medium
Vendor	pom	developer id	pniederw	Medium
Vendor	pom	developer id	roshandawrani	Medium
Vendor	pom	developer id	rpopma	Medium
Vendor	pom	developer id	russel	Medium
Vendor	pom	developer id	shemnon	Medium
Vendor	pom	developer id	skizz	Medium
Vendor	pom	developer id	spullara	Medium
Vendor	pom	developer id	sunlan	Medium
Vendor	pom	developer id	timyates	Medium
Vendor	pom	developer id	travis	Medium
Vendor	pom	developer id	user57	Medium
Vendor	pom	developer id	zohar	Medium
Vendor	pom	developer name	Alex Tkachman	Medium
Vendor	pom	developer name	Andre Steingress	Medium
Vendor	pom	developer name	Andres Almiray	Medium
Vendor	pom	developer name	Bing Ran	Medium
Vendor	pom	developer name	bob mcwhirter	Medium
Vendor	pom	developer name	Cedric Champeau	Medium
Vendor	pom	developer name	Chris Poirier	Medium
Vendor	pom	developer name	Chris Stevenson	Medium
Vendor	pom	developer name	Christiaan ten Klooster	Medium
Vendor	pom	developer name	Christian Stein	Medium
Vendor	pom	developer name	Daniel Sun	Medium
Vendor	pom	developer name	Danno Ferrin	Medium
Vendor	pom	developer name	Dierk Koenig	Medium
Vendor	pom	developer name	Eric Milles	Medium
Vendor	pom	developer name	Graeme Rocher	Medium
Vendor	pom	developer name	Guillaume Alleon	Medium
Vendor	pom	developer name	Guillaume Laforge	Medium
Vendor	pom	developer name	Hamlet D'Arcy	Medium
Vendor	pom	developer name	James Strachan	Medium
Vendor	pom	developer name	James Williams	Medium
Vendor	pom	developer name	Jamie McCrindle	Medium
Vendor	pom	developer name	Jason Dillon	Medium
Vendor	pom	developer name	Jeremy Rayner	Medium
Vendor	pom	developer name	Jim White	Medium
Vendor	pom	developer name	Jochen Theodorou	Medium
Vendor	pom	developer name	Joe Walnes	Medium
Vendor	pom	developer name	John Stump	Medium
Vendor	pom	developer name	John Wilson	Medium
Vendor	pom	developer name	Kasper Nielsen	Medium
Vendor	pom	developer name	Marc Guillemot	Medium
Vendor	pom	developer name	Matt Foemmel	Medium
Vendor	pom	developer name	Pascal Schumacher	Medium
Vendor	pom	developer name	Paul King	Medium
Vendor	pom	developer name	Peter Niederwieser	Medium
Vendor	pom	developer name	Pilho Kim	Medium
Vendor	pom	developer name	Remko Popma	Medium
Vendor	pom	developer name	Roshan Dawrani	Medium
Vendor	pom	developer name	Russel Winder	Medium
Vendor	pom	developer name	Sam Pullara	Medium
Vendor	pom	developer name	Steve Goetze	Medium
Vendor	pom	developer name	Tim Yates	Medium
Vendor	pom	developer name	Travis Kay	Medium
Vendor	pom	developer name	Zohar Melamed	Medium
Vendor	pom	developer org	Concertant LLP & It'z Interactive Ltd	Medium
Vendor	pom	developer org	Core Developers Network	Medium
Vendor	pom	developer org	CTSR.de	Medium
Vendor	pom	developer org	Dacelo WebDevelopment	Medium
Vendor	pom	developer org	Dovetailed Technologies, LLC	Medium
Vendor	pom	developer org	Google	Medium
Vendor	pom	developer org	IFCX.org	Medium
Vendor	pom	developer org	javanicus	Medium
Vendor	pom	developer org	Karakun AG	Medium
Vendor	pom	developer org	Leadingcare	Medium
Vendor	pom	developer org	OCI, Australia	Medium
Vendor	pom	developer org	The Werken Company	Medium
Vendor	pom	developer org	The Wilson Partnership	Medium
Vendor	pom	developer org	Thomson Reuters	Medium
Vendor	pom	developer org	ThoughtWorks	Medium
Vendor	pom	developer org	Three	Medium
Vendor	pom	groupid	org.apache.groovy	Highest
Vendor	pom	name	Apache Groovy	High
Vendor	pom	organization name	Apache Software Foundation	High
Vendor	pom	organization url	https://apache.org	Medium
Vendor	pom	url	https://groovy-lang.org	Highest
Product	file	name	groovy	High
Product	jar	package name	apache	Highest
Product	jar	package name	groovy	Highest
Product	jar	package name	runtime	Highest
Product	Manifest	automatic-module-name	org.apache.groovy	Medium
Product	Manifest	Bundle-Name	Groovy module: groovy	Medium
Product	Manifest	bundle-symbolicname	groovy	Medium
Product	Manifest	eclipse-buddypolicy	dependent	Low
Product	Manifest	eclipse-extensibleapi	true	Low
Product	Manifest	extension-name	groovy	Medium
Product	Manifest	Implementation-Title	Groovy: a powerful, multi-faceted language for the JVM	High
Product	Manifest	specification-title	Groovy: a powerful, multi-faceted language for the JVM	Medium
Product	pom	artifactid	groovy	Highest
Product	pom	developer email	aalmiray@users.sourceforge.net	Low
Product	pom	developer email	b55r@sina.com	Low
Product	pom	developer email	blackdrag@gmx.org	Low
Product	pom	developer email	bob@werken.com	Low
Product	pom	developer email	cedric.champeau@gmail.com	Low
Product	pom	developer email	ckl@dacelo.nl	Low
Product	pom	developer email	cpoirier@dreaming.org	Low
Product	pom	developer email	goetze@dovetail.com	Low
Product	pom	developer email	guillaume.alleon@gmail.com	Low
Product	pom	developer email	hamletdrc@gmail.com	Low
Product	pom	developer email	james@coredevelopers.com	Low
Product	pom	developer email	jason@planet57.com	Low
Product	pom	developer email	jeremy.rayner@gmail.com	Low
Product	pom	developer email	jim@pagesmiths.com	Low
Product	pom	developer email	johnstump2@yahoo.com	Low
Product	pom	developer email	mguillemot@yahoo.fr	Low
Product	pom	developer email	paulk@asert.com.au	Low
Product	pom	developer email	phkim@cluecom.co.kr	Low
Product	pom	developer email	pniederw@gmail.com	Low
Product	pom	developer email	russel@winder.org.uk	Low
Product	pom	developer email	sam@sampullara.com	Low
Product	pom	developer email	sormuras@gmx.de	Low
Product	pom	developer email	tug@wilson.co.uk	Low
Product	pom	developer id	aalmiray	Low
Product	pom	developer id	alextkachman	Low
Product	pom	developer id	andresteingress	Low
Product	pom	developer id	blackdrag	Low
Product	pom	developer id	bob	Low
Product	pom	developer id	bran	Low
Product	pom	developer id	ckl	Low
Product	pom	developer id	cpoirier	Low
Product	pom	developer id	cstein	Low
Product	pom	developer id	emilles	Low
Product	pom	developer id	galleon	Low
Product	pom	developer id	glaforge	Low
Product	pom	developer id	goetze	Low
Product	pom	developer id	grocher	Low
Product	pom	developer id	hamletdrc	Low
Product	pom	developer id	jamiemc	Low
Product	pom	developer id	jez	Low
Product	pom	developer id	jimwhite	Low
Product	pom	developer id	joe	Low
Product	pom	developer id	jstrachan	Low
Product	pom	developer id	jstump	Low
Product	pom	developer id	jwill	Low
Product	pom	developer id	jwilson	Low
Product	pom	developer id	kasper	Low
Product	pom	developer id	mattf	Low
Product	pom	developer id	melix	Low
Product	pom	developer id	mguillem	Low
Product	pom	developer id	mittie	Low
Product	pom	developer id	pascalschumacher	Low
Product	pom	developer id	paulk	Low
Product	pom	developer id	phk	Low
Product	pom	developer id	pniederw	Low
Product	pom	developer id	roshandawrani	Low
Product	pom	developer id	rpopma	Low
Product	pom	developer id	russel	Low
Product	pom	developer id	shemnon	Low
Product	pom	developer id	skizz	Low
Product	pom	developer id	spullara	Low
Product	pom	developer id	sunlan	Low
Product	pom	developer id	timyates	Low
Product	pom	developer id	travis	Low
Product	pom	developer id	user57	Low
Product	pom	developer id	zohar	Low
Product	pom	developer name	Alex Tkachman	Low
Product	pom	developer name	Andre Steingress	Low
Product	pom	developer name	Andres Almiray	Low
Product	pom	developer name	Bing Ran	Low
Product	pom	developer name	bob mcwhirter	Low
Product	pom	developer name	Cedric Champeau	Low
Product	pom	developer name	Chris Poirier	Low
Product	pom	developer name	Chris Stevenson	Low
Product	pom	developer name	Christiaan ten Klooster	Low
Product	pom	developer name	Christian Stein	Low
Product	pom	developer name	Daniel Sun	Low
Product	pom	developer name	Danno Ferrin	Low
Product	pom	developer name	Dierk Koenig	Low
Product	pom	developer name	Eric Milles	Low
Product	pom	developer name	Graeme Rocher	Low
Product	pom	developer name	Guillaume Alleon	Low
Product	pom	developer name	Guillaume Laforge	Low
Product	pom	developer name	Hamlet D'Arcy	Low
Product	pom	developer name	James Strachan	Low
Product	pom	developer name	James Williams	Low
Product	pom	developer name	Jamie McCrindle	Low
Product	pom	developer name	Jason Dillon	Low
Product	pom	developer name	Jeremy Rayner	Low
Product	pom	developer name	Jim White	Low
Product	pom	developer name	Jochen Theodorou	Low
Product	pom	developer name	Joe Walnes	Low
Product	pom	developer name	John Stump	Low
Product	pom	developer name	John Wilson	Low
Product	pom	developer name	Kasper Nielsen	Low
Product	pom	developer name	Marc Guillemot	Low
Product	pom	developer name	Matt Foemmel	Low
Product	pom	developer name	Pascal Schumacher	Low
Product	pom	developer name	Paul King	Low
Product	pom	developer name	Peter Niederwieser	Low
Product	pom	developer name	Pilho Kim	Low
Product	pom	developer name	Remko Popma	Low
Product	pom	developer name	Roshan Dawrani	Low
Product	pom	developer name	Russel Winder	Low
Product	pom	developer name	Sam Pullara	Low
Product	pom	developer name	Steve Goetze	Low
Product	pom	developer name	Tim Yates	Low
Product	pom	developer name	Travis Kay	Low
Product	pom	developer name	Zohar Melamed	Low
Product	pom	developer org	Concertant LLP & It'z Interactive Ltd	Low
Product	pom	developer org	Core Developers Network	Low
Product	pom	developer org	CTSR.de	Low
Product	pom	developer org	Dacelo WebDevelopment	Low
Product	pom	developer org	Dovetailed Technologies, LLC	Low
Product	pom	developer org	Google	Low
Product	pom	developer org	IFCX.org	Low
Product	pom	developer org	javanicus	Low
Product	pom	developer org	Karakun AG	Low
Product	pom	developer org	Leadingcare	Low
Product	pom	developer org	OCI, Australia	Low
Product	pom	developer org	The Werken Company	Low
Product	pom	developer org	The Wilson Partnership	Low
Product	pom	developer org	Thomson Reuters	Low
Product	pom	developer org	ThoughtWorks	Low
Product	pom	developer org	Three	Low
Product	pom	groupid	org.apache.groovy	Highest
Product	pom	name	Apache Groovy	High
Product	pom	organization name	Apache Software Foundation	Low
Product	pom	organization url	https://apache.org	Low
Product	pom	url	https://groovy-lang.org	Medium
Version	file	version	4.0.21	High
Version	Manifest	Bundle-Version	4.0.21	High
Version	Manifest	Implementation-Version	4.0.21	High
Version	pom	version	4.0.21	Highest

Related Dependencies

groovy-dateutil-4.0.21.jar
- File Path: C:\Users\Jeremy\.m2\repository\org\apache\groovy\groovy-dateutil\4.0.21\groovy-dateutil-4.0.21.jar
- MD5: 9dc17d70cb6c02e3398d684a777f642a
- SHA1: 34254f6551769c99670ecaab18362b88bac64b5e
- SHA256: 4523b9e2ed152dd8c6edd6d83b569c5b03251f77eb0bcbca0a92e8a8cc5f998b
- pkg:maven/org.apache.groovy/groovy-dateutil@4.0.21
groovy-docgenerator-4.0.21.jar
- File Path: C:\Users\Jeremy\.m2\repository\org\apache\groovy\groovy-docgenerator\4.0.21\groovy-docgenerator-4.0.21.jar
- MD5: 3e14de035eee5b752b16b4b98a2150fc
- SHA1: 7d499d3fc63dd185c110e74b1f8dd2f4d5a3c077
- SHA256: e10a4fbb79acac3abd162a86e9f3417cdca60d49abeb09f6349b9d0eb6151048
- pkg:maven/org.apache.groovy/groovy-docgenerator@4.0.21
groovy-groovydoc-4.0.21.jar
- File Path: C:\Users\Jeremy\.m2\repository\org\apache\groovy\groovy-groovydoc\4.0.21\groovy-groovydoc-4.0.21.jar
- MD5: a11c4404a1ae1dd9d1c84981f25b666f
- SHA1: 92c73e01d33dc71dae496b95e7a982166ca0a262
- SHA256: b0d6d7802818caeec4b46cca31d6ae626565f2ff3040763a86cbc0b77d19d707
- pkg:maven/org.apache.groovy/groovy-groovydoc@4.0.21
groovy-json-4.0.21.jar
- File Path: C:\Users\Jeremy\.m2\repository\org\apache\groovy\groovy-json\4.0.21\groovy-json-4.0.21.jar
- MD5: 0cf695f88cba2dd0d2fa84c33d6f4e1b
- SHA1: ff68cbca4599a68a2337db728dae49c50e012ca6
- SHA256: 5537b95a5289b2318a2456ad3f518faaa2ea26cf8747a658d724843b3e87b141
- pkg:maven/org.apache.groovy/groovy-json@4.0.21
groovy-templates-4.0.21.jar
- File Path: C:\Users\Jeremy\.m2\repository\org\apache\groovy\groovy-templates\4.0.21\groovy-templates-4.0.21.jar
- MD5: e6cc87079b649a8ac9b4c4941f51eae5
- SHA1: ecedc0e8e7e53ec8a333de8fefa35feb1683b319
- SHA256: 929e8fbd70a656ae2b55bebec7691136bcfd185a9e89baa570b62dfc274451df
- pkg:maven/org.apache.groovy/groovy-templates@4.0.21
groovy-xml-4.0.21.jar
- File Path: C:\Users\Jeremy\.m2\repository\org\apache\groovy\groovy-xml\4.0.21\groovy-xml-4.0.21.jar
- MD5: e8880240d8c9857b00d042593e5c5dc7
- SHA1: b4f4dacb0d36934d38a29e1730bc4534ebb81b13
- SHA256: a3fced90e0cca209982b1860ac19d36ccc4847a06401b074e775804fe2f8e810
- pkg:maven/org.apache.groovy/groovy-xml@4.0.21

Identifiers

pkg:maven/org.apache.groovy/groovy@4.0.21 (Confidence:High)
cpe:2.3:a:apache:groovy:4.0.21:*:*:*:*:*:*:* (Confidence:Highest)

groovy-ant-4.0.21.jar

Description:

