Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 5.2.1
Report Generated On: Tue, 24 Sep 2019 22:05:08 -0700
Dependencies Scanned: 4 (4 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD CVE Checked: 2019-09-24T22:00:09
NVD CVE Modified: 2019-09-24T17:02:28
VersionCheckOn: 2019-09-24T22:00:09

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Package	Evidence Count
aopalliance-1.0.jar	pkg:maven/aopalliance/aopalliance@1.0	19
junit-4.12.jar	pkg:maven/junit/junit@4.12	24
hamcrest-core-1.3.jar	pkg:maven/org.hamcrest/hamcrest-core@1.3	26
slf4j-api-1.7.28.jar	pkg:maven/org.slf4j/slf4j-api@1.7.28	29

Dependencies

aopalliance-1.0.jar

Description:

AOP Alliance

License:

Public Domain

File Path: /Users/rexhoffman/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar
MD5: 04177054e180d09e3998808efa0401c7
SHA1: 0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8
SHA256:0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08
Referenced In Project/Scope:AdvisedCore:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	aopalliance	Low
Vendor	jar	package name	aopalliance	Low
Vendor	jar	package name	aop	Highest
Vendor	pom	groupid	aopalliance	Highest
Vendor	file	name	aopalliance	High
Vendor	jar	package name	intercept	Low
Vendor	pom	url	http://aopalliance.sourceforge.net	Highest
Vendor	pom	name	AOP alliance	High
Vendor	jar	package name	aopalliance	Highest
Product	pom	url	http://aopalliance.sourceforge.net	Medium
Product	jar	package name	aop	Highest
Product	file	name	aopalliance	High
Product	jar	package name	intercept	Low
Product	pom	artifactid	aopalliance	Highest
Product	pom	groupid	aopalliance	Low
Product	pom	name	AOP alliance	High
Product	jar	package name	aopalliance	Highest
Version	pom	version	1.0	Highest
Version	file	version	1.0	Highest

Identifiers

pkg:maven/aopalliance/aopalliance@1.0 (Confidence:High)

junit-4.12.jar

Description:

JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html

File Path: /Users/rexhoffman/.m2/repository/junit/junit/4.12/junit-4.12.jar
MD5: 5b38c40c97fbd0adee29f91e60405584
SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec
SHA256:59721f0805e223d84b90677887d9ff567dc534d7c502ca903c0c2b17f05c116a
Referenced In Project/Scope:AdvisedCore:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	organization name	JUnit	High
Vendor	pom	url	http://junit.org	Highest
Vendor	Manifest	Implementation-Vendor-Id	junit	Medium
Vendor	Manifest	Implementation-Vendor	JUnit	High
Vendor	pom	groupid	junit	Highest
Vendor	jar	package name	junit	Highest
Vendor	pom	organization url	http://www.junit.org	Medium
Vendor	pom	name	JUnit	High
Vendor	file	name	junit	High
Vendor	pom	artifactid	junit	Low
Vendor	jar	package name	framework	Highest
Product	pom	groupid	junit	Low
Product	pom	url	http://junit.org	Medium
Product	pom	organization name	JUnit	Low
Product	pom	organization url	http://www.junit.org	Low
Product	jar	package name	junit	Highest
Product	pom	name	JUnit	High
Product	pom	artifactid	junit	Highest
Product	file	name	junit	High
Product	Manifest	Implementation-Title	JUnit	High
Product	jar	package name	framework	Highest
Version	Manifest	Implementation-Version	4.12	High
Version	pom	version	4.12	Highest
Version	file	version	4.12	Highest

Identifiers

pkg:maven/junit/junit@4.12 (Confidence:High)

hamcrest-core-1.3.jar

Description:

    This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: /Users/rexhoffman/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
SHA256:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9
Referenced In Project/Scope:AdvisedCore:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	core	Highest
Vendor	file	name	hamcrest-core	High
Vendor	jar	package name	matcher	Highest
Vendor	pom	artifactid	hamcrest-core	Low
Vendor	pom	groupid	org.hamcrest	Highest
Vendor	jar	package name	hamcrest	Highest
Vendor	pom	parent-artifactid	hamcrest-parent	Low
Vendor	Manifest	Implementation-Vendor	hamcrest.org	High
Vendor	pom	parent-groupid	org.hamcrest	Medium
Vendor	pom	name	Hamcrest Core	High
Vendor	Manifest	built-date	2012-07-09 19:49:34	Low
Vendor	pom	groupid	hamcrest	Highest
Product	jar	package name	core	Highest
Product	pom	parent-artifactid	hamcrest-parent	Medium
Product	file	name	hamcrest-core	High
Product	jar	package name	matcher	Highest
Product	pom	groupid	hamcrest	Low
Product	pom	name	Hamcrest Core	High
Product	Manifest	Implementation-Title	hamcrest-core	High
Product	pom	parent-groupid	org.hamcrest	Low
Product	Manifest	built-date	2012-07-09 19:49:34	Low
Product	pom	artifactid	hamcrest-core	Highest
Product	jar	package name	hamcrest	Highest
Version	pom	version	1.3	Highest
Version	file	version	1.3	Highest
Version	Manifest	Implementation-Version	1.3	High

Identifiers

pkg:maven/org.hamcrest/hamcrest-core@1.3 (Confidence:High)

slf4j-api-1.7.28.jar

Description:

The slf4j API

File Path: /Users/rexhoffman/.m2/repository/org/slf4j/slf4j-api/1.7.28/slf4j-api-1.7.28.jar
MD5: 1468c816e659d8013027d912863dc865
SHA1: 2cd9b264f76e3d087ee21bfc99305928e1bdb443
SHA256:fb6e4f67a2a4689e3e713584db17a5d1090c1ebe6eec30e9e0349a6ee118141e
Referenced In Project/Scope:AdvisedCore:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	slf4j	Highest
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	file	name	slf4j-api	High
Vendor	pom	parent-groupid	org.slf4j	Medium
Vendor	pom	groupid	slf4j	Highest
Vendor	pom	url	http://www.slf4j.org	Highest
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	pom	name	SLF4J API Module	High
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	artifactid	slf4j-api	Low
Vendor	Manifest	bundle-symbolicname	slf4j.api	Medium
Vendor	Manifest	automatic-module-name	org.slf4j	Medium
Product	jar	package name	slf4j	Highest
Product	pom	parent-groupid	org.slf4j	Low
Product	file	name	slf4j-api	High
Product	Manifest	Implementation-Title	slf4j-api	High
Product	pom	artifactid	slf4j-api	Highest
Product	pom	url	http://www.slf4j.org	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	Bundle-Name	slf4j-api	Medium
Product	pom	name	SLF4J API Module	High
Product	Manifest	bundle-symbolicname	slf4j.api	Medium
Product	pom	groupid	slf4j	Low
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	Manifest	automatic-module-name	org.slf4j	Medium
Version	Manifest	Implementation-Version	1.7.28	High
Version	pom	version	1.7.28	Highest
Version	Manifest	Bundle-Version	1.7.28	High
Version	file	version	1.7.28	Highest

Identifiers

pkg:maven/org.slf4j/slf4j-api@1.7.28 (Confidence:High)

How to read the report | Suppressing false positives | Getting Help: github issues

Project: AdvisedCore

com.github.advisedtesting:AdvisedCore:1.3.1

Summary

Dependencies

aopalliance-1.0.jar

Evidence

Identifiers

junit-4.12.jar

Evidence

Identifiers

hamcrest-core-1.3.jar

Evidence

Identifiers

slf4j-api-1.7.28.jar

Evidence

Identifiers