Groovy: A powerful multi-faceted language for the JVM

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\org\apache\groovy\groovy-ant\4.0.21\groovy-ant-4.0.21.jar
MD5: 52e8c4e4b9a1e306a41dec68a7f3f728
SHA1: e8eec3250f433c7119719758fe00716fd701a5a2
SHA256:e5cffab2e89ae7f045b1dcf114e10b6f434a585a2ee638615773c432725df337
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	groovy-ant	High
Vendor	jar	package name	ant	Highest
Vendor	jar	package name	groovy	Highest
Vendor	Manifest	automatic-module-name	org.apache.groovy.ant	Medium
Vendor	Manifest	bundle-symbolicname	groovy-ant	Medium
Vendor	Manifest	eclipse-buddypolicy	dependent	Low
Vendor	Manifest	extension-name	groovy	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	groovy-ant	Highest
Vendor	pom	artifactid	groovy-ant	Low
Vendor	pom	developer email	aalmiray@users.sourceforge.net	Low
Vendor	pom	developer email	b55r@sina.com	Low
Vendor	pom	developer email	blackdrag@gmx.org	Low
Vendor	pom	developer email	bob@werken.com	Low
Vendor	pom	developer email	cedric.champeau@gmail.com	Low
Vendor	pom	developer email	ckl@dacelo.nl	Low
Vendor	pom	developer email	cpoirier@dreaming.org	Low
Vendor	pom	developer email	goetze@dovetail.com	Low
Vendor	pom	developer email	guillaume.alleon@gmail.com	Low
Vendor	pom	developer email	hamletdrc@gmail.com	Low
Vendor	pom	developer email	james@coredevelopers.com	Low
Vendor	pom	developer email	jason@planet57.com	Low
Vendor	pom	developer email	jeremy.rayner@gmail.com	Low
Vendor	pom	developer email	jim@pagesmiths.com	Low
Vendor	pom	developer email	johnstump2@yahoo.com	Low
Vendor	pom	developer email	mguillemot@yahoo.fr	Low
Vendor	pom	developer email	paulk@asert.com.au	Low
Vendor	pom	developer email	phkim@cluecom.co.kr	Low
Vendor	pom	developer email	pniederw@gmail.com	Low
Vendor	pom	developer email	russel@winder.org.uk	Low
Vendor	pom	developer email	sam@sampullara.com	Low
Vendor	pom	developer email	sormuras@gmx.de	Low
Vendor	pom	developer email	tug@wilson.co.uk	Low
Vendor	pom	developer id	aalmiray	Medium
Vendor	pom	developer id	alextkachman	Medium
Vendor	pom	developer id	andresteingress	Medium
Vendor	pom	developer id	blackdrag	Medium
Vendor	pom	developer id	bob	Medium
Vendor	pom	developer id	bran	Medium
Vendor	pom	developer id	ckl	Medium
Vendor	pom	developer id	cpoirier	Medium
Vendor	pom	developer id	cstein	Medium
Vendor	pom	developer id	emilles	Medium
Vendor	pom	developer id	galleon	Medium
Vendor	pom	developer id	glaforge	Medium
Vendor	pom	developer id	goetze	Medium
Vendor	pom	developer id	grocher	Medium
Vendor	pom	developer id	hamletdrc	Medium
Vendor	pom	developer id	jamiemc	Medium
Vendor	pom	developer id	jez	Medium
Vendor	pom	developer id	jimwhite	Medium
Vendor	pom	developer id	joe	Medium
Vendor	pom	developer id	jstrachan	Medium
Vendor	pom	developer id	jstump	Medium
Vendor	pom	developer id	jwill	Medium
Vendor	pom	developer id	jwilson	Medium
Vendor	pom	developer id	kasper	Medium
Vendor	pom	developer id	mattf	Medium
Vendor	pom	developer id	melix	Medium
Vendor	pom	developer id	mguillem	Medium
Vendor	pom	developer id	mittie	Medium
Vendor	pom	developer id	pascalschumacher	Medium
Vendor	pom	developer id	paulk	Medium
Vendor	pom	developer id	phk	Medium
Vendor	pom	developer id	pniederw	Medium
Vendor	pom	developer id	roshandawrani	Medium
Vendor	pom	developer id	rpopma	Medium
Vendor	pom	developer id	russel	Medium
Vendor	pom	developer id	shemnon	Medium
Vendor	pom	developer id	skizz	Medium
Vendor	pom	developer id	spullara	Medium
Vendor	pom	developer id	sunlan	Medium
Vendor	pom	developer id	timyates	Medium
Vendor	pom	developer id	travis	Medium
Vendor	pom	developer id	user57	Medium
Vendor	pom	developer id	zohar	Medium
Vendor	pom	developer name	Alex Tkachman	Medium
Vendor	pom	developer name	Andre Steingress	Medium
Vendor	pom	developer name	Andres Almiray	Medium
Vendor	pom	developer name	Bing Ran	Medium
Vendor	pom	developer name	bob mcwhirter	Medium
Vendor	pom	developer name	Cedric Champeau	Medium
Vendor	pom	developer name	Chris Poirier	Medium
Vendor	pom	developer name	Chris Stevenson	Medium
Vendor	pom	developer name	Christiaan ten Klooster	Medium
Vendor	pom	developer name	Christian Stein	Medium
Vendor	pom	developer name	Daniel Sun	Medium
Vendor	pom	developer name	Danno Ferrin	Medium
Vendor	pom	developer name	Dierk Koenig	Medium
Vendor	pom	developer name	Eric Milles	Medium
Vendor	pom	developer name	Graeme Rocher	Medium
Vendor	pom	developer name	Guillaume Alleon	Medium
Vendor	pom	developer name	Guillaume Laforge	Medium
Vendor	pom	developer name	Hamlet D'Arcy	Medium
Vendor	pom	developer name	James Strachan	Medium
Vendor	pom	developer name	James Williams	Medium
Vendor	pom	developer name	Jamie McCrindle	Medium
Vendor	pom	developer name	Jason Dillon	Medium
Vendor	pom	developer name	Jeremy Rayner	Medium
Vendor	pom	developer name	Jim White	Medium
Vendor	pom	developer name	Jochen Theodorou	Medium
Vendor	pom	developer name	Joe Walnes	Medium
Vendor	pom	developer name	John Stump	Medium
Vendor	pom	developer name	John Wilson	Medium
Vendor	pom	developer name	Kasper Nielsen	Medium
Vendor	pom	developer name	Marc Guillemot	Medium
Vendor	pom	developer name	Matt Foemmel	Medium
Vendor	pom	developer name	Pascal Schumacher	Medium
Vendor	pom	developer name	Paul King	Medium
Vendor	pom	developer name	Peter Niederwieser	Medium
Vendor	pom	developer name	Pilho Kim	Medium
Vendor	pom	developer name	Remko Popma	Medium
Vendor	pom	developer name	Roshan Dawrani	Medium
Vendor	pom	developer name	Russel Winder	Medium
Vendor	pom	developer name	Sam Pullara	Medium
Vendor	pom	developer name	Steve Goetze	Medium
Vendor	pom	developer name	Tim Yates	Medium
Vendor	pom	developer name	Travis Kay	Medium
Vendor	pom	developer name	Zohar Melamed	Medium
Vendor	pom	developer org	Concertant LLP & It'z Interactive Ltd	Medium
Vendor	pom	developer org	Core Developers Network	Medium
Vendor	pom	developer org	CTSR.de	Medium
Vendor	pom	developer org	Dacelo WebDevelopment	Medium
Vendor	pom	developer org	Dovetailed Technologies, LLC	Medium
Vendor	pom	developer org	Google	Medium
Vendor	pom	developer org	IFCX.org	Medium
Vendor	pom	developer org	javanicus	Medium
Vendor	pom	developer org	Karakun AG	Medium
Vendor	pom	developer org	Leadingcare	Medium
Vendor	pom	developer org	OCI, Australia	Medium
Vendor	pom	developer org	The Werken Company	Medium
Vendor	pom	developer org	The Wilson Partnership	Medium
Vendor	pom	developer org	Thomson Reuters	Medium
Vendor	pom	developer org	ThoughtWorks	Medium
Vendor	pom	developer org	Three	Medium
Vendor	pom	groupid	org.apache.groovy	Highest
Vendor	pom	name	Apache Groovy	High
Vendor	pom	organization name	Apache Software Foundation	High
Vendor	pom	organization url	https://apache.org	Medium
Vendor	pom	url	https://groovy-lang.org	Highest
Product	file	name	groovy-ant	High
Product	jar	package name	ant	Highest
Product	jar	package name	groovy	Highest
Product	Manifest	automatic-module-name	org.apache.groovy.ant	Medium
Product	Manifest	Bundle-Name	Groovy module: groovy-ant	Medium
Product	Manifest	bundle-symbolicname	groovy-ant	Medium
Product	Manifest	eclipse-buddypolicy	dependent	Low
Product	Manifest	extension-name	groovy	Medium
Product	Manifest	Implementation-Title	Groovy: a powerful, multi-faceted language for the JVM	High
Product	Manifest	specification-title	Groovy: a powerful, multi-faceted language for the JVM	Medium
Product	pom	artifactid	groovy-ant	Highest
Product	pom	developer email	aalmiray@users.sourceforge.net	Low
Product	pom	developer email	b55r@sina.com	Low
Product	pom	developer email	blackdrag@gmx.org	Low
Product	pom	developer email	bob@werken.com	Low
Product	pom	developer email	cedric.champeau@gmail.com	Low
Product	pom	developer email	ckl@dacelo.nl	Low
Product	pom	developer email	cpoirier@dreaming.org	Low
Product	pom	developer email	goetze@dovetail.com	Low
Product	pom	developer email	guillaume.alleon@gmail.com	Low
Product	pom	developer email	hamletdrc@gmail.com	Low
Product	pom	developer email	james@coredevelopers.com	Low
Product	pom	developer email	jason@planet57.com	Low
Product	pom	developer email	jeremy.rayner@gmail.com	Low
Product	pom	developer email	jim@pagesmiths.com	Low
Product	pom	developer email	johnstump2@yahoo.com	Low
Product	pom	developer email	mguillemot@yahoo.fr	Low
Product	pom	developer email	paulk@asert.com.au	Low
Product	pom	developer email	phkim@cluecom.co.kr	Low
Product	pom	developer email	pniederw@gmail.com	Low
Product	pom	developer email	russel@winder.org.uk	Low
Product	pom	developer email	sam@sampullara.com	Low
Product	pom	developer email	sormuras@gmx.de	Low
Product	pom	developer email	tug@wilson.co.uk	Low
Product	pom	developer id	aalmiray	Low
Product	pom	developer id	alextkachman	Low
Product	pom	developer id	andresteingress	Low
Product	pom	developer id	blackdrag	Low
Product	pom	developer id	bob	Low
Product	pom	developer id	bran	Low
Product	pom	developer id	ckl	Low
Product	pom	developer id	cpoirier	Low
Product	pom	developer id	cstein	Low
Product	pom	developer id	emilles	Low
Product	pom	developer id	galleon	Low
Product	pom	developer id	glaforge	Low
Product	pom	developer id	goetze	Low
Product	pom	developer id	grocher	Low
Product	pom	developer id	hamletdrc	Low
Product	pom	developer id	jamiemc	Low
Product	pom	developer id	jez	Low
Product	pom	developer id	jimwhite	Low
Product	pom	developer id	joe	Low
Product	pom	developer id	jstrachan	Low
Product	pom	developer id	jstump	Low
Product	pom	developer id	jwill	Low
Product	pom	developer id	jwilson	Low
Product	pom	developer id	kasper	Low
Product	pom	developer id	mattf	Low
Product	pom	developer id	melix	Low
Product	pom	developer id	mguillem	Low
Product	pom	developer id	mittie	Low
Product	pom	developer id	pascalschumacher	Low
Product	pom	developer id	paulk	Low
Product	pom	developer id	phk	Low
Product	pom	developer id	pniederw	Low
Product	pom	developer id	roshandawrani	Low
Product	pom	developer id	rpopma	Low
Product	pom	developer id	russel	Low
Product	pom	developer id	shemnon	Low
Product	pom	developer id	skizz	Low
Product	pom	developer id	spullara	Low
Product	pom	developer id	sunlan	Low
Product	pom	developer id	timyates	Low
Product	pom	developer id	travis	Low
Product	pom	developer id	user57	Low
Product	pom	developer id	zohar	Low
Product	pom	developer name	Alex Tkachman	Low
Product	pom	developer name	Andre Steingress	Low
Product	pom	developer name	Andres Almiray	Low
Product	pom	developer name	Bing Ran	Low
Product	pom	developer name	bob mcwhirter	Low
Product	pom	developer name	Cedric Champeau	Low
Product	pom	developer name	Chris Poirier	Low
Product	pom	developer name	Chris Stevenson	Low
Product	pom	developer name	Christiaan ten Klooster	Low
Product	pom	developer name	Christian Stein	Low
Product	pom	developer name	Daniel Sun	Low
Product	pom	developer name	Danno Ferrin	Low
Product	pom	developer name	Dierk Koenig	Low
Product	pom	developer name	Eric Milles	Low
Product	pom	developer name	Graeme Rocher	Low
Product	pom	developer name	Guillaume Alleon	Low
Product	pom	developer name	Guillaume Laforge	Low
Product	pom	developer name	Hamlet D'Arcy	Low
Product	pom	developer name	James Strachan	Low
Product	pom	developer name	James Williams	Low
Product	pom	developer name	Jamie McCrindle	Low
Product	pom	developer name	Jason Dillon	Low
Product	pom	developer name	Jeremy Rayner	Low
Product	pom	developer name	Jim White	Low
Product	pom	developer name	Jochen Theodorou	Low
Product	pom	developer name	Joe Walnes	Low
Product	pom	developer name	John Stump	Low
Product	pom	developer name	John Wilson	Low
Product	pom	developer name	Kasper Nielsen	Low
Product	pom	developer name	Marc Guillemot	Low
Product	pom	developer name	Matt Foemmel	Low
Product	pom	developer name	Pascal Schumacher	Low
Product	pom	developer name	Paul King	Low
Product	pom	developer name	Peter Niederwieser	Low
Product	pom	developer name	Pilho Kim	Low
Product	pom	developer name	Remko Popma	Low
Product	pom	developer name	Roshan Dawrani	Low
Product	pom	developer name	Russel Winder	Low
Product	pom	developer name	Sam Pullara	Low
Product	pom	developer name	Steve Goetze	Low
Product	pom	developer name	Tim Yates	Low
Product	pom	developer name	Travis Kay	Low
Product	pom	developer name	Zohar Melamed	Low
Product	pom	developer org	Concertant LLP & It'z Interactive Ltd	Low
Product	pom	developer org	Core Developers Network	Low
Product	pom	developer org	CTSR.de	Low
Product	pom	developer org	Dacelo WebDevelopment	Low
Product	pom	developer org	Dovetailed Technologies, LLC	Low
Product	pom	developer org	Google	Low
Product	pom	developer org	IFCX.org	Low
Product	pom	developer org	javanicus	Low
Product	pom	developer org	Karakun AG	Low
Product	pom	developer org	Leadingcare	Low
Product	pom	developer org	OCI, Australia	Low
Product	pom	developer org	The Werken Company	Low
Product	pom	developer org	The Wilson Partnership	Low
Product	pom	developer org	Thomson Reuters	Low
Product	pom	developer org	ThoughtWorks	Low
Product	pom	developer org	Three	Low
Product	pom	groupid	org.apache.groovy	Highest
Product	pom	name	Apache Groovy	High
Product	pom	organization name	Apache Software Foundation	Low
Product	pom	organization url	https://apache.org	Low
Product	pom	url	https://groovy-lang.org	Medium
Version	file	version	4.0.21	High
Version	Manifest	Bundle-Version	4.0.21	High
Version	Manifest	Implementation-Version	4.0.21	High
Version	pom	version	4.0.21	Highest

Identifiers

pkg:maven/org.apache.groovy/groovy-ant@4.0.21 (Confidence:High)
cpe:2.3:a:apache:ant:4.0.21:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:apache:groovy:4.0.21:*:*:*:*:*:*:* (Confidence:Highest)

gson-2.10.1.jar

Description:

Gson JSON library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\google\code\gson\gson\2.10.1\gson-2.10.1.jar
MD5: df6097815738cb31fc56391553210843
SHA1: b3add478d4382b78ea20b1671390a858002feb6c
SHA256:4241c14a7727c34feea6507ec801318a3d4a90f070e4525681079fb94ee4c593
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	gson	High
Vendor	jar	package name	google	Highest
Vendor	jar	package name	gson	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Vendor	Manifest	bundle-developers	google;organization=Google;organizationUrl="https://www.google.com"	Low
Vendor	Manifest	bundle-docurl	https://github.com/google/gson/gson	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.7, JavaSE-1.8	Low
Vendor	Manifest	bundle-symbolicname	com.google.gson	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	gson	Highest
Vendor	pom	artifactid	gson	Low
Vendor	pom	groupid	com.google.code.gson	Highest
Vendor	pom	name	Gson	High
Vendor	pom	parent-artifactid	gson-parent	Low
Product	file	name	gson	High
Product	jar	package name	google	Highest
Product	jar	package name	gson	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Product	Manifest	bundle-developers	google;organization=Google;organizationUrl="https://www.google.com"	Low
Product	Manifest	bundle-docurl	https://github.com/google/gson/gson	Low
Product	Manifest	Bundle-Name	Gson	Medium
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.7, JavaSE-1.8	Low
Product	Manifest	bundle-symbolicname	com.google.gson	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	gson	Highest
Product	pom	groupid	com.google.code.gson	Highest
Product	pom	name	Gson	High
Product	pom	parent-artifactid	gson-parent	Medium
Version	file	version	2.10.1	High
Version	Manifest	Bundle-Version	2.10.1	High
Version	pom	version	2.10.1	Highest

Identifiers

pkg:maven/com.google.code.gson/gson@2.10.1 (Confidence:High)
cpe:2.3:a:google:gson:2.10.1:*:*:*:*:*:*:* (Confidence:Highest)

guava-33.1.0-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\guava\33.1.0-jre\guava-33.1.0-jre.jar
MD5: 4117dd61f73b1204fac466ce5c23d590
SHA1: 9b7ed39143d59e8eabcc6f91ffe4d23db2efe558
SHA256:346aec0eb8c8987360c8a264e70ff10c2fba760446eb27e8ab07e78e787a75fe
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	guava	High
Vendor	jar	package name	common	Highest
Vendor	jar	package name	google	Highest
Vendor	Manifest	automatic-module-name	com.google.common	Medium
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://github.com/google/guava/	Low
Vendor	Manifest	bundle-symbolicname	com.google.guava	Medium
Vendor	pom	artifactid	guava	Highest
Vendor	pom	artifactid	guava	Low
Vendor	pom	groupid	com.google.guava	Highest
Vendor	pom	name	Guava: Google Core Libraries for Java	High
Vendor	pom	parent-artifactid	guava-parent	Low
Vendor	pom	url	google/guava	Highest
Product	file	name	guava	High
Product	jar	package name	common	Highest
Product	jar	package name	google	Highest
Product	Manifest	automatic-module-name	com.google.common	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://github.com/google/guava/	Low
Product	Manifest	Bundle-Name	Guava: Google Core Libraries for Java	Medium
Product	Manifest	bundle-symbolicname	com.google.guava	Medium
Product	pom	artifactid	guava	Highest
Product	pom	groupid	com.google.guava	Highest
Product	pom	name	Guava: Google Core Libraries for Java	High
Product	pom	parent-artifactid	guava-parent	Medium
Product	pom	url	google/guava	High
Version	pom	version	33.1.0-jre	Highest

Identifiers

pkg:maven/com.google.guava/guava@33.1.0-jre (Confidence:High)
cpe:2.3:a:google:guava:33.1.0:*:*:*:*:*:*:* (Confidence:Highest)

guice-5.1.0.jar

Description:

Guice is a lightweight dependency injection framework for Java 6 and above

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\google\inject\guice\5.1.0\guice-5.1.0.jar
MD5: 2560169296aa94492af34af2115e9511
SHA1: da25056c694c54ba16e78e4fc35f17fc60f0d1b4
SHA256:4130e50bfac48099c860f0d903b91860c81a249c90f38245f8fed58fc817bc26
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	guice	High
Vendor	jar	package name	google	Highest
Vendor	jar	package name	guice	Highest
Vendor	jar	package name	inject	Highest
Vendor	Manifest	automatic-module-name	com.google.guice	Medium
Vendor	Manifest	bundle-copyright	Copyright (C) 2006 Google Inc.	Low
Vendor	Manifest	bundle-docurl	https://github.com/google/guice	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Vendor	Manifest	bundle-symbolicname	com.google.inject	Medium
Vendor	Manifest	eclipse-extensibleapi	true	Low
Vendor	pom	artifactid	guice	Highest
Vendor	pom	artifactid	guice	Low
Vendor	pom	groupid	com.google.inject	Highest
Vendor	pom	name	Google Guice - Core Library	High
Vendor	pom	parent-artifactid	guice-parent	Low
Product	file	name	guice	High
Product	jar	package name	dependency	Highest
Product	jar	package name	google	Highest
Product	jar	package name	guice	Highest
Product	jar	package name	inject	Highest
Product	Manifest	automatic-module-name	com.google.guice	Medium
Product	Manifest	bundle-copyright	Copyright (C) 2006 Google Inc.	Low
Product	Manifest	bundle-docurl	https://github.com/google/guice	Low
Product	Manifest	Bundle-Name	guice	Medium
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.6	Low
Product	Manifest	bundle-symbolicname	com.google.inject	Medium
Product	Manifest	eclipse-extensibleapi	true	Low
Product	pom	artifactid	guice	Highest
Product	pom	groupid	com.google.inject	Highest
Product	pom	name	Google Guice - Core Library	High
Product	pom	parent-artifactid	guice-parent	Medium
Version	file	version	5.1.0	High
Version	Manifest	Bundle-Version	5.1.0	High
Version	pom	version	5.1.0	Highest

Identifiers

pkg:maven/com.google.inject/guice@5.1.0 (Confidence:High)

httpclient-4.5.13.jar

Description:

   Apache HttpComponents Client

File Path: C:\Users\Jeremy\.m2\repository\org\apache\httpcomponents\httpclient\4.5.13\httpclient-4.5.13.jar
MD5: 40d6b9075fbd28fa10292a45a0db9457
SHA1: e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada
SHA256:6fe9026a566c6a5001608cf3fc32196641f6c1e5e1986d1037ccdbd5f31ef743
Referenced In Project/Scope: spotbugs-maven-plugin:compile
httpclient-4.5.13.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-core@1.12.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	httpclient	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	client	Highest
Vendor	jar	package name	httpclient	Highest
Vendor	Manifest	automatic-module-name	org.apache.httpcomponents.httpclient	Medium
Vendor	Manifest	implementation-url	http://hc.apache.org/httpcomponents-client	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache.httpcomponents	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	httpclient	Highest
Vendor	pom	artifactid	httpclient	Low
Vendor	pom	groupid	org.apache.httpcomponents	Highest
Vendor	pom	name	Apache HttpClient	High
Vendor	pom	parent-artifactid	httpcomponents-client	Low
Vendor	pom	url	http://hc.apache.org/httpcomponents-client	Highest
Product	file	name	httpclient	High
Product	jar	package name	apache	Highest
Product	jar	package name	client	Highest
Product	jar	package name	http	Highest
Product	jar	package name	httpclient	Highest
Product	Manifest	automatic-module-name	org.apache.httpcomponents.httpclient	Medium
Product	Manifest	Implementation-Title	Apache HttpClient	High
Product	Manifest	implementation-url	http://hc.apache.org/httpcomponents-client	Low
Product	Manifest	specification-title	Apache HttpClient	Medium
Product	pom	artifactid	httpclient	Highest
Product	pom	groupid	org.apache.httpcomponents	Highest
Product	pom	name	Apache HttpClient	High
Product	pom	parent-artifactid	httpcomponents-client	Medium
Product	pom	url	http://hc.apache.org/httpcomponents-client	Medium
Version	file	version	4.5.13	High
Version	Manifest	Implementation-Version	4.5.13	High
Version	pom	version	4.5.13	Highest

Identifiers

pkg:maven/org.apache.httpcomponents/httpclient@4.5.13 (Confidence:High)
cpe:2.3:a:apache:httpclient:4.5.13:*:*:*:*:*:*:* (Confidence:Highest)

httpclient5-5.1.3.jar

Description:

Apache HttpComponents Client

File Path: C:\Users\Jeremy\.m2\repository\org\apache\httpcomponents\client5\httpclient5\5.1.3\httpclient5-5.1.3.jar
MD5: 757bfb86277b9b11798db8fdb351bf74
SHA1: 13c984b7b881afcff3a7f0bb95878724a48a4b66
SHA256:28c759254f4e35319e078bb6ffea75676608dc12cb243b24fb3c8732522977fe
Referenced In Project/Scope: spotbugs-maven-plugin:runtime
httpclient5-5.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs@4.8.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	httpclient5	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	client5	Highest
Vendor	Manifest	automatic-module-name	org.apache.httpcomponents.client5.httpclient5	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	implementation-url	https://hc.apache.org/httpcomponents-client-5.0.x/5.1.3/httpclient5/	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	httpclient5	Highest
Vendor	pom	artifactid	httpclient5	Low
Vendor	pom	groupid	org.apache.httpcomponents.client5	Highest
Vendor	pom	name	Apache HttpClient	High
Vendor	pom	parent-artifactid	httpclient5-parent	Low
Product	file	name	httpclient5	High
Product	jar	package name	apache	Highest
Product	jar	package name	client5	Highest
Product	jar	package name	hc	Highest
Product	Manifest	automatic-module-name	org.apache.httpcomponents.client5.httpclient5	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Apache HttpClient	High
Product	Manifest	implementation-url	https://hc.apache.org/httpcomponents-client-5.0.x/5.1.3/httpclient5/	Low
Product	Manifest	specification-title	Apache HttpClient	Medium
Product	pom	artifactid	httpclient5	Highest
Product	pom	groupid	org.apache.httpcomponents.client5	Highest
Product	pom	name	Apache HttpClient	High
Product	pom	parent-artifactid	httpclient5-parent	Medium
Version	file	version	5.1.3	High
Version	Manifest	Implementation-Version	5.1.3	High
Version	pom	version	5.1.3	Highest

Identifiers

pkg:maven/org.apache.httpcomponents.client5/httpclient5@5.1.3 (Confidence:High)
cpe:2.3:a:apache:httpclient:5.1.3:*:*:*:*:*:*:* (Confidence:Highest)

httpcore-4.4.14.jar

Description:

   Apache HttpComponents Core (blocking I/O)

File Path: C:\Users\Jeremy\.m2\repository\org\apache\httpcomponents\httpcore\4.4.14\httpcore-4.4.14.jar
MD5: 2b3991eda121042765a5ee299556c200
SHA1: 9dd1a631c082d92ecd4bd8fd4cf55026c720a8c1
SHA256:f956209e450cb1d0c51776dfbd23e53e9dd8db9a1298ed62b70bf0944ba63b28
Referenced In Project/Scope: spotbugs-maven-plugin:compile
httpcore-4.4.14.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-core@1.12.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	httpcore	High
Vendor	jar	package name	apache	Highest
Vendor	Manifest	automatic-module-name	org.apache.httpcomponents.httpcore	Medium
Vendor	Manifest	implementation-build	${scmBranch}@r${buildNumber}; 2020-11-26 19:07:01+0000	Low
Vendor	Manifest	implementation-url	http://hc.apache.org/httpcomponents-core-ga	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	Manifest	url	http://hc.apache.org/httpcomponents-core-ga	Low
Vendor	pom	artifactid	httpcore	Highest
Vendor	pom	artifactid	httpcore	Low
Vendor	pom	groupid	org.apache.httpcomponents	Highest
Vendor	pom	name	Apache HttpCore	High
Vendor	pom	parent-artifactid	httpcomponents-core	Low
Vendor	pom	url	http://hc.apache.org/httpcomponents-core-ga	Highest
Product	file	name	httpcore	High
Product	jar	package name	apache	Highest
Product	jar	package name	http	Highest
Product	Manifest	automatic-module-name	org.apache.httpcomponents.httpcore	Medium
Product	Manifest	implementation-build	${scmBranch}@r${buildNumber}; 2020-11-26 19:07:01+0000	Low
Product	Manifest	Implementation-Title	HttpComponents Apache HttpCore	High
Product	Manifest	implementation-url	http://hc.apache.org/httpcomponents-core-ga	Low
Product	Manifest	specification-title	HttpComponents Apache HttpCore	Medium
Product	Manifest	url	http://hc.apache.org/httpcomponents-core-ga	Low
Product	pom	artifactid	httpcore	Highest
Product	pom	groupid	org.apache.httpcomponents	Highest
Product	pom	name	Apache HttpCore	High
Product	pom	parent-artifactid	httpcomponents-core	Medium
Product	pom	url	http://hc.apache.org/httpcomponents-core-ga	Medium
Version	file	version	4.4.14	High
Version	Manifest	Implementation-Version	4.4.14	High
Version	pom	version	4.4.14	Highest

Identifiers

pkg:maven/org.apache.httpcomponents/httpcore@4.4.14 (Confidence:High)

httpcore5-5.1.3.jar

Description:

Apache HttpComponents HTTP/1.1 core components

File Path: C:\Users\Jeremy\.m2\repository\org\apache\httpcomponents\core5\httpcore5\5.1.3\httpcore5-5.1.3.jar
MD5: e3311847fc70a84038fb2c079dd08c4a
SHA1: d1638d1e5f2793f187d4144c702a93524ba6fd3b
SHA256:f2bf2f2c7772169c9e30699719667ad30f9b46c4e9d7841907deb2d12d9923fe
Referenced In Project/Scope: spotbugs-maven-plugin:runtime
httpcore5-5.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs@4.8.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	httpcore5	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	core5	Highest
Vendor	Manifest	automatic-module-name	org.apache.httpcomponents.core5.httpcore5	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	implementation-url	https://hc.apache.org/httpcomponents-core-5.1.x/5.1.3/httpcore5/	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	httpcore5	Highest
Vendor	pom	artifactid	httpcore5	Low
Vendor	pom	groupid	org.apache.httpcomponents.core5	Highest
Vendor	pom	name	Apache HttpComponents Core HTTP/1.1	High
Vendor	pom	parent-artifactid	httpcore5-parent	Low
Product	file	name	httpcore5	High
Product	jar	package name	apache	Highest
Product	jar	package name	core5	Highest
Product	jar	package name	hc	Highest
Product	Manifest	automatic-module-name	org.apache.httpcomponents.core5.httpcore5	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Apache HttpComponents Core HTTP/1.1	High
Product	Manifest	implementation-url	https://hc.apache.org/httpcomponents-core-5.1.x/5.1.3/httpcore5/	Low
Product	Manifest	specification-title	Apache HttpComponents Core HTTP/1.1	Medium
Product	pom	artifactid	httpcore5	Highest
Product	pom	groupid	org.apache.httpcomponents.core5	Highest
Product	pom	name	Apache HttpComponents Core HTTP/1.1	High
Product	pom	parent-artifactid	httpcore5-parent	Medium
Version	file	version	5.1.3	High
Version	Manifest	Implementation-Version	5.1.3	High
Version	pom	version	5.1.3	Highest

Identifiers

pkg:maven/org.apache.httpcomponents.core5/httpcore5@5.1.3 (Confidence:High)

httpcore5-h2-5.1.3.jar

Description:

Apache HttpComponents HTTP/2 Core Components

File Path: C:\Users\Jeremy\.m2\repository\org\apache\httpcomponents\core5\httpcore5-h2\5.1.3\httpcore5-h2-5.1.3.jar
MD5: e12cc9746f6635675a408e641c95b177
SHA1: 4664b59b09f5ee008e37a963bbb92f4068e91696
SHA256:d0e78ba15aa8ebe77982b660ac4b09a95d6e035dbdbea762577dc1c8e2935807
Referenced In Project/Scope: spotbugs-maven-plugin:runtime
httpcore5-h2-5.1.3.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs@4.8.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	httpcore5-h2	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	core5	Highest
Vendor	Manifest	automatic-module-name	org.apache.httpcomponents.core5.httpcore5.h2	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	implementation-url	https://hc.apache.org/httpcomponents-core-5.1.x/5.1.3/httpcore5-h2/	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	httpcore5-h2	Highest
Vendor	pom	artifactid	httpcore5-h2	Low
Vendor	pom	groupid	org.apache.httpcomponents.core5	Highest
Vendor	pom	name	Apache HttpComponents Core HTTP/2	High
Vendor	pom	parent-artifactid	httpcore5-parent	Low
Product	file	name	httpcore5-h2	High
Product	jar	package name	apache	Highest
Product	jar	package name	core5	Highest
Product	jar	package name	hc	Highest
Product	Manifest	automatic-module-name	org.apache.httpcomponents.core5.httpcore5.h2	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Apache HttpComponents Core HTTP/2	High
Product	Manifest	implementation-url	https://hc.apache.org/httpcomponents-core-5.1.x/5.1.3/httpcore5-h2/	Low
Product	Manifest	specification-title	Apache HttpComponents Core HTTP/2	Medium
Product	pom	artifactid	httpcore5-h2	Highest
Product	pom	groupid	org.apache.httpcomponents.core5	Highest
Product	pom	name	Apache HttpComponents Core HTTP/2	High
Product	pom	parent-artifactid	httpcore5-parent	Medium
Version	file	version	5.1.3	High
Version	Manifest	Implementation-Version	5.1.3	High
Version	pom	version	5.1.3	Highest

Identifiers

pkg:maven/org.apache.httpcomponents.core5/httpcore5-h2@5.1.3 (Confidence:High)

j2objc-annotations-3.0.0.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\google\j2objc\j2objc-annotations\3.0.0\j2objc-annotations-3.0.0.jar
MD5: f59529b29202a5baf37f491ea5ec8627
SHA1: 7399e65dd7e9ff3404f4535b2f017093bdb134c7
SHA256:88241573467ddca44ffd4d74aa04c2bbfd11bf7c17e0c342c94c9de7a70a7c64
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	j2objc-annotations	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	google	Highest
Vendor	jar	package name	j2objc	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	j2objc-annotations	Highest
Vendor	pom	artifactid	j2objc-annotations	Low
Vendor	pom	developer email	tball@google.com	Low
Vendor	pom	developer id	tomball	Medium
Vendor	pom	developer name	Tom Ball	Medium
Vendor	pom	developer org	Google	Medium
Vendor	pom	developer org URL	https://www.google.com	Medium
Vendor	pom	groupid	com.google.j2objc	Highest
Vendor	pom	name	J2ObjC Annotations	High
Vendor	pom	url	google/j2objc/	Highest
Product	file	name	j2objc-annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	google	Highest
Product	jar	package name	j2objc	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	j2objc-annotations	Highest
Product	pom	developer email	tball@google.com	Low
Product	pom	developer id	tomball	Low
Product	pom	developer name	Tom Ball	Low
Product	pom	developer org	Google	Low
Product	pom	developer org URL	https://www.google.com	Low
Product	pom	groupid	com.google.j2objc	Highest
Product	pom	name	J2ObjC Annotations	High
Product	pom	url	google/j2objc/	High
Version	file	version	3.0.0	High
Version	pom	version	3.0.0	Highest

Identifiers

pkg:maven/com.google.j2objc/j2objc-annotations@3.0.0 (Confidence:High)

javaparser-core-3.25.10.jar

Description:

The core parser functionality. This may be all you need.

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-3.0.html
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\github\javaparser\javaparser-core\3.25.10\javaparser-core-3.25.10.jar
MD5: 0570ebdb35505af63dbd953106562690
SHA1: ed2d4a9c601507713cf2f6208df4c844fe6447b2
SHA256:9e80a37f92dd777d715c413a9a227e27a369d4a389ddbf2292cd74faec7e77d0
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	javaparser-core	High
Vendor	jar	package name	github	Highest
Vendor	jar	package name	javaparser	Highest
Vendor	Manifest	automatic-module-name	com.github.javaparser.core	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-developers	matozoid;email="hexagonaal@gmail.com";name="Danny van Bruggen","jgesser@gmail.com";email="jgesser@gmail.com";name="Júlio Vilmar Gesser",sebastiankirsch;email="sebastian.kirsch@immobilienscout24.de";name="Sebastian Kirsch",before;name="André Rouél",SmiddyPence;email="smiddypence@gmail.com";name="Nicholas Smith",ftomassetti;email="federico@tomassetti.me";name="Federico Tomassetti",ptitjes;email="ptitjes@free.fr";name="Didier Villevalois",MysterAitch;name="Roger Howell",MysterAitch;name="Roger Howell",jlerbsc;name="Jean Pierre Lerbscher",maartenc;name="Maarten Coene"	Low
Vendor	Manifest	bundle-docurl	https://github.com/javaparser/javaparser-core	Low
Vendor	Manifest	bundle-symbolicname	com.github.javaparser.javaparser-core	Medium
Vendor	pom	artifactid	javaparser-core	Highest
Vendor	pom	artifactid	javaparser-core	Low
Vendor	pom	groupid	com.github.javaparser	Highest
Vendor	pom	parent-artifactid	javaparser-parent	Low
Product	file	name	javaparser-core	High
Product	jar	package name	github	Highest
Product	jar	package name	javaparser	Highest
Product	Manifest	automatic-module-name	com.github.javaparser.core	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-developers	matozoid;email="hexagonaal@gmail.com";name="Danny van Bruggen","jgesser@gmail.com";email="jgesser@gmail.com";name="Júlio Vilmar Gesser",sebastiankirsch;email="sebastian.kirsch@immobilienscout24.de";name="Sebastian Kirsch",before;name="André Rouél",SmiddyPence;email="smiddypence@gmail.com";name="Nicholas Smith",ftomassetti;email="federico@tomassetti.me";name="Federico Tomassetti",ptitjes;email="ptitjes@free.fr";name="Didier Villevalois",MysterAitch;name="Roger Howell",MysterAitch;name="Roger Howell",jlerbsc;name="Jean Pierre Lerbscher",maartenc;name="Maarten Coene"	Low
Product	Manifest	bundle-docurl	https://github.com/javaparser/javaparser-core	Low
Product	Manifest	Bundle-Name	javaparser-core	Medium
Product	Manifest	bundle-symbolicname	com.github.javaparser.javaparser-core	Medium
Product	pom	artifactid	javaparser-core	Highest
Product	pom	groupid	com.github.javaparser	Highest
Product	pom	parent-artifactid	javaparser-parent	Medium
Version	file	version	3.25.10	High
Version	Manifest	Bundle-Version	3.25.10	High
Version	pom	version	3.25.10	Highest

Identifiers

pkg:maven/com.github.javaparser/javaparser-core@3.25.10 (Confidence:High)

javax.annotation-api-1.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html

File Path: C:\Users\Jeremy\.m2\repository\javax\annotation\javax.annotation-api\1.2\javax.annotation-api-1.2.jar
MD5: 75fe320d2b3763bd6883ae1ede35e987
SHA1: 479c1e06db31c432330183f5cae684163f186146
SHA256:5909b396ca3a2be10d0eea32c74ef78d816e1b4ead21de1d78de1f890d033e04
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/org.apache.maven/maven-plugin-api@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	javax.annotation-api	High
Vendor	jar	package name	annotation	Highest
Vendor	jar	package name	javax	Highest
Vendor	Manifest	bundle-docurl	https://glassfish.java.net	Low
Vendor	Manifest	bundle-symbolicname	javax.annotation-api	Medium
Vendor	Manifest	extension-name	javax.annotation	Medium
Vendor	Manifest	Implementation-Vendor	GlassFish Community	High
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	pom	artifactid	javax.annotation-api	Highest
Vendor	pom	artifactid	javax.annotation-api	Low
Vendor	pom	developer id	mode	Medium
Vendor	pom	developer name	Rajiv Mordani	Medium
Vendor	pom	developer org	Oracle, Inc.	Medium
Vendor	pom	groupid	javax.annotation	Highest
Vendor	pom	name	API	High
Vendor	pom	name	${extension.name} API	High
Vendor	pom	organization name	GlassFish Community	High
Vendor	pom	organization url	https://glassfish.java.net	Medium
Vendor	pom	parent-artifactid	jvnet-parent	Low
Vendor	pom	parent-groupid	net.java	Medium
Vendor	pom	url	http://jcp.org/en/jsr/detail?id=250	Highest
Product	file	name	javax.annotation-api	High
Product	jar	package name	annotation	Highest
Product	jar	package name	javax	Highest
Product	Manifest	bundle-docurl	https://glassfish.java.net	Low
Product	Manifest	Bundle-Name	javax.annotation API	Medium
Product	Manifest	bundle-symbolicname	javax.annotation-api	Medium
Product	Manifest	extension-name	javax.annotation	Medium
Product	pom	artifactid	javax.annotation-api	Highest
Product	pom	developer id	mode	Low
Product	pom	developer name	Rajiv Mordani	Low
Product	pom	developer org	Oracle, Inc.	Low
Product	pom	groupid	javax.annotation	Highest
Product	pom	name	API	High
Product	pom	name	${extension.name} API	High
Product	pom	organization name	GlassFish Community	Low
Product	pom	organization url	https://glassfish.java.net	Low
Product	pom	parent-artifactid	jvnet-parent	Medium
Product	pom	parent-groupid	net.java	Medium
Product	pom	url	http://jcp.org/en/jsr/detail?id=250	Medium
Version	file	version	1.2	High
Version	Manifest	Bundle-Version	1.2	High
Version	Manifest	Implementation-Version	1.2	High
Version	pom	parent-version	1.2	Low
Version	pom	version	1.2	Highest

Identifiers

pkg:maven/javax.annotation/javax.annotation-api@1.2 (Confidence:High)

javax.inject-1.jar

Description:

The javax.inject API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\javax\inject\javax.inject\1\javax.inject-1.jar
MD5: 289075e48b909e9e74e6c915b3631d2e
SHA1: 6975da39a7040257bd51d21a231b76c915872d38
SHA256:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	javax.inject-1	High
Vendor	jar	package name	inject	Highest
Vendor	jar	package name	inject	Low
Vendor	jar	package name	javax	Highest
Vendor	jar	package name	javax	Low
Vendor	pom	artifactid	javax.inject	Highest
Vendor	pom	artifactid	javax.inject	Low
Vendor	pom	groupid	javax.inject	Highest
Vendor	pom	name	javax.inject	High
Vendor	pom	url	http://code.google.com/p/atinject/	Highest
Product	file	name	javax.inject-1	High
Product	jar	package name	inject	Highest
Product	jar	package name	inject	Low
Product	jar	package name	javax	Highest
Product	pom	artifactid	javax.inject	Highest
Product	pom	groupid	javax.inject	Highest
Product	pom	name	javax.inject	High
Product	pom	url	http://code.google.com/p/atinject/	Medium
Version	file	version	1	Medium
Version	pom	version	1	Highest

Identifiers

pkg:maven/javax.inject/javax.inject@1 (Confidence:High)

jaxen-2.0.0.jar

Description:

Jaxen is a universal XPath engine for Java.

License:

https://raw.githubusercontent.com/jaxen-xpath/jaxen/master/LICENSE.txt

File Path: C:\Users\Jeremy\.m2\repository\jaxen\jaxen\2.0.0\jaxen-2.0.0.jar
MD5: 674d5bd86b7838fe431b0277856e97ae
SHA1: bd6a33b0fda054a5678010df843cc999f288dc6c
SHA256:9499e487a66268f47b8307d130cd1e13a58392105e98a51f6a525db79c615cc5
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jaxen	High
Vendor	jar	package name	jaxen	Highest
Vendor	jar	package name	xpath	Highest
Vendor	Manifest	automatic-module-name	org.jaxen	Medium
Vendor	Manifest	bundle-docurl	https://www.cafeconleche.org/jaxen	Low
Vendor	Manifest	bundle-symbolicname	jaxen	Medium
Vendor	pom	artifactid	jaxen	Highest
Vendor	pom	artifactid	jaxen	Low
Vendor	pom	groupid	jaxen	Highest
Vendor	pom	name	jaxen	High
Vendor	pom	parent-artifactid	jaxen-parent	Low
Product	file	name	jaxen	High
Product	jar	package name	jaxen	Highest
Product	jar	package name	xpath	Highest
Product	Manifest	automatic-module-name	org.jaxen	Medium
Product	Manifest	bundle-docurl	https://www.cafeconleche.org/jaxen	Low
Product	Manifest	Bundle-Name	jaxen	Medium
Product	Manifest	bundle-symbolicname	jaxen	Medium
Product	pom	artifactid	jaxen	Highest
Product	pom	groupid	jaxen	Highest
Product	pom	name	jaxen	High
Product	pom	parent-artifactid	jaxen-parent	Medium
Version	file	version	2.0.0	High
Version	Manifest	Bundle-Version	2.0.0	High
Version	pom	version	2.0.0	Highest

Identifiers

pkg:maven/jaxen/jaxen@2.0.0 (Confidence:High)

jcip-annotations-1.0-1.jar

Description:

    A clean room implementation of the JCIP Annotations based entirely on the specification provided by the javadocs.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\github\stephenc\jcip\jcip-annotations\1.0-1\jcip-annotations-1.0-1.jar
MD5: d62dbfa8789378457ada685e2f614846
SHA1: ef31541dd28ae2cefdd17c7ebf352d93e9058c63
SHA256:4fccff8382aafc589962c4edb262f6aa595e34f1e11e61057d1c6a96e8fc7323
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs@4.8.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jcip-annotations	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	annotations	Low
Vendor	jar	package name	jcip	Highest
Vendor	jar	package name	jcip	Low
Vendor	jar	package name	net	Low
Vendor	pom	artifactid	jcip-annotations	Highest
Vendor	pom	artifactid	jcip-annotations	Low
Vendor	pom	developer id	stephenc	Medium
Vendor	pom	developer name	Stephen Connolly	Medium
Vendor	pom	groupid	com.github.stephenc.jcip	Highest
Vendor	pom	name	JCIP Annotations under Apache License	High
Vendor	pom	url	http://stephenc.github.com/jcip-annotations	Highest
Product	file	name	jcip-annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	annotations	Low
Product	jar	package name	jcip	Highest
Product	jar	package name	jcip	Low
Product	pom	artifactid	jcip-annotations	Highest
Product	pom	developer id	stephenc	Low
Product	pom	developer name	Stephen Connolly	Low
Product	pom	groupid	com.github.stephenc.jcip	Highest
Product	pom	name	JCIP Annotations under Apache License	High
Product	pom	url	http://stephenc.github.com/jcip-annotations	Medium
Version	pom	version	1.0-1	Highest

Identifiers

pkg:maven/com.github.stephenc.jcip/jcip-annotations@1.0-1 (Confidence:High)

jcl-over-slf4j-2.0.12.jar

Description:

JCL 1.2 implemented over SLF4J

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\jcl-over-slf4j\2.0.12\jcl-over-slf4j-2.0.12.jar
MD5: c9101ee2f9fc767a92692246c7c5f025
SHA1: 4462ddec70c0126e580dd0a637cb105a3c7a99ab
SHA256:3377f1bd98ef33e52bc29b4d6cca960715cffbf1a398a3824ae86486db04342f
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jcl-over-slf4j	High
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	http://www.slf4j.org	Low
Vendor	Manifest	bundle-symbolicname	jcl.over.slf4j	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin 5.1.9	Low
Vendor	pom	artifactid	jcl-over-slf4j	Highest
Vendor	pom	artifactid	jcl-over-slf4j	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	name	JCL 1.2 implemented over SLF4J	High
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	url	http://www.slf4j.org	Highest
Product	file	name	jcl-over-slf4j	High
Product	jar	package name	9	Highest
Product	jar	package name	apache	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	http://www.slf4j.org	Low
Product	Manifest	Bundle-Name	JCL 1.2 implemented over SLF4J	Medium
Product	Manifest	bundle-symbolicname	jcl.over.slf4j	Medium
Product	Manifest	Implementation-Title	jcl-over-slf4j	High
Product	Manifest	multi-release	true	Low
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin 5.1.9	Low
Product	pom	artifactid	jcl-over-slf4j	Highest
Product	pom	groupid	org.slf4j	Highest
Product	pom	name	JCL 1.2 implemented over SLF4J	High
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	url	http://www.slf4j.org	Medium
Version	file	version	2.0.12	High
Version	Manifest	Bundle-Version	2.0.12	High
Version	Manifest	Implementation-Version	2.0.12	High
Version	pom	version	2.0.12	Highest

Identifiers

pkg:maven/org.slf4j/jcl-over-slf4j@2.0.12 (Confidence:High)

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\jsr305\3.0.2\jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.google.guava/guava@33.1.0-jre

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jsr305	High
Vendor	Manifest	bundle-symbolicname	org.jsr-305	Medium
Vendor	pom	artifactid	jsr305	Highest
Vendor	pom	artifactid	jsr305	Low
Vendor	pom	groupid	com.google.code.findbugs	Highest
Vendor	pom	name	FindBugs-jsr305	High
Vendor	pom	url	http://findbugs.sourceforge.net/	Highest
Product	file	name	jsr305	High
Product	Manifest	Bundle-Name	FindBugs-jsr305	Medium
Product	Manifest	bundle-symbolicname	org.jsr-305	Medium
Product	pom	artifactid	jsr305	Highest
Product	pom	groupid	com.google.code.findbugs	Highest
Product	pom	name	FindBugs-jsr305	High
Product	pom	url	http://findbugs.sourceforge.net/	Medium
Version	file	version	3.0.2	High
Version	Manifest	Bundle-Version	3.0.2	High
Version	pom	version	3.0.2	Highest

Identifiers

pkg:maven/com.google.code.findbugs/jsr305@3.0.2 (Confidence:High)

listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar

Description:

    An empty artifact that Guava depends on to signal that it is providing
    ListenableFuture -- but is also available in a second "version" that
    contains com.google.common.util.concurrent.ListenableFuture class, without
    any other Guava classes. The idea is:

    - If users want only ListenableFuture, they depend on listenablefuture-1.0.

    - If users want all of Guava, they depend on guava, which, as of Guava
    27.0, depends on
    listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
    version number is enough for some build systems (notably, Gradle) to select
    that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....

File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\listenablefuture\9999.0-empty-to-avoid-conflict-with-guava\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
MD5: d094c22570d65e132c19cea5d352e381
SHA1: b421526c5f297295adef1c886e5246c39d4ac629
SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
Referenced In Project/Scope: spotbugs-maven-plugin:compile
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.google.guava/guava@33.1.0-jre

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	listenablefuture	High
Vendor	pom	artifactid	listenablefuture	Highest
Vendor	pom	artifactid	listenablefuture	Low
Vendor	pom	groupid	com.google.guava	Highest
Vendor	pom	name	Guava ListenableFuture only	High
Vendor	pom	parent-artifactid	guava-parent	Low
Product	file	name	listenablefuture	High
Product	pom	artifactid	listenablefuture	Highest
Product	pom	groupid	com.google.guava	Highest
Product	pom	name	Guava ListenableFuture only	High
Product	pom	parent-artifactid	guava-parent	Medium
Version	pom	parent-version	9999.0-empty-to-avoid-conflict-with-guava	Low
Version	pom	version	9999.0-empty-to-avoid-conflict-with-guava	Highest

Identifiers

pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava (Confidence:High)

log4j-api-2.23.1.jar

Description:

The Apache Log4j API

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\org\apache\logging\log4j\log4j-api\2.23.1\log4j-api-2.23.1.jar
MD5: bee2e2dcbeeb983bdb6b71c9c3476b6a
SHA1: 9c15c29c526d9c6783049c0a77722693c66706e1
SHA256:92ec1fd36ab3bc09de6198d2d7c0914685c0f7127ea931acc32fd2ecdd82ea89
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.23.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	log4j-api	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	log4j	Highest
Vendor	jar	package name	logging	Highest
Vendor	jar	package name	org	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-activationpolicy	lazy	Low
Vendor	Manifest	bundle-symbolicname	org.apache.logging.log4j.api	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	provide-capability	osgi.service;objectClass:List="org.apache.logging.log4j.util.PropertySource";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.EnvironmentPropertySource",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.SystemPropertiesPropertySource"	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	log4j-api	Highest
Vendor	pom	artifactid	log4j-api	Low
Vendor	pom	groupid	org.apache.logging.log4j	Highest
Vendor	pom	name	Apache Log4j API	High
Vendor	pom	parent-artifactid	log4j	Low
Product	file	name	log4j-api	High
Product	jar	package name	apache	Highest
Product	jar	package name	log4j	Highest
Product	jar	package name	logging	Highest
Product	jar	package name	org	Highest
Product	jar	package name	util	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-activationpolicy	lazy	Low
Product	Manifest	Bundle-Name	Apache Log4j API	Medium
Product	Manifest	bundle-symbolicname	org.apache.logging.log4j.api	Medium
Product	Manifest	Implementation-Title	Apache Log4j API	High
Product	Manifest	multi-release	true	Low
Product	Manifest	provide-capability	osgi.service;objectClass:List="org.apache.logging.log4j.util.PropertySource";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.EnvironmentPropertySource",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.util.PropertySource";register:="org.apache.logging.log4j.util.SystemPropertiesPropertySource"	Low
Product	Manifest	specification-title	Apache Log4j API	Medium
Product	pom	artifactid	log4j-api	Highest
Product	pom	groupid	org.apache.logging.log4j	Highest
Product	pom	name	Apache Log4j API	High
Product	pom	parent-artifactid	log4j	Medium
Version	file	version	2.23.1	High
Version	Manifest	Bundle-Version	2.23.1	High
Version	Manifest	Implementation-Version	2.23.1	High
Version	pom	version	2.23.1	Highest

Identifiers

pkg:maven/org.apache.logging.log4j/log4j-api@2.23.1 (Confidence:High)
cpe:2.3:a:apache:log4j:2.23.1:*:*:*:*:*:*:* (Confidence:Highest)

log4j-to-slf4j-2.23.1.jar

Description:

The Apache Log4j binding between Log4j 2 API and SLF4J.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\org\apache\logging\log4j\log4j-to-slf4j\2.23.1\log4j-to-slf4j-2.23.1.jar
MD5: d60143628bb91f9dfa0148c213388b39
SHA1: 425ad1eb8a39904d2830e907a324e956fb456520
SHA256:7937a84055156910234e3b42868f55e68ff4b7becbb6ffd10146f72f5bf54dd5
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	log4j-to-slf4j	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	logging	Highest
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-activationpolicy	lazy	Low
Vendor	Manifest	bundle-symbolicname	org.apache.logging.log4j.to.slf4j	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	false	Low
Vendor	Manifest	provide-capability	osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.slf4j.SLF4JProvider"	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	log4j-to-slf4j	Highest
Vendor	pom	artifactid	log4j-to-slf4j	Low
Vendor	pom	groupid	org.apache.logging.log4j	Highest
Vendor	pom	name	Apache Log4j to SLF4J Adapter	High
Vendor	pom	parent-artifactid	log4j	Low
Product	file	name	log4j-to-slf4j	High
Product	jar	package name	apache	Highest
Product	jar	package name	logging	Highest
Product	jar	package name	slf4j	Highest
Product	jar	package name	slf4jprovider	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-activationpolicy	lazy	Low
Product	Manifest	Bundle-Name	Apache Log4j to SLF4J Adapter	Medium
Product	Manifest	bundle-symbolicname	org.apache.logging.log4j.to.slf4j	Medium
Product	Manifest	Implementation-Title	Apache Log4j to SLF4J Adapter	High
Product	Manifest	multi-release	false	Low
Product	Manifest	provide-capability	osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.slf4j.SLF4JProvider"	Low
Product	Manifest	specification-title	Apache Log4j to SLF4J Adapter	Medium
Product	pom	artifactid	log4j-to-slf4j	Highest
Product	pom	groupid	org.apache.logging.log4j	Highest
Product	pom	name	Apache Log4j to SLF4J Adapter	High
Product	pom	parent-artifactid	log4j	Medium
Version	file	version	2.23.1	High
Version	Manifest	Bundle-Version	2.23.1	High
Version	Manifest	Implementation-Version	2.23.1	High
Version	pom	version	2.23.1	Highest

Identifiers

pkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.23.1 (Confidence:High)

lombok-1.18.32.jar: mavenEcjBootstrapAgent.jar

File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.18.32\lombok-1.18.32.jar\lombok\launch\mavenEcjBootstrapAgent.jar
MD5: 81090c80616485973f6cd4a19d72bbdb
SHA1: ed1e7c8794dea7c7f7050098d56b2751b9f91288
SHA256:e97851350e56f4d1b02356ef61276886831e3a5e33a914ea95e878e2a46df69e
Referenced In Project/Scope: spotbugs-maven-plugin:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	mavenEcjBootstrapAgent	High
Vendor	jar	package name	launch	Low
Vendor	jar	package name	lombok	Low
Vendor	Manifest	can-redefine-classes	true	Low
Product	file	name	mavenEcjBootstrapAgent	High
Product	jar	package name	launch	Low
Product	Manifest	can-redefine-classes	true	Low

Identifiers

None

lombok-1.18.32.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE

File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.18.32\lombok-1.18.32.jar
MD5: 56e9be7b9a26802ac0c784ad824f3a29
SHA1: 17d46b3e205515e1e8efd3ee4d57ce8018914163
SHA256:97574674e2a25f567a313736ace00df8787d443de316407d57fc877d9f19a65d
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	lombok	High
Vendor	jar	package name	java	Highest
Vendor	jar	package name	lombok	Highest
Vendor	jar	package name	tostring	Highest
Vendor	Manifest	automatic-module-name	lombok	Medium
Vendor	Manifest	can-redefine-classes	true	Low
Vendor	pom	artifactid	lombok	Highest
Vendor	pom	artifactid	lombok	Low
Vendor	pom	developer email	reinier@projectlombok.org	Low
Vendor	pom	developer email	roel@projectlombok.org	Low
Vendor	pom	developer id	rspilker	Medium
Vendor	pom	developer id	rzwitserloot	Medium
Vendor	pom	developer name	Reinier Zwitserloot	Medium
Vendor	pom	developer name	Roel Spilker	Medium
Vendor	pom	groupid	org.projectlombok	Highest
Vendor	pom	name	Project Lombok	High
Vendor	pom	url	https://projectlombok.org	Highest
Product	file	name	lombok	High
Product	jar	package name	java	Highest
Product	jar	package name	lombok	Highest
Product	jar	package name	tostring	Highest
Product	Manifest	automatic-module-name	lombok	Medium
Product	Manifest	can-redefine-classes	true	Low
Product	pom	artifactid	lombok	Highest
Product	pom	developer email	reinier@projectlombok.org	Low
Product	pom	developer email	roel@projectlombok.org	Low
Product	pom	developer id	rspilker	Low
Product	pom	developer id	rzwitserloot	Low
Product	pom	developer name	Reinier Zwitserloot	Low
Product	pom	developer name	Roel Spilker	Low
Product	pom	groupid	org.projectlombok	Highest
Product	pom	name	Project Lombok	High
Product	pom	url	https://projectlombok.org	Medium
Version	file	version	1.18.32	High
Version	Manifest	lombok-version	1.18.32	Medium
Version	pom	version	1.18.32	Highest

Identifiers

pkg:maven/org.projectlombok/lombok@1.18.32 (Confidence:High)

maven-artifact-3.9.6.jar

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-artifact\3.9.6\maven-artifact-3.9.6.jar
MD5: 96a7982d9a46c5c19696b4558be1bbd2
SHA1: fb0979832c10c1a25d038a33ca862bef055fcdc8
SHA256:ad7a0fb408f8e47585ccc0d0011e0b501d93bfc9888d369bbd4a043d19475073
Referenced In Project/Scope: spotbugs-maven-plugin:provided
maven-artifact-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-artifact	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	artifact	Highest
Vendor	jar	package name	maven	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-artifact	Highest
Vendor	pom	artifactid	maven-artifact	Low
Vendor	pom	groupid	org.apache.maven	Highest
Vendor	pom	name	Maven Artifact	High
Vendor	pom	parent-artifactid	maven	Low
Product	file	name	maven-artifact	High
Product	jar	package name	apache	Highest
Product	jar	package name	artifact	Highest
Product	jar	package name	maven	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Maven Artifact	High
Product	Manifest	specification-title	Maven Artifact	Medium
Product	pom	artifactid	maven-artifact	Highest
Product	pom	groupid	org.apache.maven	Highest
Product	pom	name	Maven Artifact	High
Product	pom	parent-artifactid	maven	Medium
Version	file	version	3.9.6	High
Version	Manifest	Implementation-Version	3.9.6	High
Version	pom	version	3.9.6	Highest

Identifiers

pkg:maven/org.apache.maven/maven-artifact@3.9.6 (Confidence:High)

maven-artifact-transfer-0.13.1.jar

Description:

An API to install, deploy and resolving artifacts with Maven 3

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-artifact-transfer\0.13.1\maven-artifact-transfer-0.13.1.jar
MD5: 5a73136d65cfc2dd8af0fd365dbda4fb
SHA1: 9f6d2088ae64dd926b8ec445afdb7e148eb08060
SHA256:1ac88accde99ed71e65253bd130868c0e654f940f01ade073b895eb2f817cf06
Referenced In Project/Scope: spotbugs-maven-plugin:compile
maven-artifact-transfer-0.13.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-artifact-transfer	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	artifact	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	shared	Highest
Vendor	jar	package name	transfer	Highest
Vendor	Manifest	automatic-module-name	org.apache.maven.shared.artifact.transfer	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-artifact-transfer	Highest
Vendor	pom	artifactid	maven-artifact-transfer	Low
Vendor	pom	groupid	org.apache.maven.shared	Highest
Vendor	pom	name	Apache Maven Artifact Transfer	High
Vendor	pom	parent-artifactid	maven-shared-components	Low
Product	file	name	maven-artifact-transfer	High
Product	jar	package name	apache	Highest
Product	jar	package name	artifact	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	shared	Highest
Product	jar	package name	transfer	Highest
Product	Manifest	automatic-module-name	org.apache.maven.shared.artifact.transfer	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Apache Maven Artifact Transfer	High
Product	Manifest	specification-title	Apache Maven Artifact Transfer	Medium
Product	pom	artifactid	maven-artifact-transfer	Highest
Product	pom	groupid	org.apache.maven.shared	Highest
Product	pom	name	Apache Maven Artifact Transfer	High
Product	pom	parent-artifactid	maven-shared-components	Medium
Version	file	version	0.13.1	High
Version	Manifest	Implementation-Version	0.13.1	High
Version	pom	parent-version	0.13.1	Low
Version	pom	version	0.13.1	Highest

Identifiers

pkg:maven/org.apache.maven.shared/maven-artifact-transfer@0.13.1 (Confidence:High)

maven-builder-support-3.9.6.jar

Description:

Support for descriptor builders (model, setting, toolchains)

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-builder-support\3.9.6\maven-builder-support-3.9.6.jar
MD5: e004677a88ec086ba79a6a646b120f06
SHA1: bcfc9d8175eaba21111edf21e0355a8523461abc
SHA256:e1f4d2784459ce8a34b9dae1829a1999b569e483e21ee9faa7368691e729296e
Referenced In Project/Scope: spotbugs-maven-plugin:provided
maven-builder-support-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-builder-support	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	maven	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-builder-support	Highest
Vendor	pom	artifactid	maven-builder-support	Low
Vendor	pom	groupid	org.apache.maven	Highest
Vendor	pom	name	Maven Builder Support	High
Vendor	pom	parent-artifactid	maven	Low
Product	file	name	maven-builder-support	High
Product	jar	package name	apache	Highest
Product	jar	package name	maven	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Maven Builder Support	High
Product	Manifest	specification-title	Maven Builder Support	Medium
Product	pom	artifactid	maven-builder-support	Highest
Product	pom	groupid	org.apache.maven	Highest
Product	pom	name	Maven Builder Support	High
Product	pom	parent-artifactid	maven	Medium
Version	file	version	3.9.6	High
Version	Manifest	Implementation-Version	3.9.6	High
Version	pom	version	3.9.6	Highest

Identifiers

pkg:maven/org.apache.maven/maven-builder-support@3.9.6 (Confidence:High)

maven-common-artifact-filters-3.3.2.jar

Description:

A collection of ready-made filters to control inclusion/exclusion of artifacts during dependency resolution.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-common-artifact-filters\3.3.2\maven-common-artifact-filters-3.3.2.jar
MD5: 5b8bd8a1933dbfa8f9a00029255cf99b
SHA1: c1cb1bc78ae8c6a6e64da833d4a9afbda5e0834a
SHA256:2be8b810cf0937ff4bb7bef8ce78a8faad17ca2182751055ac7df54d5510b908
Referenced In Project/Scope: spotbugs-maven-plugin:compile
maven-common-artifact-filters-3.3.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-common-artifact-filters	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	artifact	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	shared	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-common-artifact-filters	Highest
Vendor	pom	artifactid	maven-common-artifact-filters	Low
Vendor	pom	groupid	org.apache.maven.shared	Highest
Vendor	pom	name	Apache Maven Common Artifact Filters	High
Vendor	pom	parent-artifactid	maven-shared-components	Low
Product	file	name	maven-common-artifact-filters	High
Product	jar	package name	apache	Highest
Product	jar	package name	artifact	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	shared	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Apache Maven Common Artifact Filters	High
Product	Manifest	specification-title	Apache Maven Common Artifact Filters	Medium
Product	pom	artifactid	maven-common-artifact-filters	Highest
Product	pom	groupid	org.apache.maven.shared	Highest
Product	pom	name	Apache Maven Common Artifact Filters	High
Product	pom	parent-artifactid	maven-shared-components	Medium
Version	file	version	3.3.2	High
Version	Manifest	Implementation-Version	3.3.2	High
Version	pom	parent-version	3.3.2	Low
Version	pom	version	3.3.2	Highest

Identifiers

pkg:maven/org.apache.maven.shared/maven-common-artifact-filters@3.3.2 (Confidence:High)

maven-core-3.9.6.jar

Description:

Maven Core classes.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-core\3.9.6\maven-core-3.9.6.jar
MD5: 0d872ce50d16e02ca72e348b9f7b3487
SHA1: 674ab3337566d493df8f95eddfda90e41002d214
SHA256:c1327590398759da1918dbf356eb6d63f8fce7192a805cb3c8e336fbb1155dc0
Referenced In Project/Scope: spotbugs-maven-plugin:provided
maven-core-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-core	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	maven	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-core	Highest
Vendor	pom	artifactid	maven-core	Low
Vendor	pom	groupid	org.apache.maven	Highest
Vendor	pom	name	Maven Core	High
Vendor	pom	parent-artifactid	maven	Low
Product	file	name	maven-core	High
Product	jar	package name	apache	Highest
Product	jar	package name	maven	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Maven Core	High
Product	Manifest	specification-title	Maven Core	Medium
Product	pom	artifactid	maven-core	Highest
Product	pom	groupid	org.apache.maven	Highest
Product	pom	name	Maven Core	High
Product	pom	parent-artifactid	maven	Medium
Version	file	version	3.9.6	High
Version	Manifest	Implementation-Version	3.9.6	High
Version	pom	version	3.9.6	Highest

Identifiers

pkg:maven/org.apache.maven/maven-core@3.9.6 (Confidence:High)
cpe:2.3:a:apache:maven:3.9.6:*:*:*:*:*:*:* (Confidence:Highest)

maven-model-3.9.6.jar

Description:

Model for Maven POM (Project Object Model)

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-model\3.9.6\maven-model-3.9.6.jar
MD5: ac8747986567850914e2c7f0e85599b3
SHA1: ac9a1c8a8cfa36f3a5489837e653ec0cd530d576
SHA256:4f8f07fdb6b8701fa89a23a2edf830808fd65892d90cce40c0e6df7c8f2fcb62
Referenced In Project/Scope: spotbugs-maven-plugin:provided
maven-model-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-model	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	model	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-model	Highest
Vendor	pom	artifactid	maven-model	Low
Vendor	pom	groupid	org.apache.maven	Highest
Vendor	pom	name	Maven Model	High
Vendor	pom	parent-artifactid	maven	Low
Product	file	name	maven-model	High
Product	jar	package name	apache	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	model	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Maven Model	High
Product	Manifest	specification-title	Maven Model	Medium
Product	pom	artifactid	maven-model	Highest
Product	pom	groupid	org.apache.maven	Highest
Product	pom	name	Maven Model	High
Product	pom	parent-artifactid	maven	Medium
Version	file	version	3.9.6	High
Version	Manifest	Implementation-Version	3.9.6	High
Version	pom	version	3.9.6	Highest

Identifiers

pkg:maven/org.apache.maven/maven-model@3.9.6 (Confidence:High)

maven-model-builder-3.9.6.jar

Description:

The effective model builder, with inheritance, profile activation, interpolation, ...

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-model-builder\3.9.6\maven-model-builder-3.9.6.jar
MD5: 8b1aa0b78ffdb501dd4a6cbc0cbeff68
SHA1: 983ce00d50a9f78ad1b805e21e4fd71807fa6ebf
SHA256:5f96dafbc411ee4b1e8426368d0d31d05ab5a4dace69808143142a0017598721
Referenced In Project/Scope: spotbugs-maven-plugin:provided
maven-model-builder-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-model-builder	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	inheritance	Highest
Vendor	jar	package name	interpolation	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	model	Highest
Vendor	jar	package name	profile	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-model-builder	Highest
Vendor	pom	artifactid	maven-model-builder	Low
Vendor	pom	groupid	org.apache.maven	Highest
Vendor	pom	name	Maven Model Builder	High
Vendor	pom	parent-artifactid	maven	Low
Product	file	name	maven-model-builder	High
Product	jar	package name	apache	Highest
Product	jar	package name	inheritance	Highest
Product	jar	package name	interpolation	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	model	Highest
Product	jar	package name	profile	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Maven Model Builder	High
Product	Manifest	specification-title	Maven Model Builder	Medium
Product	pom	artifactid	maven-model-builder	Highest
Product	pom	groupid	org.apache.maven	Highest
Product	pom	name	Maven Model Builder	High
Product	pom	parent-artifactid	maven	Medium
Version	file	version	3.9.6	High
Version	Manifest	Implementation-Version	3.9.6	High
Version	pom	version	3.9.6	Highest

Identifiers

pkg:maven/org.apache.maven/maven-model-builder@3.9.6 (Confidence:High)

maven-plugin-annotations-3.12.0.jar

Description:

Java annotations to use in Mojos

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugin-tools\maven-plugin-annotations\3.12.0\maven-plugin-annotations-3.12.0.jar
MD5: 5e5b825e2c793e62adcaad9d36633caf
SHA1: ec4d83a57e597d4d132df8715d0074d1bad82c13
SHA256:d3ddd26c5b0e6c0e9521d1dac4ca5a02d633f628f6f06b847a5dc425c6b34e7a
Referenced In Project/Scope: spotbugs-maven-plugin:provided
maven-plugin-annotations-3.12.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-plugin-annotations	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	maven	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-plugin-annotations	Highest
Vendor	pom	artifactid	maven-plugin-annotations	Low
Vendor	pom	groupid	org.apache.maven.plugin-tools	Highest
Vendor	pom	name	Maven Plugin Tools Java Annotations	High
Vendor	pom	parent-artifactid	maven-plugin-tools	Low
Product	file	name	maven-plugin-annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	apache	Highest
Product	jar	package name	maven	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	Implementation-Title	Maven Plugin Tools Java Annotations	High
Product	Manifest	specification-title	Maven Plugin Tools Java Annotations	Medium
Product	pom	artifactid	maven-plugin-annotations	Highest
Product	pom	groupid	org.apache.maven.plugin-tools	Highest
Product	pom	name	Maven Plugin Tools Java Annotations	High
Product	pom	parent-artifactid	maven-plugin-tools	Medium
Version	file	version	3.12.0	High
Version	Manifest	Implementation-Version	3.12.0	High
Version	pom	version	3.12.0	Highest

Identifiers

pkg:maven/org.apache.maven.plugin-tools/maven-plugin-annotations@3.12.0 (Confidence:High)

maven-plugin-api-3.9.6.jar

Description:

The API for plugins - Mojos - development.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-plugin-api\3.9.6\maven-plugin-api-3.9.6.jar
MD5: d554ff9d1f948ef4ad67dd590e0eb299
SHA1: 64c127e31d9329928c72c403408a01f1871b6733
SHA256:3fd664f7e511463561bc343822347618b8ca0952db85da785809166f0a762411
Referenced In Project/Scope: spotbugs-maven-plugin:provided
maven-plugin-api-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-plugin-api	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	plugin	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-plugin-api	Highest
Vendor	pom	artifactid	maven-plugin-api	Low
Vendor	pom	groupid	org.apache.maven	Highest
Vendor	pom	name	Maven Plugin API	High
Vendor	pom	parent-artifactid	maven	Low
Product	file	name	maven-plugin-api	High
Product	jar	package name	apache	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	plugin	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Maven Plugin API	High
Product	Manifest	specification-title	Maven Plugin API	Medium
Product	pom	artifactid	maven-plugin-api	Highest
Product	pom	groupid	org.apache.maven	Highest
Product	pom	name	Maven Plugin API	High
Product	pom	parent-artifactid	maven	Medium
Version	file	version	3.9.6	High
Version	Manifest	Implementation-Version	3.9.6	High
Version	pom	version	3.9.6	Highest

Identifiers

pkg:maven/org.apache.maven/maven-plugin-api@3.9.6 (Confidence:High)

maven-reporting-api-3.1.1.jar

Description:

API to manage report generation.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\reporting\maven-reporting-api\3.1.1\maven-reporting-api-3.1.1.jar
MD5: 1e1e0b2f189c861995e33a2a746501bb
SHA1: 74ca00a13e46d065071cdf6376d7d231e0208916
SHA256:25be6603c97d28fa3dcd122073054271c8fcaf667d220dce7a26a61a6f3cffd1
Referenced In Project/Scope: spotbugs-maven-plugin:compile
maven-reporting-api-3.1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-reporting-api	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	reporting	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-reporting-api	Highest
Vendor	pom	artifactid	maven-reporting-api	Low
Vendor	pom	developer email	vincent.siveton@gmail.com	Low
Vendor	pom	developer id	vsiveton	Medium
Vendor	pom	developer name	Vincent Siveton	Medium
Vendor	pom	groupid	org.apache.maven.reporting	Highest
Vendor	pom	name	Apache Maven Reporting API	High
Vendor	pom	parent-artifactid	maven-shared-components	Low
Vendor	pom	parent-groupid	org.apache.maven.shared	Medium
Product	file	name	maven-reporting-api	High
Product	jar	package name	apache	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	reporting	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Apache Maven Reporting API	High
Product	Manifest	specification-title	Apache Maven Reporting API	Medium
Product	pom	artifactid	maven-reporting-api	Highest
Product	pom	developer email	vincent.siveton@gmail.com	Low
Product	pom	developer id	vsiveton	Low
Product	pom	developer name	Vincent Siveton	Low
Product	pom	groupid	org.apache.maven.reporting	Highest
Product	pom	name	Apache Maven Reporting API	High
Product	pom	parent-artifactid	maven-shared-components	Medium
Product	pom	parent-groupid	org.apache.maven.shared	Medium
Version	file	version	3.1.1	High
Version	Manifest	Implementation-Version	3.1.1	High
Version	pom	parent-version	3.1.1	Low
Version	pom	version	3.1.1	Highest

Identifiers

pkg:maven/org.apache.maven.reporting/maven-reporting-api@3.1.1 (Confidence:High)

maven-reporting-impl-3.2.0.jar

Description:

Abstract classes to manage report generation.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\reporting\maven-reporting-impl\3.2.0\maven-reporting-impl-3.2.0.jar
MD5: 468bb08c4330fd7647405b33edf769be
SHA1: 97ffee6a6c3f81e341f42f641651a37f077759c6
SHA256:28f42c2f49f11dcba6d14ab3e365375442a9ed78ca2ec588e3e1f43455a4a14d
Referenced In Project/Scope: spotbugs-maven-plugin:compile
maven-reporting-impl-3.2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-reporting-impl	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	reporting	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-reporting-impl	Highest
Vendor	pom	artifactid	maven-reporting-impl	Low
Vendor	pom	developer email	vincent.siveton@gmail.com	Low
Vendor	pom	developer id	vsiveton	Medium
Vendor	pom	developer name	Vincent Siveton	Medium
Vendor	pom	groupid	org.apache.maven.reporting	Highest
Vendor	pom	name	Apache Maven Reporting Implementation	High
Vendor	pom	parent-artifactid	maven-shared-components	Low
Vendor	pom	parent-groupid	org.apache.maven.shared	Medium
Product	file	name	maven-reporting-impl	High
Product	jar	package name	apache	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	reporting	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Apache Maven Reporting Implementation	High
Product	Manifest	specification-title	Apache Maven Reporting Implementation	Medium
Product	pom	artifactid	maven-reporting-impl	Highest
Product	pom	developer email	vincent.siveton@gmail.com	Low
Product	pom	developer id	vsiveton	Low
Product	pom	developer name	Vincent Siveton	Low
Product	pom	groupid	org.apache.maven.reporting	Highest
Product	pom	name	Apache Maven Reporting Implementation	High
Product	pom	parent-artifactid	maven-shared-components	Medium
Product	pom	parent-groupid	org.apache.maven.shared	Medium
Version	file	version	3.2.0	High
Version	Manifest	Implementation-Version	3.2.0	High
Version	pom	parent-version	3.2.0	Low
Version	pom	version	3.2.0	Highest

Identifiers

pkg:maven/org.apache.maven.reporting/maven-reporting-impl@3.2.0 (Confidence:High)

maven-repository-metadata-3.9.6.jar

Description:

Per-directory local and remote repository metadata.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-repository-metadata\3.9.6\maven-repository-metadata-3.9.6.jar
MD5: 58a684bcc774fb44e4f73fa7466dc44d
SHA1: 497cda3149f3c661113f9a663e0270ce2566cc95
SHA256:e047a67b204c434994253e2ab5bdff5fe8cb7ada9316ac3e754c39f900ea847b
Referenced In Project/Scope: spotbugs-maven-plugin:provided
maven-repository-metadata-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-repository-metadata	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	repository	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-repository-metadata	Highest
Vendor	pom	artifactid	maven-repository-metadata	Low
Vendor	pom	groupid	org.apache.maven	Highest
Vendor	pom	name	Maven Repository Metadata Model	High
Vendor	pom	parent-artifactid	maven	Low
Product	file	name	maven-repository-metadata	High
Product	jar	package name	apache	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	repository	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Maven Repository Metadata Model	High
Product	Manifest	specification-title	Maven Repository Metadata Model	Medium
Product	pom	artifactid	maven-repository-metadata	Highest
Product	pom	groupid	org.apache.maven	Highest
Product	pom	name	Maven Repository Metadata Model	High
Product	pom	parent-artifactid	maven	Medium
Version	file	version	3.9.6	High
Version	Manifest	Implementation-Version	3.9.6	High
Version	pom	version	3.9.6	Highest

Identifiers

pkg:maven/org.apache.maven/maven-repository-metadata@3.9.6 (Confidence:High)

maven-resolver-api-1.9.18.jar

Description:

The application programming interface for the repository system.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\resolver\maven-resolver-api\1.9.18\maven-resolver-api-1.9.18.jar
MD5: 43a87208b9585a61f268843f6a0931ec
SHA1: 0cd5174d6e80175398debe4869d484169c0abbf8
SHA256:ebfb9e1dfeea3c2017905184581e007874b4eaac9d28bfffcfe5133d70ac6339
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-resolver-api	High
Vendor	jar	package name	artifact	Highest
Vendor	jar	package name	repository	Highest
Vendor	Manifest	automatic-module-name	org.apache.maven.resolver	Medium
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-developers	khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7	Low
Vendor	Manifest	bundle-docurl	https://maven.apache.org/resolver/maven-resolver-api/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.maven.resolver.api	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-resolver-api	Highest
Vendor	pom	artifactid	maven-resolver-api	Low
Vendor	pom	groupid	org.apache.maven.resolver	Highest
Vendor	pom	name	Maven Artifact Resolver API	High
Vendor	pom	parent-artifactid	maven-resolver	Low
Product	file	name	maven-resolver-api	High
Product	jar	package name	artifact	Highest
Product	jar	package name	repository	Highest
Product	Manifest	automatic-module-name	org.apache.maven.resolver	Medium
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-developers	khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7	Low
Product	Manifest	bundle-docurl	https://maven.apache.org/resolver/maven-resolver-api/	Low
Product	Manifest	Bundle-Name	Maven Artifact Resolver API	Medium
Product	Manifest	bundle-symbolicname	org.apache.maven.resolver.api	Medium
Product	Manifest	Implementation-Title	Maven Artifact Resolver API	High
Product	Manifest	specification-title	Maven Artifact Resolver API	Medium
Product	pom	artifactid	maven-resolver-api	Highest
Product	pom	groupid	org.apache.maven.resolver	Highest
Product	pom	name	Maven Artifact Resolver API	High
Product	pom	parent-artifactid	maven-resolver	Medium
Version	file	version	1.9.18	High
Version	Manifest	Bundle-Version	1.9.18	High
Version	Manifest	Implementation-Version	1.9.18	High
Version	pom	version	1.9.18	Highest

Identifiers

pkg:maven/org.apache.maven.resolver/maven-resolver-api@1.9.18 (Confidence:High)

maven-resolver-impl-1.9.18.jar

Description:

An implementation of the repository system.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\resolver\maven-resolver-impl\1.9.18\maven-resolver-impl-1.9.18.jar
MD5: 0204f7788eb26200ff419d4abe21072b
SHA1: e928b128d1e52e6299f94431ce3df74647bc8c26
SHA256:6bb9c90d007098004749c867da2eaf5785fc1139907718749c1097bdb2929bf8
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-resolver-impl	High
Vendor	jar	package name	impl	Highest
Vendor	Manifest	automatic-module-name	org.apache.maven.resolver.impl	Medium
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-developers	khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7	Low
Vendor	Manifest	bundle-docurl	https://maven.apache.org/resolver/maven-resolver-impl/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.maven.resolver.impl	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-resolver-impl	Highest
Vendor	pom	artifactid	maven-resolver-impl	Low
Vendor	pom	groupid	org.apache.maven.resolver	Highest
Vendor	pom	name	Maven Artifact Resolver Implementation	High
Vendor	pom	parent-artifactid	maven-resolver	Low
Product	file	name	maven-resolver-impl	High
Product	jar	package name	impl	Highest
Product	Manifest	automatic-module-name	org.apache.maven.resolver.impl	Medium
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-developers	khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7	Low
Product	Manifest	bundle-docurl	https://maven.apache.org/resolver/maven-resolver-impl/	Low
Product	Manifest	Bundle-Name	Maven Artifact Resolver Implementation	Medium
Product	Manifest	bundle-symbolicname	org.apache.maven.resolver.impl	Medium
Product	Manifest	Implementation-Title	Maven Artifact Resolver Implementation	High
Product	Manifest	specification-title	Maven Artifact Resolver Implementation	Medium
Product	pom	artifactid	maven-resolver-impl	Highest
Product	pom	groupid	org.apache.maven.resolver	Highest
Product	pom	name	Maven Artifact Resolver Implementation	High
Product	pom	parent-artifactid	maven-resolver	Medium
Version	file	version	1.9.18	High
Version	Manifest	Bundle-Version	1.9.18	High
Version	Manifest	Implementation-Version	1.9.18	High
Version	pom	version	1.9.18	Highest

Identifiers

pkg:maven/org.apache.maven.resolver/maven-resolver-impl@1.9.18 (Confidence:High)

maven-resolver-named-locks-1.9.18.jar

Description:

A synchronization utility implementation using Named locks.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\resolver\maven-resolver-named-locks\1.9.18\maven-resolver-named-locks-1.9.18.jar
MD5: e6da3cfadecd128a47814dfc661163dc
SHA1: 31f948d89dcb3d9739e70d5e1000ebd68eb4405d
SHA256:098de7bbc5b0b26c3eff74ac30ffba6680fdab9bf4aebab95c3f5e2fe9eaeea8
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-resolver-named-locks	High
Vendor	jar	package name	named	Highest
Vendor	Manifest	automatic-module-name	org.apache.maven.resolver.named	Medium
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-developers	khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7	Low
Vendor	Manifest	bundle-docurl	https://maven.apache.org/resolver/maven-resolver-named-locks/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.maven.resolver.named	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-resolver-named-locks	Highest
Vendor	pom	artifactid	maven-resolver-named-locks	Low
Vendor	pom	groupid	org.apache.maven.resolver	Highest
Vendor	pom	name	Maven Artifact Resolver Named Locks	High
Vendor	pom	parent-artifactid	maven-resolver	Low
Product	file	name	maven-resolver-named-locks	High
Product	jar	package name	named	Highest
Product	jar	package name	support	Highest
Product	Manifest	automatic-module-name	org.apache.maven.resolver.named	Medium
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-developers	khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7	Low
Product	Manifest	bundle-docurl	https://maven.apache.org/resolver/maven-resolver-named-locks/	Low
Product	Manifest	Bundle-Name	Maven Artifact Resolver Named Locks	Medium
Product	Manifest	bundle-symbolicname	org.apache.maven.resolver.named	Medium
Product	Manifest	Implementation-Title	Maven Artifact Resolver Named Locks	High
Product	Manifest	specification-title	Maven Artifact Resolver Named Locks	Medium
Product	pom	artifactid	maven-resolver-named-locks	Highest
Product	pom	groupid	org.apache.maven.resolver	Highest
Product	pom	name	Maven Artifact Resolver Named Locks	High
Product	pom	parent-artifactid	maven-resolver	Medium
Version	file	version	1.9.18	High
Version	Manifest	Bundle-Version	1.9.18	High
Version	Manifest	Implementation-Version	1.9.18	High
Version	pom	version	1.9.18	Highest

Identifiers

pkg:maven/org.apache.maven.resolver/maven-resolver-named-locks@1.9.18 (Confidence:High)

maven-resolver-provider-3.9.6.jar

Description:

Extensions to Maven Resolver for utilizing Maven POM and repository metadata.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-resolver-provider\3.9.6\maven-resolver-provider-3.9.6.jar
MD5: 74c2e9695842a46c2c2c1cd5179266c4
SHA1: 848c45d334f6cc5c8dd602b0e58fd4482964eddc
SHA256:73b00b244b7b9e285654a45e765892bf5d369da77d42b5b4b5429122ed198a33
Referenced In Project/Scope: spotbugs-maven-plugin:provided
maven-resolver-provider-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-resolver-provider	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	repository	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-resolver-provider	Highest
Vendor	pom	artifactid	maven-resolver-provider	Low
Vendor	pom	groupid	org.apache.maven	Highest
Vendor	pom	name	Maven Artifact Resolver Provider	High
Vendor	pom	parent-artifactid	maven	Low
Product	file	name	maven-resolver-provider	High
Product	jar	package name	apache	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	repository	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Maven Artifact Resolver Provider	High
Product	Manifest	specification-title	Maven Artifact Resolver Provider	Medium
Product	pom	artifactid	maven-resolver-provider	Highest
Product	pom	groupid	org.apache.maven	Highest
Product	pom	name	Maven Artifact Resolver Provider	High
Product	pom	parent-artifactid	maven	Medium
Version	file	version	3.9.6	High
Version	Manifest	Implementation-Version	3.9.6	High
Version	pom	version	3.9.6	Highest

Identifiers

pkg:maven/org.apache.maven/maven-resolver-provider@3.9.6 (Confidence:High)

maven-resolver-spi-1.9.18.jar

Description:

The service provider interface for repository system implementations and repository connectors.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\resolver\maven-resolver-spi\1.9.18\maven-resolver-spi-1.9.18.jar
MD5: b99c631156da02290d0c95cf40c4917b
SHA1: 7fa176b3353ef6d78d02db39e025f3c27a983158
SHA256:d364fce9a17b0e0b073c26efa92af95b29c00c42943dced4a1168a7923fd3fe1
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-resolver-spi	High
Vendor	jar	package name	spi	Highest
Vendor	Manifest	automatic-module-name	org.apache.maven.resolver.spi	Medium
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-developers	khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7	Low
Vendor	Manifest	bundle-docurl	https://maven.apache.org/resolver/maven-resolver-spi/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.maven.resolver.spi	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-resolver-spi	Highest
Vendor	pom	artifactid	maven-resolver-spi	Low
Vendor	pom	groupid	org.apache.maven.resolver	Highest
Vendor	pom	name	Maven Artifact Resolver SPI	High
Vendor	pom	parent-artifactid	maven-resolver	Low
Product	file	name	maven-resolver-spi	High
Product	jar	package name	spi	Highest
Product	Manifest	automatic-module-name	org.apache.maven.resolver.spi	Medium
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-developers	khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7	Low
Product	Manifest	bundle-docurl	https://maven.apache.org/resolver/maven-resolver-spi/	Low
Product	Manifest	Bundle-Name	Maven Artifact Resolver SPI	Medium
Product	Manifest	bundle-symbolicname	org.apache.maven.resolver.spi	Medium
Product	Manifest	Implementation-Title	Maven Artifact Resolver SPI	High
Product	Manifest	specification-title	Maven Artifact Resolver SPI	Medium
Product	pom	artifactid	maven-resolver-spi	Highest
Product	pom	groupid	org.apache.maven.resolver	Highest
Product	pom	name	Maven Artifact Resolver SPI	High
Product	pom	parent-artifactid	maven-resolver	Medium
Version	file	version	1.9.18	High
Version	Manifest	Bundle-Version	1.9.18	High
Version	Manifest	Implementation-Version	1.9.18	High
Version	pom	version	1.9.18	Highest

Identifiers

pkg:maven/org.apache.maven.resolver/maven-resolver-spi@1.9.18 (Confidence:High)

maven-resolver-util-1.9.18.jar

Description:

A collection of utility classes to ease usage of the repository system.

License:

"Apache-2.0";link="https://www.apache.org/licenses/LICENSE-2.0.txt"

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\resolver\maven-resolver-util\1.9.18\maven-resolver-util-1.9.18.jar
MD5: 0e6aa5f372550f4239361df35a53b4a1
SHA1: 5ae9406f188ae4a999c353fce3fd77273797a216
SHA256:2eb0ea667bc489384478231dda7516407d4b5b22a138077229871de9362a7ae2
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-resolver-util	High
Vendor	jar	package name	artifact	Highest
Vendor	jar	package name	repository	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	automatic-module-name	org.apache.maven.resolver.util	Medium
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-developers	khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7	Low
Vendor	Manifest	bundle-docurl	https://maven.apache.org/resolver/maven-resolver-util/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.maven.resolver.util	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-resolver-util	Highest
Vendor	pom	artifactid	maven-resolver-util	Low
Vendor	pom	groupid	org.apache.maven.resolver	Highest
Vendor	pom	name	Maven Artifact Resolver Utilities	High
Vendor	pom	parent-artifactid	maven-resolver	Low
Product	file	name	maven-resolver-util	High
Product	jar	package name	artifact	Highest
Product	jar	package name	repository	Highest
Product	jar	package name	util	Highest
Product	Manifest	automatic-module-name	org.apache.maven.resolver.util	Medium
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-developers	khmarbaise;email="khmarbaise@apache.org";name="Karl Heinz Marbaise";roles="PMC Chair";timezone="+1",aheritier;email="aheritier@apache.org";name="Arnaud Héritier";roles="PMC Member";timezone="+1",andham;email="andham@apache.org";name="Anders Hammar";roles="PMC Member";timezone="+1",baerrach;email="baerrach@apache.org";name="Barrie Treloar";roles="PMC Member";timezone="Australia/Adelaide",bimargulies;email="bimargulies@apache.org";name="Benson Margulies";roles="PMC Member";timezone="America/New_York",bmarwell;email="bmarwell@apache.org";name="Benjamin Marwell";organization=ASF;roles="PMC Member";timezone="Europe/Berlin",brianf;email="brianf@apache.org";name="Brian Fox";organization=Sonatype;roles="PMC Member";timezone=-5,cstamas;email="cstamas@apache.org";name="Tamas Cservenak";roles="PMC Member";timezone="+1",dennisl;email="dennisl@apache.org";name="Dennis Lundberg";organization=ASF;roles="PMC Member";timezone="+1",dkulp;email="dkulp@apache.org";name="Daniel Kulp";organization=ASF;roles="PMC Member";timezone=-5,evenisse;email="evenisse@apache.org";name="Emmanuel Venisse";organization=ASF;roles="PMC Member";timezone="+1",gboue;email="gboue@apache.org";name="Guillaume Boué";roles="PMC Member";timezone="Europe/Paris",gnodet;email="gnodet@apache.org";name="Guillaume Nodet";organization="Red Hat";roles="PMC Member";timezone="Europe/Paris",henning;email="henning@apache.org";name="Henning Schmiedehausen";organization=ASF;roles="PMC Member";timezone="America/Los_Angeles",hboutemy;email="hboutemy@apache.org";name="Hervé Boutemy";organization=ASF;roles="PMC Member";timezone="Europe/Paris",ifedorenko;email="igor@ifedorenko.com";name="Igor Fedorenko";organization=Sonatype;roles="PMC Member";timezone=-5,jvanzyl;email="jason@maven.org";name="Jason van Zyl";roles="PMC Member";timezone=-5,krosenvold;email="krosenvold@apache.org";name="Kristian Rosenvold";roles="PMC Member";timezone="+1",kwin;email="kwin@apache.org";name="Konrad Windszus";organization="Cognizant Netcentric";roles="PMC Member";timezone="Europe/Berlin",mkleint;name="Milos Kleint";roles="PMC Member",mthmulders;email="mthmulders@apache.org";name="Maarten Mulders";organization="Info Support";roles="PMC Member";timezone="Europe/Amsterdam",olamy;email="olamy@apache.org";name="Olivier Lamy";roles="PMC Member";timezone="Australia/Brisbane",michaelo;email="michaelo@apache.org";name="Michael Osipov";roles="PMC Member";timezone="Europe/Berlin",rfscholte;email="rfscholte@apache.org";name="Robert Scholte";roles="PMC Member";timezone="Europe/Amsterdam",rgoers;email="rgoers@apache.org";name="Ralph Goers";organization=Intuit;roles="PMC Member";timezone=-8,sjaranowski;email="sjaranowski@apache.org";name="Slawomir Jaranowski";roles="PMC Member";timezone="Europe/Warsaw",stephenc;email="stephenc@apache.org";name="Stephen Connolly";roles="PMC Member";timezone=0,slachiewicz;email="slachiewicz@apache.org";name="Sylwester Lachiewicz";roles="PMC Member";timezone="Europe/Warsaw",struberg;email="struberg@apache.org";name="Mark Struberg";roles="PMC Member",tibordigana;email="tibordigana@apache.org";name="Tibor Digaňa";roles="PMC Member";timezone="Europe/Bratislava",vsiveton;email="vsiveton@apache.org";name="Vincent Siveton";organization=ASF;roles="PMC Member";timezone=-5,wfay;email="wfay@apache.org";name="Wayne Fay";organization=ASF;roles="PMC Member";timezone=-6,adangel;email="adangel@apache.org";name="Andreas Dangel";roles=Committer;timezone="Europe/Berlin",bdemers;email="bdemers@apache.org";name="Brian Demers";organization=Sonatype;roles=Committer;timezone=-5,bellingard;name="Fabrice Bellingard";roles=Committer,bentmann;email="bentmann@apache.org";name="Benjamin Bentmann";organization=Sonatype;roles=Committer;timezone="+1",chrisgwarp;email="chrisgwarp@apache.org";name="Chris Graham";roles=Committer;timezone="Australia/Melbourne",dantran;email="dantran@apache.org";name="Dan Tran";roles=Committer;timezone=-8,dbradicich;email="dbradicich@apache.org";name="Damian Bradicich";organization=Sonatype;roles=Committer;timezone=-5,brett;email="brett@apache.org";name="Brett Porter";organization=ASF;roles=Committer;timezone="+10",dfabulich;email="dfabulich@apache.org";name="Daniel Fabulich";roles=Committer;timezone=-8,eolivelli;email="eolivelli@apache.org";name="Enrico Olivelli";organization=Diennea;roles=Committer;timezone="Europe/Rome",fgiust;email="fgiust@apache.org";name="Fabrizio Giustina";organization=openmind;roles=Committer;timezone="+1",godin;email="godin@apache.org";name="Evgeny Mandrikov";organization=SonarSource;roles=Committer;timezone="+3",handyande;email="handyande@apache.org";name="Andrew Williams";roles=Committer;timezone=0,imod;email="imod@apache.org";name="Dominik Bartholdi";roles=Committer;timezone="Europe/Zurich",jjensen;name="Jeff Jensen";roles=Committer,ltheussl;email="ltheussl@apache.org";name="Lukas Theussl";roles=Committer;timezone="+1",markh;email="markh@apache.org";name="Mark Hobson";roles=Committer;timezone=0,martinkanters;email="martinkanters@apache.org";name="Martin Kanters";organization=JPoint;roles=Committer;timezone="Europe/Amsterdam",mauro;name="Mauro Talevi";roles=Committer,mfriedenhagen;email="mfriedenhagen@apache.org";name="Mirko Friedenhagen";roles=Committer;timezone="+1",mmoser;email="mmoser@apache.org";name="Manfred Moser";roles=Committer;timezone=-8,nicolas;name="Nicolas de Loof";roles=Committer,oching;name="Maria Odea B. Ching";roles=Committer,pgier;email="pgier@apache.org";name="Paul Gier";organization="Red Hat";roles=Committer;timezone=-6,ptahchiev;email="ptahchiev@apache.org";name="Petar Tahchiev";roles=Committer;timezone="+2",rafale;email="rafale@apache.org";name="Raphaël Piéroni";organization=Dexem;roles=Committer;timezone="+1",schulte;email="schulte@apache.org";name="Christian Schulte";roles=Committer;timezone="Europe/Berlin",snicoll;email="snicoll@apache.org";name="Stephane Nicoll";roles=Committer;timezone="+1",simonetripodi;email="simonetripodi@apache.org";name="Simone Tripodi";roles=Committer;timezone="+1",sor;email="sor@apache.org";name="Christian Stein";roles=Committer;timezone="Europe/Berlin",tchemit;email="tchemit@apache.org";name="Tony Chemit";organization=CodeLutin;roles=Committer;timezone="Europe/Paris",vmassol;email="vmassol@apache.org";name="Vincent Massol";organization=ASF;roles=Committer;timezone="+1",elharo;email="elharo@apache.org";name="Elliotte Rusty Harold";roles=Committer;timezone="America/New_York",agudian;email="agudian@apache.org";name="Andreas Gudian";roles=Emeritus;timezone="Europe/Berlin",aramirez;name="Allan Q. Ramirez";roles=Emeritus,bayard;name="Henri Yandell";roles=Emeritus,carlos;email="carlos@apache.org";name="Carlos Sanchez";organization=ASF;roles=Emeritus;timezone="+1",chrisjs;name="Chris Stevenson";roles=Emeritus,dblevins;name="David Blevins";roles=Emeritus,dlr;name="Daniel Rall";roles=Emeritus,epunzalan;email="epunzalan@apache.org";name="Edwin Punzalan";roles=Emeritus;timezone=-8,felipeal;name="Felipe Leme";roles=Emeritus,jdcasey;email="jdcasey@apache.org";name="John Casey";organization=ASF;roles=Emeritus;timezone=-6,jmcconnell;email="jmcconnell@apache.org";name="Jesse McConnell";organization=ASF;roles=Emeritus;timezone=-6,joakime;email="joakime@apache.org";name="Joakim Erdfelt";organization=ASF;roles=Emeritus;timezone=-5,jruiz;email="jruiz@apache.org";name="Johnny Ruiz III";roles=Emeritus,jstrachan;name="James Strachan";roles=Emeritus,jtolentino;email="jtolentino@apache.org";name="Ernesto Tolentino Jr.";organization=ASF;roles=Emeritus;timezone="+8",kenney;email="kenney@apache.org";name="Kenney Westerhof";organization=Neonics;roles=Emeritus;timezone="+1",mperham;email="mperham@gmail.com";name="Mike Perham";organization=IBM;roles=Emeritus;timezone=-6,ogusakov;name="Oleg Gusakov";roles=Emeritus,pschneider;email="pschneider@gmail.com";name="Patrick Schneider";roles=Emeritus;timezone=-6,rinku;name="Rahul Thakur";roles=Emeritus,shinobu;name="Shinobu Kuwai";roles=Emeritus,smorgrav;name="Torbjorn Eikli Smorgrav";roles=Emeritus,trygvis;email="trygvis@apache.org";name="Trygve Laugstol";organization=ASF;roles=Emeritus;timezone="+1",wsmoak;email="wsmoak@apache.org";name="Wendy Smoak";roles=Emeritus;timezone=-7	Low
Product	Manifest	bundle-docurl	https://maven.apache.org/resolver/maven-resolver-util/	Low
Product	Manifest	Bundle-Name	Maven Artifact Resolver Utilities	Medium
Product	Manifest	bundle-symbolicname	org.apache.maven.resolver.util	Medium
Product	Manifest	Implementation-Title	Maven Artifact Resolver Utilities	High
Product	Manifest	specification-title	Maven Artifact Resolver Utilities	Medium
Product	pom	artifactid	maven-resolver-util	Highest
Product	pom	groupid	org.apache.maven.resolver	Highest
Product	pom	name	Maven Artifact Resolver Utilities	High
Product	pom	parent-artifactid	maven-resolver	Medium
Version	file	version	1.9.18	High
Version	Manifest	Bundle-Version	1.9.18	High
Version	Manifest	Implementation-Version	1.9.18	High
Version	pom	version	1.9.18	Highest

Identifiers

pkg:maven/org.apache.maven.resolver/maven-resolver-util@1.9.18 (Confidence:High)

maven-settings-3.9.6.jar

Description:

Maven Settings model.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-settings\3.9.6\maven-settings-3.9.6.jar
MD5: 144dfb04d530da655c5f96d80adb4ef4
SHA1: 7687311690b68c935753c55dd3f016d8c4a7820f
SHA256:0d200fd3b354d653d2a02cdba6a39b6dc2744a8539ff36ea423fe62cac736799
Referenced In Project/Scope: spotbugs-maven-plugin:provided
maven-settings-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-settings	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	settings	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-settings	Highest
Vendor	pom	artifactid	maven-settings	Low
Vendor	pom	groupid	org.apache.maven	Highest
Vendor	pom	name	Maven Settings	High
Vendor	pom	parent-artifactid	maven	Low
Product	file	name	maven-settings	High
Product	jar	package name	apache	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	settings	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Maven Settings	High
Product	Manifest	specification-title	Maven Settings	Medium
Product	pom	artifactid	maven-settings	Highest
Product	pom	groupid	org.apache.maven	Highest
Product	pom	name	Maven Settings	High
Product	pom	parent-artifactid	maven	Medium
Version	file	version	3.9.6	High
Version	Manifest	Implementation-Version	3.9.6	High
Version	pom	version	3.9.6	Highest

Identifiers

pkg:maven/org.apache.maven/maven-settings@3.9.6 (Confidence:High)

maven-settings-builder-3.9.6.jar

Description:

The effective settings builder, with inheritance and password decryption.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-settings-builder\3.9.6\maven-settings-builder-3.9.6.jar
MD5: 5480ba40c9ae1cac6931abf16f7e8b81
SHA1: 2b75954b6f0c7eef38f388d97b91ce1ae3229f21
SHA256:e97cc245e4ef833c589fce0b5a8a4d77e3a0e01e619c57b5342c5e16d37a791d
Referenced In Project/Scope: spotbugs-maven-plugin:provided
maven-settings-builder-3.9.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-settings-builder	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	settings	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-settings-builder	Highest
Vendor	pom	artifactid	maven-settings-builder	Low
Vendor	pom	groupid	org.apache.maven	Highest
Vendor	pom	name	Maven Settings Builder	High
Vendor	pom	parent-artifactid	maven	Low
Product	file	name	maven-settings-builder	High
Product	jar	package name	apache	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	settings	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Maven Settings Builder	High
Product	Manifest	specification-title	Maven Settings Builder	Medium
Product	pom	artifactid	maven-settings-builder	Highest
Product	pom	groupid	org.apache.maven	Highest
Product	pom	name	Maven Settings Builder	High
Product	pom	parent-artifactid	maven	Medium
Version	file	version	3.9.6	High
Version	Manifest	Implementation-Version	3.9.6	High
Version	pom	version	3.9.6	Highest

Identifiers

pkg:maven/org.apache.maven/maven-settings-builder@3.9.6 (Confidence:High)

maven-shared-utils-3.4.2.jar

Description:

Shared utilities for use by Maven core and plugins

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\shared\maven-shared-utils\3.4.2\maven-shared-utils-3.4.2.jar
MD5: 53a038f77a81cb5816ad2b1c7daa8711
SHA1: bfa28296272a5915b08de9f11f34a94b0a818fd0
SHA256:b613357e1bad4dfc1dead801691c9460f9585fe7c6b466bc25186212d7d18487
Referenced In Project/Scope: spotbugs-maven-plugin:compile
maven-shared-utils-3.4.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-shared-utils	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	shared	Highest
Vendor	jar	package name	utils	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-shared-utils	Highest
Vendor	pom	artifactid	maven-shared-utils	Low
Vendor	pom	groupid	org.apache.maven.shared	Highest
Vendor	pom	name	Apache Maven Shared Utils	High
Vendor	pom	parent-artifactid	maven-shared-components	Low
Product	file	name	maven-shared-utils	High
Product	jar	package name	apache	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	shared	Highest
Product	jar	package name	utils	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	Implementation-Title	Apache Maven Shared Utils	High
Product	Manifest	specification-title	Apache Maven Shared Utils	Medium
Product	pom	artifactid	maven-shared-utils	Highest
Product	pom	groupid	org.apache.maven.shared	Highest
Product	pom	name	Apache Maven Shared Utils	High
Product	pom	parent-artifactid	maven-shared-components	Medium
Version	file	version	3.4.2	High
Version	Manifest	Implementation-Version	3.4.2	High
Version	pom	parent-version	3.4.2	Low
Version	pom	version	3.4.2	Highest

Identifiers

pkg:maven/org.apache.maven.shared/maven-shared-utils@3.4.2 (Confidence:High)
cpe:2.3:a:apache:maven_shared_utils:3.4.2:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:utils_project:utils:3.4.2:*:*:*:*:*:*:* (Confidence:Highest)

modernizer-maven-annotations-2.7.0.jar

File Path: C:\Users\Jeremy\.m2\repository\org\gaul\modernizer-maven-annotations\2.7.0\modernizer-maven-annotations-2.7.0.jar
MD5: 0af0d3c9187c7dc13fcbcb7257c0fd5b
SHA1: 25fb27f1a54d193b52b5baa7dee26ef0ba6c03fe
SHA256:9e8340d07c2226e28a8f5d115418b2e2ab02139f2f3966dcd9163fa5902e267f
Referenced In Project/Scope: spotbugs-maven-plugin:provided
modernizer-maven-annotations-2.7.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	modernizer-maven-annotations	High
Vendor	jar	package name	gaul	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	modernizer-maven-annotations	Highest
Vendor	pom	artifactid	modernizer-maven-annotations	Low
Vendor	pom	groupid	org.gaul	Highest
Vendor	pom	name	Modernizer Maven Plugin annotations	High
Vendor	pom	parent-artifactid	modernizer-maven-parent	Low
Product	file	name	modernizer-maven-annotations	High
Product	jar	package name	gaul	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	modernizer-maven-annotations	Highest
Product	pom	groupid	org.gaul	Highest
Product	pom	name	Modernizer Maven Plugin annotations	High
Product	pom	parent-artifactid	modernizer-maven-parent	Medium
Version	file	version	2.7.0	High
Version	pom	version	2.7.0	Highest

Identifiers

pkg:maven/org.gaul/modernizer-maven-annotations@2.7.0 (Confidence:High)

org.eclipse.sisu.inject-0.9.0.M2.jar

Description:

JSR330-based container; supports classpath scanning, auto-binding, and dynamic auto-wiring

License:

"Eclipse Public License, Version 1.0";link="http://www.eclipse.org/legal/epl-v10.html"

File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\sisu\org.eclipse.sisu.inject\0.9.0.M2\org.eclipse.sisu.inject-0.9.0.M2.jar
MD5: eb805c5b2e22c8002877f0caadc6a87c
SHA1: 5ace70e1ea696d156f5034a42a615df13a52003a
SHA256:9b62bcfc352a2ec87da8b01e37c952a54d358bbb1af3f212648aeafe7ab2dbb5
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	org.eclipse.sisu.inject	High
Vendor	jar	package name	eclipse	Highest
Vendor	jar	package name	inject	Highest
Vendor	jar	package name	sisu	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-copyright	Copyright (c) 2010-present Sonatype, Inc. and others	Low
Vendor	Manifest	bundle-developers	mcculls;name="Stuart McCulloch",cstamas;name="Tamas Cservenak",kwin;name="Konrad Windszus"	Low
Vendor	Manifest	bundle-docurl	http://www.eclipse.org/sisu/	Low
Vendor	Manifest	bundle-symbolicname	org.eclipse.sisu.inject;singleton:=true	Medium
Vendor	pom	artifactid	eclipse.sisu.inject	Low
Vendor	pom	artifactid	org.eclipse.sisu.inject	Highest
Vendor	pom	groupid	org.eclipse.sisu	Highest
Vendor	pom	parent-artifactid	sisu-inject	Low
Product	file	name	org.eclipse.sisu.inject	High
Product	jar	package name	dynamic	Highest
Product	jar	package name	eclipse	Highest
Product	jar	package name	inject	Highest
Product	jar	package name	sisu	Highest
Product	jar	package name	sonatype	Highest
Product	jar	package name	wiring	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-copyright	Copyright (c) 2010-present Sonatype, Inc. and others	Low
Product	Manifest	bundle-developers	mcculls;name="Stuart McCulloch",cstamas;name="Tamas Cservenak",kwin;name="Konrad Windszus"	Low
Product	Manifest	bundle-docurl	http://www.eclipse.org/sisu/	Low
Product	Manifest	Bundle-Name	Sisu-Inject (Incubation)	Medium
Product	Manifest	bundle-symbolicname	org.eclipse.sisu.inject;singleton:=true	Medium
Product	pom	artifactid	eclipse.sisu.inject	Highest
Product	pom	artifactid	org.eclipse.sisu.inject	Highest
Product	pom	groupid	org.eclipse.sisu	Highest
Product	pom	parent-artifactid	sisu-inject	Medium
Version	Manifest	Bundle-Version	0.9.0.M2	High
Version	pom	version	0.9.0.M2	Highest

Identifiers

pkg:maven/org.eclipse.sisu/org.eclipse.sisu.inject@0.9.0.M2 (Confidence:High)

org.eclipse.sisu.plexus-0.9.0.M2.jar

Description:

Plexus-JSR330 adapter; adds Plexus support to the Sisu-Inject container

License:

"Eclipse Public License, Version 1.0";link="http://www.eclipse.org/legal/epl-v10.html"

File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\sisu\org.eclipse.sisu.plexus\0.9.0.M2\org.eclipse.sisu.plexus-0.9.0.M2.jar
MD5: 98e320df2caac742b2ae33d938c69df8
SHA1: 31456dd2293197bb282c03168f6767acca3dec96
SHA256:9500d303ce467e26d129dda8559c3f3a91277d41ab49d2c4b4a5779536a62fc1
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/org.apache.maven/maven-plugin-api@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	org.eclipse.sisu.plexus	High
Vendor	jar	package name	eclipse	Highest
Vendor	jar	package name	plexus	Highest
Vendor	jar	package name	sisu	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-copyright	Copyright (c) 2010-present Sonatype, Inc. and others	Low
Vendor	Manifest	bundle-developers	mcculls;name="Stuart McCulloch",cstamas;name="Tamas Cservenak",kwin;name="Konrad Windszus"	Low
Vendor	Manifest	bundle-docurl	http://www.eclipse.org/sisu/	Low
Vendor	Manifest	bundle-symbolicname	org.eclipse.sisu.plexus;singleton:=true	Medium
Vendor	pom	artifactid	eclipse.sisu.plexus	Low
Vendor	pom	artifactid	org.eclipse.sisu.plexus	Highest
Vendor	pom	groupid	org.eclipse.sisu	Highest
Vendor	pom	parent-artifactid	sisu-plexus	Low
Product	file	name	org.eclipse.sisu.plexus	High
Product	jar	package name	eclipse	Highest
Product	jar	package name	plexus	Highest
Product	jar	package name	sisu	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-copyright	Copyright (c) 2010-present Sonatype, Inc. and others	Low
Product	Manifest	bundle-developers	mcculls;name="Stuart McCulloch",cstamas;name="Tamas Cservenak",kwin;name="Konrad Windszus"	Low
Product	Manifest	bundle-docurl	http://www.eclipse.org/sisu/	Low
Product	Manifest	Bundle-Name	Sisu-Plexus (Incubation)	Medium
Product	Manifest	bundle-symbolicname	org.eclipse.sisu.plexus;singleton:=true	Medium
Product	pom	artifactid	eclipse.sisu.plexus	Highest
Product	pom	artifactid	org.eclipse.sisu.plexus	Highest
Product	pom	groupid	org.eclipse.sisu	Highest
Product	pom	parent-artifactid	sisu-plexus	Medium
Version	Manifest	Bundle-Version	0.9.0.M2	High
Version	pom	version	0.9.0.M2	Highest

Identifiers

pkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.9.0.M2 (Confidence:High)

oro-2.0.8.jar

File Path: C:\Users\Jeremy\.m2\repository\oro\oro\2.0.8\oro-2.0.8.jar
MD5: 42e940d5d2d822f4dc04c65053e630ab
SHA1: 5592374f834645c4ae250f4c9fbb314c9369d698
SHA256:e00ccdad5df7eb43fdee44232ef64602bf63807c2d133a7be83ba09fd49af26e
Referenced In Project/Scope: spotbugs-maven-plugin:compile
oro-2.0.8.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	oro	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	oro	Highest
Vendor	manifest: org/apache/oro	Implementation-Vendor	Apache Software Foundation	Medium
Vendor	pom	artifactid	oro	Highest
Vendor	pom	artifactid	oro	Low
Vendor	pom	groupid	oro	Highest
Product	file	name	oro	High
Product	jar	package name	apache	Highest
Product	jar	package name	oro	Highest
Product	manifest: org/apache/oro	Implementation-Title	org.apache.oro	Medium
Product	manifest: org/apache/oro	Specification-Title	Jakarta ORO	Medium
Product	pom	artifactid	oro	Highest
Product	pom	groupid	oro	Highest
Version	file	version	2.0.8	High
Version	pom	version	2.0.8	Highest

Identifiers

pkg:maven/oro/oro@2.0.8 (Confidence:High)

plexus-cipher-2.0.jar

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-cipher\2.0\plexus-cipher-2.0.jar
MD5: 55d612839faf248cbe3e273969c002c2
SHA1: 425ea8e534716b4bff1ea90f39bd76be951d651b
SHA256:9a7f1b5c5a9effd61eadfd8731452a2f76a8e79111fac391ef75ea801bea203a
Referenced In Project/Scope: spotbugs-maven-plugin:provided
plexus-cipher-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	plexus-cipher	High
Vendor	jar	package name	cipher	Highest
Vendor	jar	package name	plexus	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	artifactid	plexus-cipher	Highest
Vendor	pom	artifactid	plexus-cipher	Low
Vendor	pom	groupid	org.codehaus.plexus	Highest
Vendor	pom	name	Plexus Cipher: encryption/decryption Component	High
Vendor	pom	parent-artifactid	plexus	Low
Product	file	name	plexus-cipher	High
Product	jar	package name	cipher	Highest
Product	jar	package name	plexus	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	pom	artifactid	plexus-cipher	Highest
Product	pom	groupid	org.codehaus.plexus	Highest
Product	pom	name	Plexus Cipher: encryption/decryption Component	High
Product	pom	parent-artifactid	plexus	Medium
Version	file	version	2.0	High
Version	pom	parent-version	2.0	Low
Version	pom	version	2.0	Highest

Identifiers

pkg:maven/org.codehaus.plexus/plexus-cipher@2.0 (Confidence:High)
cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.0:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

CVE-2022-4245

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

plexus-classworlds-2.7.0.jar

Description:

A class loader framework

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-classworlds\2.7.0\plexus-classworlds-2.7.0.jar
MD5: 6ed852b1a004288c44438381e6aaee1e
SHA1: fe6f1acefd1a302dd4bc6d9d7f15358828d2a44d
SHA256:c60ae538ba66adbc06aae205fbe2306211d3d213ab6df3239ec03cdde2458ad6
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/org.apache.maven/maven-plugin-api@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	plexus-classworlds	High
Vendor	jar	package name	classworlds	Highest
Vendor	jar	package name	codehaus	Highest
Vendor	jar	package name	plexus	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://codehaus-plexus.github.io/	Low
Vendor	Manifest	bundle-symbolicname	org.codehaus.plexus.classworlds	Medium
Vendor	pom	artifactid	plexus-classworlds	Highest
Vendor	pom	artifactid	plexus-classworlds	Low
Vendor	pom	groupid	org.codehaus.plexus	Highest
Vendor	pom	name	Plexus Classworlds	High
Vendor	pom	parent-artifactid	plexus	Low
Product	file	name	plexus-classworlds	High
Product	jar	package name	classworlds	Highest
Product	jar	package name	codehaus	Highest
Product	jar	package name	plexus	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://codehaus-plexus.github.io/	Low
Product	Manifest	Bundle-Name	Plexus Classworlds	Medium
Product	Manifest	bundle-symbolicname	org.codehaus.plexus.classworlds	Medium
Product	pom	artifactid	plexus-classworlds	Highest
Product	pom	groupid	org.codehaus.plexus	Highest
Product	pom	name	Plexus Classworlds	High
Product	pom	parent-artifactid	plexus	Medium
Version	file	version	2.7.0	High
Version	Manifest	Bundle-Version	2.7.0	High
Version	pom	parent-version	2.7.0	Low
Version	pom	version	2.7.0	Highest

Identifiers

pkg:maven/org.codehaus.plexus/plexus-classworlds@2.7.0 (Confidence:High)
cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.7.0:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

CVE-2022-4245

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

plexus-component-annotations-2.0.0.jar

Description:

    Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with
    standard annotations instead of javadoc annotations.

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-component-annotations\2.0.0\plexus-component-annotations-2.0.0.jar
MD5: be18d50372002ba958de0ae4850b18a7
SHA1: 6897b9fa8b67c900b52996f845e2d179eea13441
SHA256:405eef6fc9188241ec88579c3e473f5c8997455c69bcd62e142492aca15106bc
Referenced In Project/Scope: spotbugs-maven-plugin:compile
plexus-component-annotations-2.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.shared/maven-artifact-transfer@0.13.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	plexus-component-annotations	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	codehaus	Highest
Vendor	jar	package name	codehaus	Low
Vendor	jar	package name	component	Highest
Vendor	jar	package name	component	Low
Vendor	jar	package name	plexus	Highest
Vendor	jar	package name	plexus	Low
Vendor	pom	artifactid	plexus-component-annotations	Highest
Vendor	pom	artifactid	plexus-component-annotations	Low
Vendor	pom	groupid	org.codehaus.plexus	Highest
Vendor	pom	name	Plexus :: Component Annotations	High
Vendor	pom	parent-artifactid	plexus-containers	Low
Product	file	name	plexus-component-annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	annotations	Low
Product	jar	package name	codehaus	Highest
Product	jar	package name	component	Highest
Product	jar	package name	component	Low
Product	jar	package name	plexus	Highest
Product	jar	package name	plexus	Low
Product	pom	artifactid	plexus-component-annotations	Highest
Product	pom	groupid	org.codehaus.plexus	Highest
Product	pom	name	Plexus :: Component Annotations	High
Product	pom	parent-artifactid	plexus-containers	Medium
Version	file	version	2.0.0	High
Version	pom	version	2.0.0	Highest

Identifiers

pkg:maven/org.codehaus.plexus/plexus-component-annotations@2.0.0 (Confidence:High)
cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.0.0:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

CVE-2022-4245

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

plexus-i18n-1.0-beta-10.jar

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-i18n\1.0-beta-10\plexus-i18n-1.0-beta-10.jar
MD5: 7f36c0459c853750c627f682ec7bcf52
SHA1: 27506f59e54cc80b8c28b977c2bcd0478094e0cc
SHA256:b87f25b512ffafcafbf4a05ab943812e9c6915291370c6b46016eb3836886c41
Referenced In Project/Scope: spotbugs-maven-plugin:compile
plexus-i18n-1.0-beta-10.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	plexus-i18n	High
Vendor	jar	package name	codehaus	Highest
Vendor	jar	package name	codehaus	Low
Vendor	jar	package name	i18n	Highest
Vendor	jar	package name	i18n	Low
Vendor	jar	package name	plexus	Highest
Vendor	jar	package name	plexus	Low
Vendor	pom	artifactid	plexus-i18n	Highest
Vendor	pom	artifactid	plexus-i18n	Low
Vendor	pom	groupid	org.codehaus.plexus	Highest
Vendor	pom	name	Plexus I18N Component	High
Vendor	pom	parent-artifactid	plexus-components	Low
Product	file	name	plexus-i18n	High
Product	jar	package name	codehaus	Highest
Product	jar	package name	i18n	Highest
Product	jar	package name	i18n	Low
Product	jar	package name	plexus	Highest
Product	jar	package name	plexus	Low
Product	pom	artifactid	plexus-i18n	Highest
Product	pom	groupid	org.codehaus.plexus	Highest
Product	pom	name	Plexus I18N Component	High
Product	pom	parent-artifactid	plexus-components	Medium
Version	pom	parent-version	1.0-beta-10	Low
Version	pom	version	1.0-beta-10	Highest

Identifiers

pkg:maven/org.codehaus.plexus/plexus-i18n@1.0-beta-10 (Confidence:High)
cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.0.eta-10:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

CVE-2022-4245

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

plexus-interpolation-1.26.jar

Description:

The Plexus project provides a full software stack for creating and executing software projects.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-interpolation\1.26\plexus-interpolation-1.26.jar
MD5: 1049ae9f5cd8cf618abf5bc5805e6b94
SHA1: 25b919c664b79795ccde0ede5cee0fd68b544197
SHA256:b3b5412ce17889103ea564bcdfcf9fb3dfa540344ffeac6b538a73c9d7182662
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	plexus-interpolation	High
Vendor	jar	package name	codehaus	Highest
Vendor	jar	package name	interpolation	Highest
Vendor	jar	package name	plexus	Highest
Vendor	Manifest	bundle-docurl	http://codehaus-plexus.github.io/	Low
Vendor	Manifest	bundle-symbolicname	org.codehaus.plexus.interpolation	Medium
Vendor	pom	artifactid	plexus-interpolation	Highest
Vendor	pom	artifactid	plexus-interpolation	Low
Vendor	pom	groupid	org.codehaus.plexus	Highest
Vendor	pom	name	Plexus Interpolation API	High
Vendor	pom	parent-artifactid	plexus	Low
Product	file	name	plexus-interpolation	High
Product	jar	package name	codehaus	Highest
Product	jar	package name	interpolation	Highest
Product	jar	package name	plexus	Highest
Product	Manifest	bundle-docurl	http://codehaus-plexus.github.io/	Low
Product	Manifest	Bundle-Name	Plexus Interpolation API	Medium
Product	Manifest	bundle-symbolicname	org.codehaus.plexus.interpolation	Medium
Product	pom	artifactid	plexus-interpolation	Highest
Product	pom	groupid	org.codehaus.plexus	Highest
Product	pom	name	Plexus Interpolation API	High
Product	pom	parent-artifactid	plexus	Medium
Version	file	version	1.26	High
Version	pom	parent-version	1.26	Low
Version	pom	version	1.26	Highest

Identifiers

pkg:maven/org.codehaus.plexus/plexus-interpolation@1.26 (Confidence:High)
cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.26:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

CVE-2022-4245

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

plexus-resources-1.3.0.jar

Description:

A component to transparently retrieve resources from the filesystem, classpath or internet.

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-resources\1.3.0\plexus-resources-1.3.0.jar
MD5: fcc594fc0965b615ec74294fc30e00dd
SHA1: 0f082cbb44a0fb317e405ed6bfbd1ca983f38e14
SHA256:827baaa0215caedcdca59d091f04480566f7a43996183b9f9871fecff7abebea
Referenced In Project/Scope: spotbugs-maven-plugin:compile
plexus-resources-1.3.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	plexus-resources	High
Vendor	jar	package name	codehaus	Highest
Vendor	jar	package name	plexus	Highest
Vendor	jar	package name	resource	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	pom	artifactid	plexus-resources	Highest
Vendor	pom	artifactid	plexus-resources	Low
Vendor	pom	groupid	org.codehaus.plexus	Highest
Vendor	pom	name	Plexus Resource Component	High
Vendor	pom	parent-artifactid	plexus	Low
Product	file	name	plexus-resources	High
Product	jar	package name	codehaus	Highest
Product	jar	package name	plexus	Highest
Product	jar	package name	resource	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	pom	artifactid	plexus-resources	Highest
Product	pom	groupid	org.codehaus.plexus	Highest
Product	pom	name	Plexus Resource Component	High
Product	pom	parent-artifactid	plexus	Medium
Version	file	version	1.3.0	High
Version	pom	parent-version	1.3.0	Low
Version	pom	version	1.3.0	Highest

Identifiers

pkg:maven/org.codehaus.plexus/plexus-resources@1.3.0 (Confidence:High)
cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.3.0:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

CVE-2022-4245

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

plexus-sec-dispatcher-2.0.jar

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-sec-dispatcher\2.0\plexus-sec-dispatcher-2.0.jar
MD5: e68635a721630177ac70173e441336b6
SHA1: f89c5080614ffd0764e49861895dbedde1b47237
SHA256:873139960c4c780176dda580b003a2c4bf82188bdce5bb99234e224ef7acfceb
Referenced In Project/Scope: spotbugs-maven-plugin:provided
plexus-sec-dispatcher-2.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-core@3.9.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	plexus-sec-dispatcher	High
Vendor	jar	package name	plexus	Highest
Vendor	jar	package name	sec	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	artifactid	plexus-sec-dispatcher	Highest
Vendor	pom	artifactid	plexus-sec-dispatcher	Low
Vendor	pom	groupid	org.codehaus.plexus	Highest
Vendor	pom	name	Plexus Security Dispatcher Component	High
Vendor	pom	parent-artifactid	plexus	Low
Product	file	name	plexus-sec-dispatcher	High
Product	jar	package name	plexus	Highest
Product	jar	package name	sec	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	pom	artifactid	plexus-sec-dispatcher	Highest
Product	pom	groupid	org.codehaus.plexus	Highest
Product	pom	name	Plexus Security Dispatcher Component	High
Product	pom	parent-artifactid	plexus	Medium
Version	file	version	2.0	High
Version	pom	parent-version	2.0	Low
Version	pom	version	2.0	Highest

Identifiers

pkg:maven/org.codehaus.plexus/plexus-sec-dispatcher@2.0 (Confidence:High)
cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:2.0:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:sec_project:sec:2.0:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

CVE-2022-4245

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

plexus-utils-4.0.0.jar

Description:

A collection of various utility classes to ease working with strings, files, command lines and
    more.

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-utils\4.0.0\plexus-utils-4.0.0.jar
MD5: 16481d9d3af602d73a6355e79d2de889
SHA1: ff00a04ba971655ed10e9fb93bce0ed3014e9477
SHA256:270cd703b48c6e5c8c691f1875f22d62d22cfe072c73ae2f5814d83d68c1da0b
Referenced In Project/Scope: spotbugs-maven-plugin:compile
plexus-utils-4.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	plexus-utils	High
Vendor	jar	package name	codehaus	Highest
Vendor	jar	package name	org	Highest
Vendor	jar	package name	plexus	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	plexus-utils	Highest
Vendor	pom	artifactid	plexus-utils	Low
Vendor	pom	groupid	org.codehaus.plexus	Highest
Vendor	pom	name	Plexus Common Utilities	High
Vendor	pom	parent-artifactid	plexus	Low
Product	file	name	plexus-utils	High
Product	jar	package name	codehaus	Highest
Product	jar	package name	org	Highest
Product	jar	package name	plexus	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	plexus-utils	Highest
Product	pom	groupid	org.codehaus.plexus	Highest
Product	pom	name	Plexus Common Utilities	High
Product	pom	parent-artifactid	plexus	Medium
Version	file	version	4.0.0	High
Version	pom	parent-version	4.0.0	Low
Version	pom	version	4.0.0	Highest

Identifiers

pkg:maven/org.codehaus.plexus/plexus-utils@4.0.0 (Confidence:High)
cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:4.0.0:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:plexus-utils_project:plexus-utils:4.0.0:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:utils_project:utils:4.0.0:*:*:*:*:*:*:* (Confidence:Highest)

plexus-velocity-1.2.jar

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-velocity\1.2\plexus-velocity-1.2.jar
MD5: 7d7805136e8165f53c944612a809f1a6
SHA1: 1331b9d6bbf99ead362c68c2f318ebe5fedda598
SHA256:b4c4a0dbeacad54306a1ae230eff5ab45d58e3ab88c86ab7245d3a0772be57ab
Referenced In Project/Scope: spotbugs-maven-plugin:compile
plexus-velocity-1.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	plexus-velocity	High
Vendor	jar	package name	codehaus	Highest
Vendor	jar	package name	codehaus	Low
Vendor	jar	package name	plexus	Highest
Vendor	jar	package name	plexus	Low
Vendor	jar	package name	velocity	Highest
Vendor	jar	package name	velocity	Low
Vendor	pom	artifactid	plexus-velocity	Highest
Vendor	pom	artifactid	plexus-velocity	Low
Vendor	pom	groupid	org.codehaus.plexus	Highest
Vendor	pom	name	Plexus Velocity Component	High
Vendor	pom	parent-artifactid	plexus-components	Low
Product	file	name	plexus-velocity	High
Product	jar	package name	codehaus	Highest
Product	jar	package name	plexus	Highest
Product	jar	package name	plexus	Low
Product	jar	package name	velocity	Highest
Product	jar	package name	velocity	Low
Product	pom	artifactid	plexus-velocity	Highest
Product	pom	groupid	org.codehaus.plexus	Highest
Product	pom	name	Plexus Velocity Component	High
Product	pom	parent-artifactid	plexus-components	Medium
Version	file	version	1.2	High
Version	pom	parent-version	1.2	Low
Version	pom	version	1.2	Highest

Identifiers

pkg:maven/org.codehaus.plexus/plexus-velocity@1.2 (Confidence:High)
cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:1.2:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

CVE-2022-4245

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

plexus-xml-3.0.0.jar

Description:

A collection of various utility classes to ease working with XML in Maven 3.

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-xml\3.0.0\plexus-xml-3.0.0.jar
MD5: cccca4a03a8367cd20e4efaead5fba0b
SHA1: d16b91678bc3734276886132923d6919c935c9f7
SHA256:d2622dc9339b16f5b8c9cad2add440e965831d0e16f19ae1de24e1202b0de536
Referenced In Project/Scope: spotbugs-maven-plugin:compile
plexus-xml-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	plexus-xml	High
Vendor	jar	package name	codehaus	Highest
Vendor	jar	package name	plexus	Highest
Vendor	jar	package name	xml	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	pom	artifactid	plexus-xml	Highest
Vendor	pom	artifactid	plexus-xml	Low
Vendor	pom	groupid	org.codehaus.plexus	Highest
Vendor	pom	name	Plexus XML Utilities	High
Vendor	pom	parent-artifactid	plexus	Low
Vendor	pom	url	https://codehaus-plexus.github.io/plexus-xml/	Highest
Product	file	name	plexus-xml	High
Product	jar	package name	codehaus	Highest
Product	jar	package name	plexus	Highest
Product	jar	package name	xml	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	pom	artifactid	plexus-xml	Highest
Product	pom	groupid	org.codehaus.plexus	Highest
Product	pom	name	Plexus XML Utilities	High
Product	pom	parent-artifactid	plexus	Medium
Product	pom	url	https://codehaus-plexus.github.io/plexus-xml/	Medium
Version	file	version	3.0.0	High
Version	pom	parent-version	3.0.0	Low
Version	pom	version	3.0.0	Highest

Identifiers

pkg:maven/org.codehaus.plexus/plexus-xml@3.0.0 (Confidence:High)
cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:3.0.0:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:

Base Score: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

CVE-2022-4245

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.

CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:

Base Score: MEDIUM (4.3)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

References:

secalert@redhat.com - Issue Tracking
secalert@redhat.com - Third Party Advisory
secalert@redhat.com - Third Party Advisory

Vulnerable Software & Versions: (show all)

qdox-1.12.1.jar

Description:

    QDox is a high speed, small footprint parser for extracting class/interface/method definitions from source files
    complete with JavaDoc @tags. It is designed to be used by active code generators or documentation tools.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\thoughtworks\qdox\qdox\1.12.1\qdox-1.12.1.jar
MD5: 9fb6970f934f8d836ae8e6d133316ab4
SHA1: f7122f6ab1f64bdf9f5970b0e89bfb355e036897
SHA256:21fba22f830e9268f07cf4ab2d99e8181abbdcb0cb91ee0228eb3cb918dcdd1d
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/org.apache.groovy/groovy-docgenerator@4.0.21

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	qdox	High
Vendor	jar	package name	model	Low
Vendor	jar	package name	parser	Highest
Vendor	jar	package name	qdox	Highest
Vendor	jar	package name	qdox	Low
Vendor	jar	package name	thoughtworks	Highest
Vendor	jar	package name	thoughtworks	Low
Vendor	jar	package name	tools	Highest
Vendor	pom	artifactid	qdox	Highest
Vendor	pom	artifactid	qdox	Low
Vendor	pom	developer id	joe	Medium
Vendor	pom	developer id	mauro	Medium
Vendor	pom	developer id	mdub	Medium
Vendor	pom	developer id	paul	Medium
Vendor	pom	developer id	rfscholte	Medium
Vendor	pom	developer id	rinkrank	Medium
Vendor	pom	developer name	Aslak Hellesoy	Medium
Vendor	pom	developer name	Joe Walnes	Medium
Vendor	pom	developer name	Mauro Talevi	Medium
Vendor	pom	developer name	Mike Williams	Medium
Vendor	pom	developer name	Paul Hammant	Medium
Vendor	pom	developer name	Robert Scholte	Medium
Vendor	pom	groupid	com.thoughtworks.qdox	Highest
Vendor	pom	name	QDox	High
Vendor	pom	parent-artifactid	codehaus-parent	Low
Vendor	pom	parent-groupid	org.codehaus	Medium
Vendor	pom	url	http://qdox.codehaus.org	Highest
Product	file	name	qdox	High
Product	jar	package name	model	Low
Product	jar	package name	parser	Highest
Product	jar	package name	qdox	Highest
Product	jar	package name	qdox	Low
Product	jar	package name	thoughtworks	Highest
Product	jar	package name	tools	Highest
Product	pom	artifactid	qdox	Highest
Product	pom	developer id	joe	Low
Product	pom	developer id	mauro	Low
Product	pom	developer id	mdub	Low
Product	pom	developer id	paul	Low
Product	pom	developer id	rfscholte	Low
Product	pom	developer id	rinkrank	Low
Product	pom	developer name	Aslak Hellesoy	Low
Product	pom	developer name	Joe Walnes	Low
Product	pom	developer name	Mauro Talevi	Low
Product	pom	developer name	Mike Williams	Low
Product	pom	developer name	Paul Hammant	Low
Product	pom	developer name	Robert Scholte	Low
Product	pom	groupid	com.thoughtworks.qdox	Highest
Product	pom	name	QDox	High
Product	pom	parent-artifactid	codehaus-parent	Medium
Product	pom	parent-groupid	org.codehaus	Medium
Product	pom	url	http://qdox.codehaus.org	Medium
Version	file	version	1.12.1	High
Version	pom	parent-version	1.12.1	Low
Version	pom	version	1.12.1	Highest

Identifiers

pkg:maven/com.thoughtworks.qdox/qdox@1.12.1 (Confidence:High)

slf4j-api-2.0.12.jar

Description:

The slf4j API

License:

http://www.opensource.org/licenses/mit-license.php

File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\slf4j-api\2.0.12\slf4j-api-2.0.12.jar
MD5: 86eb051f2e2d6497a3a57810c963a9d6
SHA1: 48f109a2a6d8f446c794f3e3fa0d86df0cdfa312
SHA256:a79502b8abdfbd722846a27691226a4088682d6d35654f9b80e2a9ccacf7ed47
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	slf4j-api	High
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	http://www.slf4j.org	Low
Vendor	Manifest	bundle-symbolicname	slf4j.api	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	slf4j-api	Highest
Vendor	pom	artifactid	slf4j-api	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	name	SLF4J API Module	High
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	url	http://www.slf4j.org	Highest
Product	file	name	slf4j-api	High
Product	jar	package name	slf4j	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	http://www.slf4j.org	Low
Product	Manifest	Bundle-Name	SLF4J API Module	Medium
Product	Manifest	bundle-symbolicname	slf4j.api	Medium
Product	Manifest	Implementation-Title	slf4j-api	High
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	slf4j-api	Highest
Product	pom	groupid	org.slf4j	Highest
Product	pom	name	SLF4J API Module	High
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	url	http://www.slf4j.org	Medium
Version	file	version	2.0.12	High
Version	Manifest	Bundle-Version	2.0.12	High
Version	Manifest	Implementation-Version	2.0.12	High
Version	pom	version	2.0.12	Highest

Identifiers

pkg:maven/org.slf4j/slf4j-api@2.0.12 (Confidence:High)

slf4j-simple-2.0.12.jar

Description:

SLF4J Simple Provider

License:

http://www.opensource.org/licenses/mit-license.php

File Path: C:\Users\Jeremy\.m2\repository\org\slf4j\slf4j-simple\2.0.12\slf4j-simple-2.0.12.jar
MD5: 66daf0383d0fef0dbac0d8eb7dbe4e49
SHA1: 5fb15030fb6158ef4f63ce4f889f72f4259a7bc3
SHA256:4cd8f3d6236044600e7054da7c124c6d2e9f45eb43c77d4e9b093fe1095edc85
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	slf4j-simple	High
Vendor	jar	package name	simple	Highest
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	http://www.slf4j.org	Low
Vendor	Manifest	bundle-symbolicname	slf4j.simple	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin 5.1.9	Low
Vendor	Manifest	provide-capability	osgi.service;objectClass:List="org.slf4j.spi.SLF4JServiceProvider";type=simple;effective:=active,osgi.serviceloader;osgi.serviceloader="org.slf4j.spi.SLF4JServiceProvider";register:="org.slf4j.simple.SimpleServiceProvider";type=simple	Low
Vendor	pom	artifactid	slf4j-simple	Highest
Vendor	pom	artifactid	slf4j-simple	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	name	SLF4J Simple Provider	High
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	url	http://www.slf4j.org	Highest
Product	file	name	slf4j-simple	High
Product	jar	package name	9	Highest
Product	jar	package name	simple	Highest
Product	jar	package name	simpleserviceprovider	Highest
Product	jar	package name	slf4j	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	http://www.slf4j.org	Low
Product	Manifest	Bundle-Name	SLF4J Simple Provider	Medium
Product	Manifest	bundle-symbolicname	slf4j.simple	Medium
Product	Manifest	Implementation-Title	slf4j-simple	High
Product	Manifest	multi-release	true	Low
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin 5.1.9	Low
Product	Manifest	provide-capability	osgi.service;objectClass:List="org.slf4j.spi.SLF4JServiceProvider";type=simple;effective:=active,osgi.serviceloader;osgi.serviceloader="org.slf4j.spi.SLF4JServiceProvider";register:="org.slf4j.simple.SimpleServiceProvider";type=simple	Low
Product	pom	artifactid	slf4j-simple	Highest
Product	pom	groupid	org.slf4j	Highest
Product	pom	name	SLF4J Simple Provider	High
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	url	http://www.slf4j.org	Medium
Version	file	version	2.0.12	High
Version	Manifest	Bundle-Version	2.0.12	High
Version	Manifest	Implementation-Version	2.0.12	High
Version	pom	version	2.0.12	Highest

Identifiers

pkg:maven/org.slf4j/slf4j-simple@2.0.12 (Confidence:High)

spotbugs-4.8.4.jar

Description:

SpotBugs: Because it's easy!

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html

File Path: C:\Users\Jeremy\.m2\repository\com\github\spotbugs\spotbugs\4.8.4\spotbugs-4.8.4.jar
MD5: 774485bbfee63e8f05a0d8777dfb3869
SHA1: c0fe33682eaee6d537b9ca5292cc1c2e732a743f
SHA256:1ca27492ff249922c8a0df73d3bad3551fad860ee2333d52fcd6d7ca05e48312
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spotbugs	High
Vendor	Manifest	automatic-module-name	com.github.spotbugs.spotbugs	Medium
Vendor	pom	artifactid	spotbugs	Highest
Vendor	pom	artifactid	spotbugs	Low
Vendor	pom	developer email	andreas.sewe@codetrails.com	Low
Vendor	pom	developer email	dbrosius@mebigfatguy.com	Low
Vendor	pom	developer email	loskutov@gmx.de	Low
Vendor	pom	developer email	skypencil@gmail.com	Low
Vendor	pom	developer id	henrik242	Medium
Vendor	pom	developer id	iloveeclipse	Medium
Vendor	pom	developer id	jsotuyod	Medium
Vendor	pom	developer id	KengoTODA	Medium
Vendor	pom	developer id	mebigfatguy	Medium
Vendor	pom	developer id	sewe	Medium
Vendor	pom	developer id	ThrawnCA	Medium
Vendor	pom	developer name	Andreas Sewe	Medium
Vendor	pom	developer name	Andrey Loskutov	Medium
Vendor	pom	developer name	Dave Brosius	Medium
Vendor	pom	developer name	Juan Martín Sotuyo Dodero	Medium
Vendor	pom	developer name	Kengo TODA	Medium
Vendor	pom	groupid	com.github.spotbugs	Highest
Vendor	pom	name	SpotBugs	High
Vendor	pom	url	https://spotbugs.github.io/	Highest
Product	file	name	spotbugs	High
Product	Manifest	automatic-module-name	com.github.spotbugs.spotbugs	Medium
Product	pom	artifactid	spotbugs	Highest
Product	pom	developer email	andreas.sewe@codetrails.com	Low
Product	pom	developer email	dbrosius@mebigfatguy.com	Low
Product	pom	developer email	loskutov@gmx.de	Low
Product	pom	developer email	skypencil@gmail.com	Low
Product	pom	developer id	henrik242	Low
Product	pom	developer id	iloveeclipse	Low
Product	pom	developer id	jsotuyod	Low
Product	pom	developer id	KengoTODA	Low
Product	pom	developer id	mebigfatguy	Low
Product	pom	developer id	sewe	Low
Product	pom	developer id	ThrawnCA	Low
Product	pom	developer name	Andreas Sewe	Low
Product	pom	developer name	Andrey Loskutov	Low
Product	pom	developer name	Dave Brosius	Low
Product	pom	developer name	Juan Martín Sotuyo Dodero	Low
Product	pom	developer name	Kengo TODA	Low
Product	pom	groupid	com.github.spotbugs	Highest
Product	pom	name	SpotBugs	High
Product	pom	url	https://spotbugs.github.io/	Medium
Version	file	version	4.8.4	High
Version	Manifest	Bundle-Version	4.8.4	High
Version	pom	version	4.8.4	Highest

Identifiers

pkg:maven/com.github.spotbugs/spotbugs@4.8.4 (Confidence:High)

spotbugs-annotations-4.8.4.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html

File Path: C:\Users\Jeremy\.m2\repository\com\github\spotbugs\spotbugs-annotations\4.8.4\spotbugs-annotations-4.8.4.jar
MD5: 4ccc9cc98fc75022bc8620b35c4ef7ff
SHA1: 16cd7f8a57d1ef8541b916bb4c78dab9ef9ec9fc
SHA256:baa8208c3a16d4bc08eb3717e295604154f1c12bf9fe547799ed8bae325f2718
Referenced In Project/Scope: spotbugs-maven-plugin:provided
pkg:maven/com.github.spotbugs/spotbugs-maven-plugin@4.8.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spotbugs-annotations	High
Vendor	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Vendor	pom	artifactid	spotbugs-annotations	Highest
Vendor	pom	artifactid	spotbugs-annotations	Low
Vendor	pom	developer email	andreas.sewe@codetrails.com	Low
Vendor	pom	developer email	dbrosius@mebigfatguy.com	Low
Vendor	pom	developer email	loskutov@gmx.de	Low
Vendor	pom	developer email	skypencil@gmail.com	Low
Vendor	pom	developer id	henrik242	Medium
Vendor	pom	developer id	iloveeclipse	Medium
Vendor	pom	developer id	jsotuyod	Medium
Vendor	pom	developer id	KengoTODA	Medium
Vendor	pom	developer id	mebigfatguy	Medium
Vendor	pom	developer id	sewe	Medium
Vendor	pom	developer id	ThrawnCA	Medium
Vendor	pom	developer name	Andreas Sewe	Medium
Vendor	pom	developer name	Andrey Loskutov	Medium
Vendor	pom	developer name	Dave Brosius	Medium
Vendor	pom	developer name	Juan Martín Sotuyo Dodero	Medium
Vendor	pom	developer name	Kengo TODA	Medium
Vendor	pom	groupid	com.github.spotbugs	Highest
Vendor	pom	name	SpotBugs Annotations	High
Vendor	pom	url	https://spotbugs.github.io/	Highest
Product	file	name	spotbugs-annotations	High
Product	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Product	Manifest	Bundle-Name	spotbugs-annotations	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Product	pom	artifactid	spotbugs-annotations	Highest
Product	pom	developer email	andreas.sewe@codetrails.com	Low
Product	pom	developer email	dbrosius@mebigfatguy.com	Low
Product	pom	developer email	loskutov@gmx.de	Low
Product	pom	developer email	skypencil@gmail.com	Low
Product	pom	developer id	henrik242	Low
Product	pom	developer id	iloveeclipse	Low
Product	pom	developer id	jsotuyod	Low
Product	pom	developer id	KengoTODA	Low
Product	pom	developer id	mebigfatguy	Low
Product	pom	developer id	sewe	Low
Product	pom	developer id	ThrawnCA	Low
Product	pom	developer name	Andreas Sewe	Low
Product	pom	developer name	Andrey Loskutov	Low
Product	pom	developer name	Dave Brosius	Low
Product	pom	developer name	Juan Martín Sotuyo Dodero	Low
Product	pom	developer name	Kengo TODA	Low
Product	pom	groupid	com.github.spotbugs	Highest
Product	pom	name	SpotBugs Annotations	High
Product	pom	url	https://spotbugs.github.io/	Medium
Version	file	version	4.8.4	High
Version	Manifest	Bundle-Version	4.8.4	High
Version	pom	version	4.8.4	Highest

Identifiers

pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.4 (Confidence:High)

velocity-1.7.jar

Description:

Apache Velocity is a general purpose template engine.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\velocity\velocity\1.7\velocity-1.7.jar
MD5: 3692dd72f8367cb35fb6280dc2916725
SHA1: 2ceb567b8f3f21118ecdec129fe1271dbc09aa7a
SHA256:ec92dae810034f4b46dbb16ef4364a4013b0efb24a8c5dd67435cae46a290d8e
Referenced In Project/Scope: spotbugs-maven-plugin:compile
velocity-1.7.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	velocity	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	template	Highest
Vendor	jar	package name	velocity	Highest
Vendor	Manifest	bundle-symbolicname	org.apache.velocity	Medium
Vendor	Manifest	extension-name	velocity	Medium
Vendor	Manifest	Implementation-Vendor	Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	Apache Software Foundation	Low
Vendor	pom	artifactid	velocity	Highest
Vendor	pom	artifactid	velocity	Low
Vendor	pom	developer email	dlr@finemaltcoding.com	Low
Vendor	pom	developer email	geirm@optonline.net	Low
Vendor	pom	developer email	hps@intermeta.de	Low
Vendor	pom	developer email	nathan@esha.com	Low
Vendor	pom	developer email	wglass@forio.com	Low
Vendor	pom	developer id	dlr	Medium
Vendor	pom	developer id	geirm	Medium
Vendor	pom	developer id	henning	Medium
Vendor	pom	developer id	nbubna	Medium
Vendor	pom	developer id	wglass	Medium
Vendor	pom	developer name	Daniel Rall	Medium
Vendor	pom	developer name	Geir Magnusson Jr.	Medium
Vendor	pom	developer name	Henning P. Schmiedehausen	Medium
Vendor	pom	developer name	Nathan Bubna	Medium
Vendor	pom	developer name	Will Glass-Husain	Medium
Vendor	pom	developer org	CollabNet, Inc.	Medium
Vendor	pom	developer org	ESHA Research	Medium
Vendor	pom	developer org	Forio Business Simulations	Medium
Vendor	pom	developer org	Independent (DVSL Maven)	Medium
Vendor	pom	developer org	INTERMETA - Gesellschaft für Mehrwertdienste mbH	Medium
Vendor	pom	groupid	org.apache.velocity	Highest
Vendor	pom	name	Apache Velocity	High
Vendor	pom	parent-artifactid	apache	Low
Vendor	pom	parent-groupid	org.apache	Medium
Vendor	pom	url	http://velocity.apache.org/engine/devel/	Highest
Product	file	name	velocity	High
Product	jar	package name	apache	Highest
Product	jar	package name	template	Highest
Product	jar	package name	velocity	Highest
Product	Manifest	Bundle-Name	Apache Velocity	Medium
Product	Manifest	bundle-symbolicname	org.apache.velocity	Medium
Product	Manifest	extension-name	velocity	Medium
Product	Manifest	Implementation-Title	org.apache.velocity	High
Product	Manifest	specification-title	Velocity is a Java-based template engine	Medium
Product	pom	artifactid	velocity	Highest
Product	pom	developer email	dlr@finemaltcoding.com	Low
Product	pom	developer email	geirm@optonline.net	Low
Product	pom	developer email	hps@intermeta.de	Low
Product	pom	developer email	nathan@esha.com	Low
Product	pom	developer email	wglass@forio.com	Low
Product	pom	developer id	dlr	Low
Product	pom	developer id	geirm	Low
Product	pom	developer id	henning	Low
Product	pom	developer id	nbubna	Low
Product	pom	developer id	wglass	Low
Product	pom	developer name	Daniel Rall	Low
Product	pom	developer name	Geir Magnusson Jr.	Low
Product	pom	developer name	Henning P. Schmiedehausen	Low
Product	pom	developer name	Nathan Bubna	Low
Product	pom	developer name	Will Glass-Husain	Low
Product	pom	developer org	CollabNet, Inc.	Low
Product	pom	developer org	ESHA Research	Low
Product	pom	developer org	Forio Business Simulations	Low
Product	pom	developer org	Independent (DVSL Maven)	Low
Product	pom	developer org	INTERMETA - Gesellschaft für Mehrwertdienste mbH	Low
Product	pom	groupid	org.apache.velocity	Highest
Product	pom	name	Apache Velocity	High
Product	pom	parent-artifactid	apache	Medium
Product	pom	parent-groupid	org.apache	Medium
Product	pom	url	http://velocity.apache.org/engine/devel/	Medium
Version	file	version	1.7	High
Version	Manifest	Bundle-Version	1.7	High
Version	Manifest	Implementation-Version	1.7	High
Version	pom	parent-version	1.7	Low
Version	pom	version	1.7	Highest

Identifiers

pkg:maven/org.apache.velocity/velocity@1.7 (Confidence:High)
cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:* (Confidence:Low)

Published Vulnerabilities

CVE-2020-13936

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.

NVD-CWE-noinfo

CVSSv2:

Base Score: HIGH (9.0)
Vector: /AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSSv3:

Base Score: HIGH (8.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A

References:

OSSINDEX - [CVE-2020-13936] CWE-noinfo
OSSIndex - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13936
OSSIndex - https://github.com/apache/velocity-engine/pull/16
OSSIndex - https://securitylab.github.com/advisories/GHSL-2020-048-apache-velocity
security@apache.org - Mailing List
security@apache.org - Mailing List
security@apache.org - Mailing List
security@apache.org - Patch
security@apache.org - Patch
security@apache.org - Third Party Advisory

Vulnerable Software & Versions: (show all)

velocity-tools-2.0.jar

Description:

        VelocityTools is an integrated collection of Velocity subprojects
        with the common goal of creating tools and infrastructure to speed and ease
        development of both web and non-web applications using the Velocity template
        engine.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\org\apache\velocity\velocity-tools\2.0\velocity-tools-2.0.jar
MD5: 51ed2c6c0103cf3fdbeb9aa5170f5288
SHA1: 69936384de86857018b023a8c56ae0635c56b6a0
SHA256:b174eb36bc48c25dce10571c7d3d5dca4e4c1b3e2e31a92b9ed68fe9dea688d9
Referenced In Project/Scope: spotbugs-maven-plugin:compile
pkg:maven/org.apache.maven.doxia/doxia-site-renderer@1.11.1

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	velocity-tools	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	tools	Highest
Vendor	jar	package name	velocity	Highest
Vendor	Manifest	extension-name	velocity-tools	Medium
Vendor	Manifest	Implementation-Vendor	Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	Apache Software Foundation	Low
Vendor	pom	artifactid	velocity-tools	Highest
Vendor	pom	artifactid	velocity-tools	Low
Vendor	pom	developer email	cbrisson@apache.org	Low
Vendor	pom	developer email	dlr@apache.org	Low
Vendor	pom	developer email	geirm@apache.org	Low
Vendor	pom	developer email	henning@apache.org	Low
Vendor	pom	developer email	marino@apache.org	Low
Vendor	pom	developer email	nbubna@apache.org	Low
Vendor	pom	developer email	wglass@apache.org	Low
Vendor	pom	developer id	cbrisson	Medium
Vendor	pom	developer id	dlr	Medium
Vendor	pom	developer id	geirm	Medium
Vendor	pom	developer id	henning	Medium
Vendor	pom	developer id	marino	Medium
Vendor	pom	developer id	nbubna	Medium
Vendor	pom	developer id	wglass	Medium
Vendor	pom	developer name	Claude Brisson	Medium
Vendor	pom	developer name	Daniel Rall	Medium
Vendor	pom	developer name	Geir Magnusson Jr.	Medium
Vendor	pom	developer name	Henning Schmiedehausen	Medium
Vendor	pom	developer name	Marinó A. Jónsson	Medium
Vendor	pom	developer name	Nathan Bubna	Medium
Vendor	pom	developer name	Will Glass-Husain	Medium
Vendor	pom	developer org	ESHA Research	Medium
Vendor	pom	groupid	org.apache.velocity	Highest
Vendor	pom	name	VelocityTools	High
Vendor	pom	organization name	Apache Software Foundation	High
Vendor	pom	organization url	http://velocity.apache.org/	Medium
Vendor	pom	url	http://velocity.apache.org/tools/devel/	Highest
Product	file	name	velocity-tools	High
Product	jar	package name	apache	Highest
Product	jar	package name	struts	Highest
Product	jar	package name	tools	Highest
Product	jar	package name	velocity	Highest
Product	Manifest	extension-name	velocity-tools	Medium
Product	Manifest	Implementation-Title	org.apache.velocity	High
Product	Manifest	specification-title	VelocityTools is a set of utilities for use with the Velocity template engine and Struts web framework	Medium
Product	pom	artifactid	velocity-tools	Highest
Product	pom	developer email	cbrisson@apache.org	Low
Product	pom	developer email	dlr@apache.org	Low
Product	pom	developer email	geirm@apache.org	Low
Product	pom	developer email	henning@apache.org	Low
Product	pom	developer email	marino@apache.org	Low
Product	pom	developer email	nbubna@apache.org	Low
Product	pom	developer email	wglass@apache.org	Low
Product	pom	developer id	cbrisson	Low
Product	pom	developer id	dlr	Low
Product	pom	developer id	geirm	Low
Product	pom	developer id	henning	Low
Product	pom	developer id	marino	Low
Product	pom	developer id	nbubna	Low
Product	pom	developer id	wglass	Low
Product	pom	developer name	Claude Brisson	Low
Product	pom	developer name	Daniel Rall	Low
Product	pom	developer name	Geir Magnusson Jr.	Low
Product	pom	developer name	Henning Schmiedehausen	Low
Product	pom	developer name	Marinó A. Jónsson	Low
Product	pom	developer name	Nathan Bubna	Low
Product	pom	developer name	Will Glass-Husain	Low
Product	pom	developer org	ESHA Research	Low
Product	pom	groupid	org.apache.velocity	Highest
Product	pom	name	VelocityTools	High
Product	pom	organization name	Apache Software Foundation	Low
Product	pom	organization url	http://velocity.apache.org/	Low
Product	pom	url	http://velocity.apache.org/tools/devel/	Medium
Version	file	version	2.0	High
Version	Manifest	Implementation-Version	2.0	High
Version	pom	version	2.0	Highest

Identifiers

pkg:maven/org.apache.velocity/velocity-tools@2.0 (Confidence:High)
cpe:2.3:a:apache:velocity_tools:2.0:*:*:*:*:*:*:* (Confidence:Highest)

Published Vulnerabilities

CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, perform requests in the name of the victim or for phishing attacks.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

Base Score: MEDIUM (6.1)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

OSSINDEX - [CVE-2020-13959] CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OSSIndex - https://github.com/apache/velocity-tools/pull/9
OSSIndex - https://www.bleepingcomputer.com/news/security/undisclosed-apache-velocity-xss-vulnerability-impacts-gov-sites/
security@apache.org - Mailing List
security@apache.org - Mailing List
security@apache.org - Mailing List
security@apache.org - Third Party Advisory

Vulnerable Software & Versions:

cpe:2.3:a:apache:velocity_tools:*:*:*:*:*:*:*:* versions up to (excluding) 3.1

xmlresolver-5.2.2-data.jar

File Path: C:\Users\Jeremy\.m2\repository\org\xmlresolver\xmlresolver\5.2.2\xmlresolver-5.2.2-data.jar
MD5: 0e77f628aa613bbe3145c6a24f8973f3
SHA1: 5624ede8b8e374979194acaae9f34cff23b62b3e
SHA256:173904bdbd783ba0fac92c5bcc05da5d09f0ce7eed24346666ea0a239461f9b4
Referenced In Project/Scope: spotbugs-maven-plugin:runtime
xmlresolver-5.2.2-data.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs@4.8.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	xmlresolver	High
Vendor	Manifest	automatic-module-name	org.xmlresolver.xmlresolver_data	Medium
Vendor	Manifest	Implementation-Vendor	Norman Walsh	High
Vendor	pom	artifactid	xmlresolver	Highest
Vendor	pom	groupid	org.xmlresolver	Highest
Product	file	name	xmlresolver	High
Product	Manifest	automatic-module-name	org.xmlresolver.xmlresolver_data	Medium
Product	Manifest	Implementation-Title	XML Resolver data	High
Product	pom	artifactid	xmlresolver	Highest
Version	file	version	5.2.2	High
Version	Manifest	Implementation-Version	5.2.2	High
Version	pom	version	5.2.2	Highest

Identifiers

pkg:maven/org.xmlresolver/xmlresolver@5.2.2 (Confidence:Highest)

xmlresolver-5.2.2.jar

Description:

An XML entity/uri resolver

License:

Apache License version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: C:\Users\Jeremy\.m2\repository\org\xmlresolver\xmlresolver\5.2.2\xmlresolver-5.2.2.jar
MD5: 0de20e8f7acfa5942d78c239d3034deb
SHA1: 152378e04ba01898847bf38fad5023c7d52f0c9d
SHA256:efc92bd7ed32b3e57095e0b3e872051ccfbbdcc980831ef33e89e38161a85222
Referenced In Project/Scope: spotbugs-maven-plugin:runtime
pkg:maven/com.github.spotbugs/spotbugs@4.8.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	xmlresolver	High
Vendor	jar	package name	resolver	Highest
Vendor	jar	package name	xmlresolver	Highest
Vendor	Manifest	automatic-module-name	org.xmlresolver.xmlresolver	Medium
Vendor	Manifest	Implementation-Vendor	Norman Walsh	High
Vendor	pom	artifactid	xmlresolver	Highest
Vendor	pom	artifactid	xmlresolver	Low
Vendor	pom	developer id	ndw	Medium
Vendor	pom	developer name	Norman Walsh	Medium
Vendor	pom	groupid	org.xmlresolver	Highest
Vendor	pom	name	XML Resolver	High
Vendor	pom	url	xmlresolver/xmlresolver	Highest
Product	file	name	xmlresolver	High
Product	jar	package name	resolver	Highest
Product	jar	package name	xmlresolver	Highest
Product	Manifest	automatic-module-name	org.xmlresolver.xmlresolver	Medium
Product	Manifest	Implementation-Title	XML Resolver	High
Product	pom	artifactid	xmlresolver	Highest
Product	pom	developer id	ndw	Low
Product	pom	developer name	Norman Walsh	Low
Product	pom	groupid	org.xmlresolver	Highest
Product	pom	name	XML Resolver	High
Product	pom	url	xmlresolver/xmlresolver	High
Version	file	version	5.2.2	High
Version	Manifest	Implementation-Version	5.2.2	High
Version	pom	version	5.2.2	Highest

Identifiers

pkg:maven/org.xmlresolver/xmlresolver@5.2.2 (Confidence:High)

How to read the report | Suppressing false positives | Getting Help: github issues Sponsor

Project: spotbugs-maven-plugin

com.github.spotbugs:spotbugs-maven-plugin:4.8.4.0

Summary

Dependencies (vulnerable)

Saxon-HE-12.4.jar

Evidence

Identifiers

ant-1.10.14.jar

Evidence

Related Dependencies

Identifiers

aopalliance-1.0.jar

Evidence

Identifiers

asm-9.7.jar

Evidence

Identifiers

asm-analysis-9.7.jar

Evidence

Identifiers

asm-commons-9.7.jar

Evidence

Identifiers

asm-tree-9.7.jar

Evidence

Identifiers

asm-util-9.7.jar

Evidence

Identifiers

bcel-6.8.2.jar

Evidence

Identifiers

checker-qual-3.42.0.jar

Evidence

Identifiers

commons-beanutils-1.9.4.jar

Evidence

Identifiers

commons-chain-1.2.jar

Evidence

Identifiers

commons-codec-1.16.1.jar

Evidence

Identifiers

commons-collections-3.2.2.jar

Evidence

Identifiers

commons-digester-2.1.jar

Evidence

Identifiers

commons-io-2.16.1.jar

Evidence

Identifiers

commons-lang-2.6.jar

Evidence

Identifiers

commons-lang3-3.14.0.jar

Evidence

Identifiers

commons-text-1.10.0.jar

Evidence

Identifiers

dom4j-2.1.4.jar

Evidence

Identifiers

doxia-core-1.12.0.jar

Evidence

Identifiers

doxia-decoration-model-1.11.1.jar

Evidence

Identifiers

doxia-integration-tools-1.11.1.jar

Evidence

Identifiers

doxia-logging-api-1.12.0.jar

Evidence

Identifiers

doxia-module-xhtml-1.11.1.jar

Evidence

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor