Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 12.2.0
Report Generated On: Mon, 6 Apr 2026 14:34:25 GMT
Dependencies Scanned: 72 (51 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD API Last Checked: 2026-04-06T14:34:13Z
NVD API Last Modified: 2026-04-06T14:30:17Z

Summary

Summary of Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Confidence	Evidence Count
amqp-client-5.29.0.jar		pkg:maven/com.rabbitmq/amqp-client@5.29.0		48
antlr4-runtime-4.13.2.jar		pkg:maven/org.antlr/antlr4-runtime@4.13.2		30
checker-qual-3.55.1.jar		pkg:maven/org.checkerframework/checker-qual@3.55.1		44
commons-logging-1.3.5.jar		pkg:maven/commons-logging/commons-logging@1.3.5		129
error_prone_annotations-2.41.0.jar		pkg:maven/com.google.errorprone/error_prone_annotations@2.41.0		29
gson-2.13.2.jar	cpe:2.3:a:google:gson:2.13.2:::::::*	pkg:maven/com.google.code.gson/gson@2.13.2	Highest	31
jackson-annotations-2.21.jar	cpe:2.3:a:fasterxml:jackson-core:2.21:::::::* cpe:2.3:a:fasterxml:jackson-modules-java8:2.21:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.21	Highest	36
jackson-core-2.21.2.jar	cpe:2.3:a:fasterxml:jackson-core:2.21.2:::::::* cpe:2.3:a:fasterxml:jackson-modules-java8:2.21.2:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-core@2.21.2	Highest	47
jackson-databind-2.21.2.jar	cpe:2.3:a:fasterxml:jackson-core:2.21.2:::::::* cpe:2.3:a:fasterxml:jackson-databind:2.21.2:::::::* cpe:2.3:a:fasterxml:jackson-modules-java8:2.21.2:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.21.2	Highest	41
jackson-jakarta-rs-base-2.21.2.jar		pkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-base@2.21.2		38
jackson-jakarta-rs-json-provider-2.21.2.jar		pkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider@2.21.2		38
jackson-module-jakarta-xmlbind-annotations-2.21.2.jar		pkg:maven/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations@2.21.2		39
jakarta.activation-api-2.1.3.jar		pkg:maven/jakarta.activation/jakarta.activation-api@2.1.3		45
jakarta.annotation-api-3.0.0.jar	cpe:2.3:a:oracle:projects:3.0.0:::::::*	pkg:maven/jakarta.annotation/jakarta.annotation-api@3.0.0	Low	42
jakarta.persistence-api-3.2.0.jar		pkg:maven/jakarta.persistence/jakarta.persistence-api@3.2.0		40
jakarta.servlet-api-6.1.0.jar	cpe:2.3:a:oracle:projects:6.1.0:::::::*	pkg:maven/jakarta.servlet/jakarta.servlet-api@6.1.0	Low	44
jakarta.ws.rs-api-4.0.0.jar		pkg:maven/jakarta.ws.rs/jakarta.ws.rs-api@4.0.0		33
jakarta.xml.bind-api-4.0.5.jar		pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.5		31
jspecify-1.0.0.jar		pkg:maven/org.jspecify/jspecify@1.0.0		32
jsr305-3.0.2.jar		pkg:maven/com.google.code.findbugs/jsr305@3.0.2		17
kafka-clients-4.1.1.jar	cpe:2.3:a:apache:kafka:4.1.1:::::::*	pkg:maven/org.apache.kafka/kafka-clients@4.1.1	Highest	24
log4j-core-2.25.4.jar	cpe:2.3:a:apache:log4j:2.25.4:::::::*	pkg:maven/org.apache.logging.log4j/log4j-core@2.25.4	Highest	42
logback-core-1.5.32.jar	cpe:2.3:a:qos:logback:1.5.32:::::::*	pkg:maven/ch.qos.logback/logback-core@1.5.32	Highest	39
lombok-1.18.44.jar		pkg:maven/org.projectlombok/lombok@1.18.44		36
lombok-1.18.44.jar: mavenEcjBootstrapAgent.jar				7
lz4-java-1.8.0.jar		pkg:maven/org.lz4/lz4-java@1.8.0		37
markdown4j-2.2-cj-1.1.jar		pkg:maven/org.commonjava.googlecode.markdown4j/markdown4j@2.2-cj-1.1		22
micrometer-commons-1.16.4.jar		pkg:maven/io.micrometer/micrometer-commons@1.16.4		65
micrometer-observation-1.16.4.jar		pkg:maven/io.micrometer/micrometer-observation@1.16.4		65
netty-codec-protobuf-4.2.10.Final.jar	cpe:2.3:a:netty:netty:4.2.10:::::::* cpe:2.3:a:protobuf:protobuf:4.2.10:::::::*	pkg:maven/io.netty/netty-codec-protobuf@4.2.10.Final	Highest	37
netty-common-4.2.10.Final.jar (shaded: org.jctools:jctools-core:4.0.5)		pkg:maven/org.jctools/jctools-core@4.0.5		9
netty-transport-4.2.10.Final.jar	cpe:2.3:a:netty:netty:4.2.10:::::::*	pkg:maven/io.netty/netty-transport@4.2.10.Final	Highest	35
org.eclipse.sisu.plexus-0.9.0.M4.jar		pkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.9.0.M4		31
org.osgi.annotation.versioning-1.1.2.jar		pkg:maven/org.osgi/org.osgi.annotation.versioning@1.1.2		47
slf4j-api-2.0.17.jar		pkg:maven/org.slf4j/slf4j-api@2.0.17		29
snappy-java-1.1.10.7.jar	cpe:2.3:a:xerial:snappy-java:1.1.10.7:::::::*	pkg:maven/org.xerial.snappy/snappy-java@1.1.10.7	Highest	44
snappy-java-1.1.10.7.jar: snappyjava.dll				2
snappy-java-1.1.10.7.jar: snappyjava.dll				2
snappy-java-1.1.10.7.jar: snappyjava.dll				2
spotbugs-annotations-4.9.8.jar		pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8		53
spring-core-7.0.6.jar	cpe:2.3:a:pivotal_software:spring_framework:7.0.6:::::::* cpe:2.3:a:springsource:spring_framework:7.0.6:::::::* cpe:2.3:a:vmware:spring_framework:7.0.6:::::::*	pkg:maven/org.springframework/spring-core@7.0.6	Highest	41
spring-data-commons-4.0.4.jar	cpe:2.3:a:pivotal_software:spring_data_commons:4.0.4:::::::*	pkg:maven/org.springframework.data/spring-data-commons@4.0.4	Highest	32
spring-data-jpa-4.0.4.jar	cpe:2.3:a:pivotal_software:spring_data_jpa:4.0.4:::::::*	pkg:maven/org.springframework.data/spring-data-jpa@4.0.4	Highest	30
spring-kafka-4.0.4.jar		pkg:maven/org.springframework.kafka/spring-kafka@4.0.4		52
spring-security-core-7.0.4.jar	cpe:2.3:a:pivotal_software:spring_security:7.0.4:::::::* cpe:2.3:a:vmware:spring_security:7.0.4:::::::*	pkg:maven/org.springframework.security/spring-security-core@7.0.4	Highest	38
tomcat-jdbc-11.0.21.jar		pkg:maven/org.apache.tomcat/tomcat-jdbc@11.0.21		23
tomcat-juli-11.0.21.jar		pkg:maven/org.apache.tomcat/tomcat-juli@11.0.21		26
zstd-jni-1.5.6-10.jar		pkg:maven/com.github.luben/zstd-jni@1.5.6-10		41
zstd-jni-1.5.6-10.jar: libzstd-jni-1.5.6-10.dll				4
zstd-jni-1.5.6-10.jar: libzstd-jni-1.5.6-10.dll				4
zstd-jni-1.5.6-10.jar: libzstd-jni-1.5.6-10.dll				4

Dependencies (vulnerable)

amqp-client-5.29.0.jar

Description:

The RabbitMQ Java client library allows Java applications to interface with RabbitMQ.

License:

AL 2.0: https://www.apache.org/licenses/LICENSE-2.0.html
GPL v2: https://www.gnu.org/licenses/gpl-2.0.txt
MPL 2.0: https://www.mozilla.org/en-US/MPL/2.0/

File Path: /home/runner/.m2/repository/com/rabbitmq/amqp-client/5.29.0/amqp-client-5.29.0.jar
MD5: b27127649995158c2872546ec87a257a
SHA1: 2fddf9370f5e56407d38b63d8fb812c0968b9769
SHA256:a0b3892fe56c9fab7fd5a82943003cfe0b1c7c2d5385129f404ae11889c19215
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	amqp-client	High
Vendor	jar	package name	amqp	Highest
Vendor	jar	package name	client	Highest
Vendor	jar	package name	rabbitmq	Highest
Vendor	Manifest	automatic-module-name	com.rabbitmq.client	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://www.rabbitmq.com	Low
Vendor	Manifest	bundle-symbolicname	com.rabbitmq.client	Medium
Vendor	Manifest	implementation-url	https://www.rabbitmq.com	Low
Vendor	Manifest	Implementation-Vendor	Broadcom Inc. and its subsidiaries.	High
Vendor	Manifest	specification-vendor	AMQP Working Group (www.amqp.org)	Low
Vendor	pom	artifactid	amqp-client	Highest
Vendor	pom	artifactid	amqp-client	Low
Vendor	pom	developer email	info@rabbitmq.com	Low
Vendor	pom	developer name	Team RabbitMQ	Medium
Vendor	pom	developer org	Broadcom Inc. and its subsidiaries.	Medium
Vendor	pom	developer org URL	https://rabbitmq.com	Medium
Vendor	pom	groupid	com.rabbitmq	Highest
Vendor	pom	name	RabbitMQ Java Client	High
Vendor	pom	organization name	Broadcom Inc. and its subsidiaries.	High
Vendor	pom	organization url	https://www.rabbitmq.com	Medium
Vendor	pom	url	https://www.rabbitmq.com	Highest
Product	file	name	amqp-client	High
Product	jar	package name	amqp	Highest
Product	jar	package name	client	Highest
Product	jar	package name	rabbitmq	Highest
Product	Manifest	automatic-module-name	com.rabbitmq.client	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://www.rabbitmq.com	Low
Product	Manifest	Bundle-Name	RabbitMQ Java Client	Medium
Product	Manifest	bundle-symbolicname	com.rabbitmq.client	Medium
Product	Manifest	Implementation-Title	RabbitMQ Java Client	High
Product	Manifest	implementation-url	https://www.rabbitmq.com	Low
Product	Manifest	specification-title	AMQP	Medium
Product	pom	artifactid	amqp-client	Highest
Product	pom	developer email	info@rabbitmq.com	Low
Product	pom	developer name	Team RabbitMQ	Low
Product	pom	developer org	Broadcom Inc. and its subsidiaries.	Low
Product	pom	developer org URL	https://rabbitmq.com	Low
Product	pom	groupid	com.rabbitmq	Highest
Product	pom	name	RabbitMQ Java Client	High
Product	pom	organization name	Broadcom Inc. and its subsidiaries.	Low
Product	pom	organization url	https://www.rabbitmq.com	Low
Product	pom	url	https://www.rabbitmq.com	Medium
Version	file	version	5.29.0	High
Version	Manifest	Bundle-Version	5.29.0	High
Version	Manifest	Implementation-Version	5.29.0	High
Version	pom	version	5.29.0	Highest

Identifiers

pkg:maven/com.rabbitmq/amqp-client@5.29.0 (Confidence:High)

antlr4-runtime-4.13.2.jar

Description:

The ANTLR 4 Runtime

License:

https://www.antlr.org/license.html

File Path: /home/runner/.m2/repository/org/antlr/antlr4-runtime/4.13.2/antlr4-runtime-4.13.2.jar
MD5: eecf1908f0cfff10f8bb82878b5ca401
SHA1: fc3db6d844df652a3d5db31c87fa12757f13691d
SHA256:dd3e8a13a2d669bf84fb8d834de35ce4875f27157698d206241ec8488aadcaf7
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/org.springframework.data/spring-data-jpa@4.0.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	antlr4-runtime	High
Vendor	jar	package name	antlr	Highest
Vendor	jar	package name	runtime	Highest
Vendor	Manifest	automatic-module-name	org.antlr.antlr4.runtime	Medium
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://www.antlr.org/	Low
Vendor	Manifest	bundle-symbolicname	org.antlr.antlr4-runtime	Medium
Vendor	Manifest	Implementation-Vendor	ANTLR	High
Vendor	pom	artifactid	antlr4-runtime	Highest
Vendor	pom	artifactid	antlr4-runtime	Low
Vendor	pom	groupid	org.antlr	Highest
Vendor	pom	name	ANTLR 4 Runtime	High
Vendor	pom	parent-artifactid	antlr4-master	Low
Product	file	name	antlr4-runtime	High
Product	jar	package name	antlr	Highest
Product	jar	package name	runtime	Highest
Product	Manifest	automatic-module-name	org.antlr.antlr4.runtime	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://www.antlr.org/	Low
Product	Manifest	Bundle-Name	ANTLR 4 Runtime	Medium
Product	Manifest	bundle-symbolicname	org.antlr.antlr4-runtime	Medium
Product	Manifest	Implementation-Title	ANTLR 4 Runtime	High
Product	pom	artifactid	antlr4-runtime	Highest
Product	pom	groupid	org.antlr	Highest
Product	pom	name	ANTLR 4 Runtime	High
Product	pom	parent-artifactid	antlr4-master	Medium
Version	file	version	4.13.2	High
Version	Manifest	Bundle-Version	4.13.2	High
Version	Manifest	Implementation-Version	4.13.2	High
Version	pom	version	4.13.2	Highest

Identifiers

pkg:maven/org.antlr/antlr4-runtime@4.13.2 (Confidence:High)

checker-qual-3.55.1.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: https://opensource.org/licenses/MIT

File Path: /home/runner/.m2/repository/org/checkerframework/checker-qual/3.55.1/checker-qual-3.55.1.jar
MD5: 05361199dc29af8334d1405f28b83109
SHA1: 3d40699936a66b2d4c1f759f2f1a0446c8cf64fc
SHA256:857658c8bdcbff794949a8d9922f88d63ee3751c203c7cd7d21ea97f9e745288
Referenced In Project/Scope: RealLifeDeveloper Common:provided
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	checker-qual	High
Vendor	jar	package name	checker	Highest
Vendor	jar	package name	checkerframework	Highest
Vendor	jar	package name	framework	Highest
Vendor	jar	package name	qual	Highest
Vendor	Manifest	bundle-symbolicname	checker-qual	Medium
Vendor	Manifest	implementation-url	https://checkerframework.org	Low
Vendor	pom	artifactid	checker-qual	Highest
Vendor	pom	artifactid	checker-qual	Low
Vendor	pom	developer email	mernst@cs.washington.edu	Low
Vendor	pom	developer email	smillst@cs.washington.edu	Low
Vendor	pom	developer id	mernst	Medium
Vendor	pom	developer id	smillst	Medium
Vendor	pom	developer name	Michael Ernst	Medium
Vendor	pom	developer name	Suzanne Millstein	Medium
Vendor	pom	developer org	University of Washington	Medium
Vendor	pom	developer org URL	https://www.cs.washington.edu/	Medium
Vendor	pom	groupid	org.checkerframework	Highest
Vendor	pom	name	Checker Qual	High
Vendor	pom	url	https://checkerframework.org/	Highest
Product	file	name	checker-qual	High
Product	jar	package name	checker	Highest
Product	jar	package name	checkerframework	Highest
Product	jar	package name	framework	Highest
Product	jar	package name	qual	Highest
Product	Manifest	Bundle-Name	checker-qual	Medium
Product	Manifest	bundle-symbolicname	checker-qual	Medium
Product	Manifest	implementation-url	https://checkerframework.org	Low
Product	pom	artifactid	checker-qual	Highest
Product	pom	developer email	mernst@cs.washington.edu	Low
Product	pom	developer email	smillst@cs.washington.edu	Low
Product	pom	developer id	mernst	Low
Product	pom	developer id	smillst	Low
Product	pom	developer name	Michael Ernst	Low
Product	pom	developer name	Suzanne Millstein	Low
Product	pom	developer org	University of Washington	Low
Product	pom	developer org URL	https://www.cs.washington.edu/	Low
Product	pom	groupid	org.checkerframework	Highest
Product	pom	name	Checker Qual	High
Product	pom	url	https://checkerframework.org/	Medium
Version	file	version	3.55.1	High
Version	Manifest	Bundle-Version	3.55.1	High
Version	Manifest	Implementation-Version	3.55.1	High
Version	pom	version	3.55.1	Highest

Identifiers

pkg:maven/org.checkerframework/checker-qual@3.55.1 (Confidence:High)

commons-logging-1.3.5.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well-known logging systems.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/commons-logging/commons-logging/1.3.5/commons-logging-1.3.5.jar
MD5: 9ca067b073153c86c2da350c0f2cdf70
SHA1: a3fcc5d3c29b2b03433aa2d2f2d2c1b1638924a1
SHA256:6d7a744e4027649fbb50895df9497d109f98c766a637062fe8d2eabbb3140ba4
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/org.springframework/spring-context@7.0.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-logging	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	logging	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.logging	Medium
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-logging/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-logging	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-logging	Highest
Vendor	pom	artifactid	commons-logging	Low
Vendor	pom	developer email	baliuka@apache.org	Low
Vendor	pom	developer email	costin@apache.org	Low
Vendor	pom	developer email	craigmcc@apache.org	Low
Vendor	pom	developer email	dennisl@apache.org	Low
Vendor	pom	developer email	donaldp@apache.org	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	morgand@apache.org	Low
Vendor	pom	developer email	rdonkin@apache.org	Low
Vendor	pom	developer email	rsitze@apache.org	Low
Vendor	pom	developer email	rwaldhoff@apache.org	Low
Vendor	pom	developer email	sanders@apache.org	Low
Vendor	pom	developer email	skitching@apache.org	Low
Vendor	pom	developer email	tn@apache.org	Low
Vendor	pom	developer id	baliuka	Medium
Vendor	pom	developer id	bstansberry	Medium
Vendor	pom	developer id	costin	Medium
Vendor	pom	developer id	craigmcc	Medium
Vendor	pom	developer id	dennisl	Medium
Vendor	pom	developer id	donaldp	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	morgand	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	rsitze	Medium
Vendor	pom	developer id	rwaldhoff	Medium
Vendor	pom	developer id	sanders	Medium
Vendor	pom	developer id	skitching	Medium
Vendor	pom	developer id	tn	Medium
Vendor	pom	developer name	Brian Stansberry	Medium
Vendor	pom	developer name	Costin Manolache	Medium
Vendor	pom	developer name	Craig McClanahan	Medium
Vendor	pom	developer name	Dennis Lundberg	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Juozas Baliuka	Medium
Vendor	pom	developer name	Morgan Delagrange	Medium
Vendor	pom	developer name	Peter Donald	Medium
Vendor	pom	developer name	Richard Sitze	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Rodney Waldhoff	Medium
Vendor	pom	developer name	Scott Sanders	Medium
Vendor	pom	developer name	Simon Kitching	Medium
Vendor	pom	developer name	Thomas Neidhart	Medium
Vendor	pom	developer org	Apache	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	commons-logging	Highest
Vendor	pom	name	Apache Commons Logging	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	https://commons.apache.org/proper/commons-logging/	Highest
Product	file	name	commons-logging	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	logging	Highest
Product	Manifest	automatic-module-name	org.apache.commons.logging	Medium
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-logging/	Low
Product	Manifest	Bundle-Name	Apache Commons Logging	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-logging	Medium
Product	Manifest	Implementation-Title	Apache Commons Logging	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Apache Commons Logging	Medium
Product	pom	artifactid	commons-logging	Highest
Product	pom	developer email	baliuka@apache.org	Low
Product	pom	developer email	costin@apache.org	Low
Product	pom	developer email	craigmcc@apache.org	Low
Product	pom	developer email	dennisl@apache.org	Low
Product	pom	developer email	donaldp@apache.org	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	morgand@apache.org	Low
Product	pom	developer email	rdonkin@apache.org	Low
Product	pom	developer email	rsitze@apache.org	Low
Product	pom	developer email	rwaldhoff@apache.org	Low
Product	pom	developer email	sanders@apache.org	Low
Product	pom	developer email	skitching@apache.org	Low
Product	pom	developer email	tn@apache.org	Low
Product	pom	developer id	baliuka	Low
Product	pom	developer id	bstansberry	Low
Product	pom	developer id	costin	Low
Product	pom	developer id	craigmcc	Low
Product	pom	developer id	dennisl	Low
Product	pom	developer id	donaldp	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	morgand	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	rsitze	Low
Product	pom	developer id	rwaldhoff	Low
Product	pom	developer id	sanders	Low
Product	pom	developer id	skitching	Low
Product	pom	developer id	tn	Low
Product	pom	developer name	Brian Stansberry	Low
Product	pom	developer name	Costin Manolache	Low
Product	pom	developer name	Craig McClanahan	Low
Product	pom	developer name	Dennis Lundberg	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Juozas Baliuka	Low
Product	pom	developer name	Morgan Delagrange	Low
Product	pom	developer name	Peter Donald	Low
Product	pom	developer name	Richard Sitze	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Rodney Waldhoff	Low
Product	pom	developer name	Scott Sanders	Low
Product	pom	developer name	Simon Kitching	Low
Product	pom	developer name	Thomas Neidhart	Low
Product	pom	developer org	Apache	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	commons-logging	Highest
Product	pom	name	Apache Commons Logging	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	https://commons.apache.org/proper/commons-logging/	Medium
Version	file	version	1.3.5	High
Version	Manifest	Bundle-Version	1.3.5	High
Version	Manifest	Implementation-Version	1.3.5	High
Version	pom	parent-version	1.3.5	Low
Version	pom	version	1.3.5	Highest

Identifiers

pkg:maven/commons-logging/commons-logging@1.3.5 (Confidence:High)

error_prone_annotations-2.41.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/google/errorprone/error_prone_annotations/2.41.0/error_prone_annotations-2.41.0.jar
MD5: 75e3b25da8b8a2136463c4674f5e49bf
SHA1: 4381275efdef6ddfae38f002c31e84cd001c97f0
SHA256:a56e782b5b50811ac204073a355a21d915a2107fce13ec711331ad036f660fcc
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.google.code.gson/gson@2.13.2

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	error_prone_annotations	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	errorprone	Highest
Vendor	jar	package name	google	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-docurl	https://errorprone.info/error_prone_annotations	Low
Vendor	Manifest	bundle-symbolicname	com.google.errorprone.annotations	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	error_prone_annotations	Highest
Vendor	pom	artifactid	error_prone_annotations	Low
Vendor	pom	groupid	com.google.errorprone	Highest
Vendor	pom	name	error-prone annotations	High
Vendor	pom	parent-artifactid	error_prone_parent	Low
Product	file	name	error_prone_annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	errorprone	Highest
Product	jar	package name	google	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-docurl	https://errorprone.info/error_prone_annotations	Low
Product	Manifest	Bundle-Name	error-prone annotations	Medium
Product	Manifest	bundle-symbolicname	com.google.errorprone.annotations	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	error_prone_annotations	Highest
Product	pom	groupid	com.google.errorprone	Highest
Product	pom	name	error-prone annotations	High
Product	pom	parent-artifactid	error_prone_parent	Medium
Version	file	version	2.41.0	High
Version	Manifest	Bundle-Version	2.41.0	High
Version	pom	version	2.41.0	Highest

Identifiers

pkg:maven/com.google.errorprone/error_prone_annotations@2.41.0 (Confidence:High)

gson-2.13.2.jar

Description:

Gson JSON library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/google/code/gson/gson/2.13.2/gson-2.13.2.jar
MD5: a2c47e14ce5e956105458fe455f5d542
SHA1: 48b8230771e573b54ce6e867a9001e75977fe78e
SHA256:dd0ce1b55a3ed2080cb70f9c655850cda86c206862310009dcb5e5c95265a5e0
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	gson	High
Vendor	jar	package name	google	Highest
Vendor	jar	package name	gson	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Vendor	Manifest	bundle-developers	google;organization=Google;organizationUrl="https://www.google.com"	Low
Vendor	Manifest	bundle-docurl	https://github.com/google/gson	Low
Vendor	Manifest	bundle-symbolicname	com.google.gson	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	gson	Highest
Vendor	pom	artifactid	gson	Low
Vendor	pom	groupid	com.google.code.gson	Highest
Vendor	pom	name	Gson	High
Vendor	pom	parent-artifactid	gson-parent	Low
Product	file	name	gson	High
Product	jar	package name	google	Highest
Product	jar	package name	gson	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-contactaddress	https://github.com/google/gson	Low
Product	Manifest	bundle-developers	google;organization=Google;organizationUrl="https://www.google.com"	Low
Product	Manifest	bundle-docurl	https://github.com/google/gson	Low
Product	Manifest	Bundle-Name	Gson	Medium
Product	Manifest	bundle-symbolicname	com.google.gson	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	gson	Highest
Product	pom	groupid	com.google.code.gson	Highest
Product	pom	name	Gson	High
Product	pom	parent-artifactid	gson-parent	Medium
Version	file	version	2.13.2	High
Version	Manifest	Bundle-Version	2.13.2	High
Version	pom	version	2.13.2	Highest

Identifiers

pkg:maven/com.google.code.gson/gson@2.13.2 (Confidence:High)
cpe:2.3:a:google:gson:2.13.2:*:*:*:*:*:*:* (Confidence:Highest)

jackson-annotations-2.21.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.21/jackson-annotations-2.21.jar
MD5: e0d0c3e7300954f73e43c67d933aaea4
SHA1: b1bc1868bf02dc0bd6c7836257a036a331005309
SHA256:53ca085f4a150f703f49e1aabd935bd03b43e1ea3d55d135438292af22cef56b
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider@2.21.2

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-annotations	High
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-annotations	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-annotations	Highest
Vendor	pom	artifactid	jackson-annotations	Low
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	name	Jackson-annotations	High
Vendor	pom	parent-artifactid	jackson-parent	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	url	FasterXML/jackson	Highest
Product	file	name	jackson-annotations	High
Product	hint analyzer	product	java8	Highest
Product	hint analyzer	product	modules	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Product	Manifest	Bundle-Name	Jackson-annotations	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-annotations	Medium
Product	Manifest	Implementation-Title	Jackson-annotations	High
Product	Manifest	specification-title	Jackson-annotations	Medium
Product	pom	artifactid	jackson-annotations	Highest
Product	pom	groupid	com.fasterxml.jackson.core	Highest
Product	pom	name	Jackson-annotations	High
Product	pom	parent-artifactid	jackson-parent	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	url	FasterXML/jackson	High
Version	file	version	2.21	High
Version	Manifest	Implementation-Version	2.21	High
Version	pom	version	2.21	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.21 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-core:2.21:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.21:*:*:*:*:*:*:* (Confidence:Low)

jackson-core-2.21.2.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.21.2/jackson-core-2.21.2.jar
MD5: b62c1031b5f38fc58158fc0c559980cb
SHA1: 7d11eac823392f28d8ee7bda77eaadfccbab83e5
SHA256:12e8655b100267b44d0f14d01b1f5082a5105e616174dc4307be1a761e92407b
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider@2.21.2

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-core	High
Vendor	jar	package name	base	Highest
Vendor	jar	package name	com	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	jar	package name	json	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-core	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-core	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-core	Highest
Vendor	pom	artifactid	jackson-core	Low
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	name	Jackson-core	High
Vendor	pom	parent-artifactid	jackson-base	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	url	FasterXML/jackson-core	Highest
Product	file	name	jackson-core	High
Product	hint analyzer	product	java8	Highest
Product	hint analyzer	product	modules	Highest
Product	jar	package name	base	Highest
Product	jar	package name	com	Highest
Product	jar	package name	core	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	jar	package name	json	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-core	Low
Product	Manifest	Bundle-Name	Jackson-core	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-core	Medium
Product	Manifest	Implementation-Title	Jackson-core	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Jackson-core	Medium
Product	pom	artifactid	jackson-core	Highest
Product	pom	groupid	com.fasterxml.jackson.core	Highest
Product	pom	name	Jackson-core	High
Product	pom	parent-artifactid	jackson-base	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	url	FasterXML/jackson-core	High
Version	file	version	2.21.2	High
Version	Manifest	Bundle-Version	2.21.2	High
Version	Manifest	Implementation-Version	2.21.2	High
Version	pom	version	2.21.2	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-core@2.21.2 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-core:2.21.2:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.21.2:*:*:*:*:*:*:* (Confidence:Low)

jackson-databind-2.21.2.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.21.2/jackson-databind-2.21.2.jar
MD5: add2fbe739574bfd1877c2cca25f46d1
SHA1: 71ab8ff75b4fd74afdee0004173fdd15de1d6a28
SHA256:8c982f01f148d805f0aaac2339011244757e0df7c6ff8951f2fa3f433b8ed849
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider@2.21.2

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-databind	High
Vendor	jar	package name	databind	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-databind	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-databind	Highest
Vendor	pom	artifactid	jackson-databind	Low
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	pom	name	jackson-databind	High
Vendor	pom	parent-artifactid	jackson-base	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	url	FasterXML/jackson	Highest
Product	file	name	jackson-databind	High
Product	hint analyzer	product	java8	Highest
Product	hint analyzer	product	modules	Highest
Product	jar	package name	databind	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson	Low
Product	Manifest	Bundle-Name	jackson-databind	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-databind	Medium
Product	Manifest	Implementation-Title	jackson-databind	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	jackson-databind	Medium
Product	pom	artifactid	jackson-databind	Highest
Product	pom	groupid	com.fasterxml.jackson.core	Highest
Product	pom	name	jackson-databind	High
Product	pom	parent-artifactid	jackson-base	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	pom	url	FasterXML/jackson	High
Version	file	version	2.21.2	High
Version	Manifest	Bundle-Version	2.21.2	High
Version	Manifest	Implementation-Version	2.21.2	High
Version	pom	version	2.21.2	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.21.2 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-core:2.21.2:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:fasterxml:jackson-databind:2.21.2:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.21.2:*:*:*:*:*:*:* (Confidence:Low)

jackson-jakarta-rs-base-2.21.2.jar

Description:

Pile of code that is shared by all Jackson-based Jakarta-RS
providers.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/fasterxml/jackson/jakarta/rs/jackson-jakarta-rs-base/2.21.2/jackson-jakarta-rs-base-2.21.2.jar
MD5: 921e7323bb4e06808d3032e7c39d9e3f
SHA1: c5f8a3841337bb1e4b299042db47ee190c50af27
SHA256:40f4c57a2e6f34505338da188724e7ace7b343dde3964b76a12c993cdedad1af
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider@2.21.2

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-jakarta-rs-base	High
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	jar	package name	jakarta	Highest
Vendor	jar	package name	rs	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-jakarta-rs-providers/jackson-jakarta-rs-base	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.jakarta.rs.jackson-jakarta-rs-base	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.jakarta.rs	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-jakarta-rs-base	Highest
Vendor	pom	artifactid	jackson-jakarta-rs-base	Low
Vendor	pom	groupid	com.fasterxml.jackson.jakarta.rs	Highest
Vendor	pom	name	Jackson Jakarta-RS: base	High
Vendor	pom	parent-artifactid	jackson-jakarta-rs-providers	Low
Product	file	name	jackson-jakarta-rs-base	High
Product	jar	package name	11	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	jar	package name	jakarta	Highest
Product	jar	package name	rs	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-jakarta-rs-providers/jackson-jakarta-rs-base	Low
Product	Manifest	Bundle-Name	Jackson Jakarta-RS: base	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.jakarta.rs.jackson-jakarta-rs-base	Medium
Product	Manifest	Implementation-Title	Jackson Jakarta-RS: base	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Jackson Jakarta-RS: base	Medium
Product	pom	artifactid	jackson-jakarta-rs-base	Highest
Product	pom	groupid	com.fasterxml.jackson.jakarta.rs	Highest
Product	pom	name	Jackson Jakarta-RS: base	High
Product	pom	parent-artifactid	jackson-jakarta-rs-providers	Medium
Version	file	version	2.21.2	High
Version	Manifest	Bundle-Version	2.21.2	High
Version	Manifest	Implementation-Version	2.21.2	High
Version	pom	version	2.21.2	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-base@2.21.2 (Confidence:High)

jackson-jakarta-rs-json-provider-2.21.2.jar

Description:

Functionality to handle JSON input/output for Jakarta-RS implementations
(like Jersey and RESTeasy) using standard Jackson data binding.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/fasterxml/jackson/jakarta/rs/jackson-jakarta-rs-json-provider/2.21.2/jackson-jakarta-rs-json-provider-2.21.2.jar
MD5: 95cb396e6ec79a4215be93442288c2cc
SHA1: 96b5bd6952c19293d103b8c62a4e124ef75125fd
SHA256:ca969ea798efedc4b56589505fab51eb69c11a361b2e7583855593fc8690a666
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-jakarta-rs-json-provider	High
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	jar	package name	jakarta	Highest
Vendor	jar	package name	rs	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-jakarta-rs-providers/jackson-jakarta-rs-json-provider	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.jakarta.rs.jackson-jakarta-rs-json-provider	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.jakarta.rs	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-jakarta-rs-json-provider	Highest
Vendor	pom	artifactid	jackson-jakarta-rs-json-provider	Low
Vendor	pom	groupid	com.fasterxml.jackson.jakarta.rs	Highest
Vendor	pom	name	Jackson Jakarta-RS: JSON	High
Vendor	pom	parent-artifactid	jackson-jakarta-rs-providers	Low
Product	file	name	jackson-jakarta-rs-json-provider	High
Product	jar	package name	11	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	jar	package name	jakarta	Highest
Product	jar	package name	rs	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-jakarta-rs-providers/jackson-jakarta-rs-json-provider	Low
Product	Manifest	Bundle-Name	Jackson Jakarta-RS: JSON	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.jakarta.rs.jackson-jakarta-rs-json-provider	Medium
Product	Manifest	Implementation-Title	Jackson Jakarta-RS: JSON	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Jackson Jakarta-RS: JSON	Medium
Product	pom	artifactid	jackson-jakarta-rs-json-provider	Highest
Product	pom	groupid	com.fasterxml.jackson.jakarta.rs	Highest
Product	pom	name	Jackson Jakarta-RS: JSON	High
Product	pom	parent-artifactid	jackson-jakarta-rs-providers	Medium
Version	file	version	2.21.2	High
Version	Manifest	Bundle-Version	2.21.2	High
Version	Manifest	Implementation-Version	2.21.2	High
Version	pom	version	2.21.2	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider@2.21.2 (Confidence:High)

jackson-module-jakarta-xmlbind-annotations-2.21.2.jar

Description:

Support for using Jakarta XML Bind (aka JAXB 3.0) annotations as an alternative
  to "native" Jackson annotations, for configuring data-binding.

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/fasterxml/jackson/module/jackson-module-jakarta-xmlbind-annotations/2.21.2/jackson-module-jakarta-xmlbind-annotations-2.21.2.jar
MD5: 640a38b3673306b3fbf037531059a5eb
SHA1: b9a345a6e358c02d906735956c7607f58072b963
SHA256:f507551c823b137c8487275fc171652a78a4f083732e349e1d3cb42e568dd7e4
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider@2.21.2

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-module-jakarta-xmlbind-annotations	High
Vendor	jar	package name	fasterxml	Highest
Vendor	jar	package name	jackson	Highest
Vendor	jar	package name	jakarta	Highest
Vendor	jar	package name	module	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-modules-base	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.module.jackson-module-jakarta-xmlbind-annotations	Medium
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.module	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	artifactid	jackson-module-jakarta-xmlbind-annotations	Highest
Vendor	pom	artifactid	jackson-module-jakarta-xmlbind-annotations	Low
Vendor	pom	groupid	com.fasterxml.jackson.module	Highest
Vendor	pom	name	Jackson module: Jakarta XML Bind Annotations (jakarta.xml.bind)	High
Vendor	pom	parent-artifactid	jackson-modules-base	Low
Vendor	pom	url	FasterXML/jackson-modules-base	Highest
Product	file	name	jackson-module-jakarta-xmlbind-annotations	High
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	jar	package name	jakarta	Highest
Product	jar	package name	module	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-modules-base	Low
Product	Manifest	Bundle-Name	Jackson module: Jakarta XML Bind Annotations (jakarta.xml.bind)	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.module.jackson-module-jakarta-xmlbind-annotations	Medium
Product	Manifest	Implementation-Title	Jackson module: Jakarta XML Bind Annotations (jakarta.xml.bind)	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Jackson module: Jakarta XML Bind Annotations (jakarta.xml.bind)	Medium
Product	pom	artifactid	jackson-module-jakarta-xmlbind-annotations	Highest
Product	pom	groupid	com.fasterxml.jackson.module	Highest
Product	pom	name	Jackson module: Jakarta XML Bind Annotations (jakarta.xml.bind)	High
Product	pom	parent-artifactid	jackson-modules-base	Medium
Product	pom	url	FasterXML/jackson-modules-base	High
Version	file	version	2.21.2	High
Version	Manifest	Bundle-Version	2.21.2	High
Version	Manifest	Implementation-Version	2.21.2	High
Version	pom	version	2.21.2	Highest

Identifiers

pkg:maven/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations@2.21.2 (Confidence:High)

jakarta.activation-api-2.1.3.jar

Description:

  Specification

License:

EDL 1.0: http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/runner/.m2/repository/jakarta/activation/jakarta.activation-api/2.1.3/jakarta.activation-api-2.1.3.jar
MD5: 76e7b680375ea9f40f3ddbd702efcd25
SHA1: fa165bd70cda600368eee31555222776a46b881f
SHA256:01b176d718a169263e78290691fc479977186bcc6b333487325084d6586f4627
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider@2.21.2

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.activation-api	High
Vendor	jar	package name	activation	Highest
Vendor	jar	package name	jakarta	Highest
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.activation-api	Medium
Vendor	Manifest	extension-name	jakarta.activation	Medium
Vendor	Manifest	implementation-build-id	7f7d358	Low
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.activation-api	Highest
Vendor	pom	artifactid	jakarta.activation-api	Low
Vendor	pom	developer email	bill.shannon@oracle.com	Low
Vendor	pom	developer id	shannon	Medium
Vendor	pom	developer name	Bill Shannon	Medium
Vendor	pom	developer org	Oracle	Medium
Vendor	pom	groupid	jakarta.activation	Highest
Vendor	pom	name	Jakarta Activation API	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	jakartaee/jaf-api	Highest
Vendor	pom (hint)	developer org	sun	Medium
Product	file	name	jakarta.activation-api	High
Product	jar	package name	activation	Highest
Product	jar	package name	jakarta	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta Activation API	Medium
Product	Manifest	bundle-symbolicname	jakarta.activation-api	Medium
Product	Manifest	extension-name	jakarta.activation	Medium
Product	Manifest	implementation-build-id	7f7d358	Low
Product	Manifest	Implementation-Title	Jakarta Activation API	High
Product	Manifest	specification-title	Jakarta Activation Specification	Medium
Product	pom	artifactid	jakarta.activation-api	Highest
Product	pom	developer email	bill.shannon@oracle.com	Low
Product	pom	developer id	shannon	Low
Product	pom	developer name	Bill Shannon	Low
Product	pom	developer org	Oracle	Low
Product	pom	groupid	jakarta.activation	Highest
Product	pom	name	Jakarta Activation API	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	jakartaee/jaf-api	High
Version	file	version	2.1.3	High
Version	Manifest	Bundle-Version	2.1.3	High
Version	pom	parent-version	2.1.3	Low
Version	pom	version	2.1.3	Highest

Identifiers

pkg:maven/jakarta.activation/jakarta.activation-api@2.1.3 (Confidence:High)

jakarta.annotation-api-3.0.0.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: https://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html

File Path: /home/runner/.m2/repository/jakarta/annotation/jakarta.annotation-api/3.0.0/jakarta.annotation-api-3.0.0.jar
MD5: 7faffaab962918da4cf5ddfd76609dd2
SHA1: 54f928fadec906a99d558536756d171917b9d936
SHA256:b01f55552284cfb149411e64eabca75e942d26d2e1786b32914250e4330afaa2
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/org.springframework.data/spring-data-jpa@4.0.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.annotation-api	High
Vendor	jar	package name	annotation	Highest
Vendor	jar	package name	jakarta	Highest
Vendor	Manifest	build-jdk-spec	18	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.annotation-api	Medium
Vendor	Manifest	extension-name	jakarta.annotation	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.annotation-api	Highest
Vendor	pom	artifactid	jakarta.annotation-api	Low
Vendor	pom	developer name	Dmitry Kornilov	Medium
Vendor	pom	developer name	Linda De Michiel	Medium
Vendor	pom	developer org	Oracle Corp.	Medium
Vendor	pom	groupid	jakarta.annotation	Highest
Vendor	pom	name	Jakarta Annotations API	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	https://projects.eclipse.org/projects/ee4j.ca	Highest
Product	file	name	jakarta.annotation-api	High
Product	jar	package name	annotation	Highest
Product	jar	package name	jakarta	Highest
Product	Manifest	build-jdk-spec	18	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta Annotations API	Medium
Product	Manifest	bundle-symbolicname	jakarta.annotation-api	Medium
Product	Manifest	extension-name	jakarta.annotation	Medium
Product	pom	artifactid	jakarta.annotation-api	Highest
Product	pom	developer name	Dmitry Kornilov	Low
Product	pom	developer name	Linda De Michiel	Low
Product	pom	developer org	Oracle Corp.	Low
Product	pom	groupid	jakarta.annotation	Highest
Product	pom	name	Jakarta Annotations API	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	https://projects.eclipse.org/projects/ee4j.ca	Medium
Version	file	version	3.0.0	High
Version	Manifest	Bundle-Version	3.0.0	High
Version	Manifest	Implementation-Version	3.0.0	High
Version	pom	parent-version	3.0.0	Low
Version	pom	version	3.0.0	Highest

Identifiers

pkg:maven/jakarta.annotation/jakarta.annotation-api@3.0.0 (Confidence:High)
cpe:2.3:a:oracle:projects:3.0.0:*:*:*:*:*:*:* (Confidence:Low)

jakarta.persistence-api-3.2.0.jar

Description:

Jakarta Persistence 3.2 API jar

License:

Eclipse Public License v. 2.0: http://www.eclipse.org/legal/epl-2.0
Eclipse Distribution License v. 1.0: http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/runner/.m2/repository/jakarta/persistence/jakarta.persistence-api/3.2.0/jakarta.persistence-api-3.2.0.jar
MD5: 79acec18d202797dcba1fff596a47684
SHA1: bb75a113f3fa191c2c7ee7b206d8e674251b3129
SHA256:be8a26b0e75c84c1b7600f759256fbc68d60333d89ec0ce3f784fc3ffa09aa8c
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.persistence-api	High
Vendor	jar	package name	jakarta	Highest
Vendor	jar	package name	persistence	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.persistence-api	Medium
Vendor	Manifest	extension-name	jakarta.persistence	Medium
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.persistence-api	Highest
Vendor	pom	artifactid	jakarta.persistence-api	Low
Vendor	pom	developer id	lukasj	Medium
Vendor	pom	developer name	Lukas Jungmann	Medium
Vendor	pom	developer org	Oracle, Inc.	Medium
Vendor	pom	groupid	jakarta.persistence	Highest
Vendor	pom	name	Jakarta Persistence API	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	jakartaee/persistence	Highest
Product	file	name	jakarta.persistence-api	High
Product	jar	package name	jakarta	Highest
Product	jar	package name	persistence	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta Persistence API jar	Medium
Product	Manifest	bundle-symbolicname	jakarta.persistence-api	Medium
Product	Manifest	extension-name	jakarta.persistence	Medium
Product	pom	artifactid	jakarta.persistence-api	Highest
Product	pom	developer id	lukasj	Low
Product	pom	developer name	Lukas Jungmann	Low
Product	pom	developer org	Oracle, Inc.	Low
Product	pom	groupid	jakarta.persistence	Highest
Product	pom	name	Jakarta Persistence API	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	jakartaee/persistence	High
Version	file	version	3.2.0	High
Version	Manifest	Bundle-Version	3.2.0	High
Version	Manifest	Implementation-Version	3.2.0	High
Version	pom	parent-version	3.2.0	Low
Version	pom	version	3.2.0	Highest

Identifiers

pkg:maven/jakarta.persistence/jakarta.persistence-api@3.2.0 (Confidence:High)

jakarta.servlet-api-6.1.0.jar

Description:

Jakarta Servlet 6.1

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html

File Path: /home/runner/.m2/repository/jakarta/servlet/jakarta.servlet-api/6.1.0/jakarta.servlet-api-6.1.0.jar
MD5: 314c930b3e40ac1abc3529c7c9942f09
SHA1: 1169a246913fe3823782af7943e7a103634867c5
SHA256:8a31f465f3593bf2351531a5c952014eb839da96a605b5825b93dd54714c48c4
Referenced In Project/Scope: RealLifeDeveloper Common:provided
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.servlet-api	High
Vendor	jar	package name	jakarta	Highest
Vendor	jar	package name	servlet	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.servlet-api	Medium
Vendor	Manifest	extension-name	jakarta.servlet	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.eclipse	Medium
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.servlet-api	Highest
Vendor	pom	artifactid	jakarta.servlet-api	Low
Vendor	pom	developer id	yaminikb	Medium
Vendor	pom	developer name	Yamini K B	Medium
Vendor	pom	developer org	Oracle Corporation	Medium
Vendor	pom	developer org URL	http://www.oracle.com/	Medium
Vendor	pom	groupid	jakarta.servlet	Highest
Vendor	pom	name	Jakarta Servlet	High
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	https://projects.eclipse.org/projects/ee4j.servlet	Highest
Product	file	name	jakarta.servlet-api	High
Product	jar	package name	jakarta	Highest
Product	jar	package name	servlet	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta Servlet	Medium
Product	Manifest	bundle-symbolicname	jakarta.servlet-api	Medium
Product	Manifest	extension-name	jakarta.servlet	Medium
Product	pom	artifactid	jakarta.servlet-api	Highest
Product	pom	developer id	yaminikb	Low
Product	pom	developer name	Yamini K B	Low
Product	pom	developer org	Oracle Corporation	Low
Product	pom	developer org URL	http://www.oracle.com/	Low
Product	pom	groupid	jakarta.servlet	Highest
Product	pom	name	Jakarta Servlet	High
Product	pom	parent-artifactid	project	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	url	https://projects.eclipse.org/projects/ee4j.servlet	Medium
Version	file	version	6.1.0	High
Version	Manifest	Bundle-Version	6.1.0	High
Version	Manifest	Implementation-Version	6.1.0	High
Version	pom	parent-version	6.1.0	Low
Version	pom	version	6.1.0	Highest

Identifiers

pkg:maven/jakarta.servlet/jakarta.servlet-api@6.1.0 (Confidence:High)
cpe:2.3:a:oracle:projects:6.1.0:*:*:*:*:*:*:* (Confidence:Low)

jakarta.ws.rs-api-4.0.0.jar

Description:

Jakarta RESTful Web Services

License:

https://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html

File Path: /home/runner/.m2/repository/jakarta/ws/rs/jakarta.ws.rs-api/4.0.0/jakarta.ws.rs-api-4.0.0.jar
MD5: 9b7cc90c000f193157d60d95caf45972
SHA1: c27a67f84ca491efcb3fa68f4df926e8a110069e
SHA256:6368b126cbcf34e694bb9ba5b9fe3e5040b7acea7ce622e636d698bb085fd2a6
Referenced In Project/Scope: RealLifeDeveloper Common:provided
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.ws.rs-api	High
Vendor	hint analyzer	vendor	web services	Medium
Vendor	jar	package name	jakarta	Highest
Vendor	jar	package name	rs	Highest
Vendor	jar	package name	ws	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org/org/foundation/	Low
Vendor	Manifest	bundle-symbolicname	jakarta.ws.rs-api	Medium
Vendor	Manifest	extension-name	jakarta.ws.rs	Medium
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.ws.rs-api	Highest
Vendor	pom	artifactid	jakarta.ws.rs-api	Low
Vendor	pom	groupid	jakarta.ws.rs	Highest
Vendor	pom	name	Jakarta RESTful WS API	High
Vendor	pom	parent-artifactid	all	Low
Product	file	name	jakarta.ws.rs-api	High
Product	hint analyzer	product	web services	Medium
Product	jar	package name	jakarta	Highest
Product	jar	package name	rs	Highest
Product	jar	package name	ws	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org/org/foundation/	Low
Product	Manifest	Bundle-Name	Jakarta RESTful WS API	Medium
Product	Manifest	bundle-symbolicname	jakarta.ws.rs-api	Medium
Product	Manifest	extension-name	jakarta.ws.rs	Medium
Product	pom	artifactid	jakarta.ws.rs-api	Highest
Product	pom	groupid	jakarta.ws.rs	Highest
Product	pom	name	Jakarta RESTful WS API	High
Product	pom	parent-artifactid	all	Medium
Version	file	version	4.0.0	High
Version	Manifest	Bundle-Version	4.0.0	High
Version	Manifest	Implementation-Version	4.0.0	High
Version	pom	version	4.0.0	Highest

Identifiers

pkg:maven/jakarta.ws.rs/jakarta.ws.rs-api@4.0.0 (Confidence:High)

jakarta.xml.bind-api-4.0.5.jar

Description:

Jakarta XML Binding API 4.0 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/runner/.m2/repository/jakarta/xml/bind/jakarta.xml.bind-api/4.0.5/jakarta.xml.bind-api-4.0.5.jar
MD5: 935053b2c792f34c7ea3a238ea96f3ac
SHA1: 161811f36cad3c65991502e80317f2f6703361df
SHA256:5e489b6c874c4119e003ff1403db523ee3a8959ec499f3de29e77245efccf216
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/org.hibernate.orm/hibernate-core@7.3.0.Final

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.xml.bind-api	High
Vendor	jar	package name	bind	Highest
Vendor	jar	package name	jakarta	Highest
Vendor	jar	package name	xml	Highest
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	bundle-symbolicname	jakarta.xml.bind-api	Medium
Vendor	Manifest	extension-name	jakarta.xml.bind	Medium
Vendor	Manifest	implementation-build-id	33af600	Low
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	artifactid	jakarta.xml.bind-api	Highest
Vendor	pom	artifactid	jakarta.xml.bind-api	Low
Vendor	pom	groupid	jakarta.xml.bind	Highest
Vendor	pom	name	Jakarta XML Binding API	High
Vendor	pom	parent-artifactid	jakarta.xml.bind-api-parent	Low
Product	file	name	jakarta.xml.bind-api	High
Product	jar	package name	bind	Highest
Product	jar	package name	jakarta	Highest
Product	jar	package name	xml	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	Jakarta XML Binding API	Medium
Product	Manifest	bundle-symbolicname	jakarta.xml.bind-api	Medium
Product	Manifest	extension-name	jakarta.xml.bind	Medium
Product	Manifest	implementation-build-id	33af600	Low
Product	pom	artifactid	jakarta.xml.bind-api	Highest
Product	pom	groupid	jakarta.xml.bind	Highest
Product	pom	name	Jakarta XML Binding API	High
Product	pom	parent-artifactid	jakarta.xml.bind-api-parent	Medium
Version	file	version	4.0.5	High
Version	Manifest	Bundle-Version	4.0.5	High
Version	Manifest	Implementation-Version	4.0.5	High
Version	pom	version	4.0.5	Highest

Identifiers

pkg:maven/jakarta.xml.bind/jakarta.xml.bind-api@4.0.5 (Confidence:High)

jspecify-1.0.0.jar

Description:

An artifact of well-named and well-specified annotations to power static analysis checks

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/jspecify/jspecify/1.0.0/jspecify-1.0.0.jar
MD5: 9133aba420d0ca3b001dbb6ae9992cf6
SHA1: 7425a601c1c7ec76645a78d22b8c6a627edee507
SHA256:1fad6e6be7557781e4d33729d49ae1cdc8fdda6fe477bb0cc68ce351eafdfbab
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/org.junit.jupiter/junit-jupiter-engine@6.0.3

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jspecify	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	jspecify	Highest
Vendor	Manifest	bundle-docurl	https://jspecify.dev/docs/start-here	Low
Vendor	Manifest	bundle-symbolicname	org.jspecify.jspecify	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	jspecify	Highest
Vendor	pom	artifactid	jspecify	Low
Vendor	pom	developer email	kevinb9n@gmail.com	Low
Vendor	pom	developer id	kevinb9n	Medium
Vendor	pom	developer name	Kevin Bourrillion	Medium
Vendor	pom	groupid	org.jspecify	Highest
Vendor	pom	name	JSpecify annotations	High
Vendor	pom	url	http://jspecify.org/	Highest
Product	file	name	jspecify	High
Product	jar	package name	annotations	Highest
Product	jar	package name	jspecify	Highest
Product	Manifest	bundle-docurl	https://jspecify.dev/docs/start-here	Low
Product	Manifest	Bundle-Name	JSpecify annotations	Medium
Product	Manifest	bundle-symbolicname	org.jspecify.jspecify	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	jspecify	Highest
Product	pom	developer email	kevinb9n@gmail.com	Low
Product	pom	developer id	kevinb9n	Low
Product	pom	developer name	Kevin Bourrillion	Low
Product	pom	groupid	org.jspecify	Highest
Product	pom	name	JSpecify annotations	High
Product	pom	url	http://jspecify.org/	Medium
Version	file	version	1.0.0	High
Version	Manifest	Bundle-Version	1.0.0	High
Version	Manifest	Implementation-Version	1.0.0	High
Version	pom	version	1.0.0	Highest

Identifiers

pkg:maven/org.jspecify/jspecify@1.0.0 (Confidence:High)

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: RealLifeDeveloper Common:provided
pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jsr305	High
Vendor	Manifest	bundle-symbolicname	org.jsr-305	Medium
Vendor	pom	artifactid	jsr305	Highest
Vendor	pom	artifactid	jsr305	Low
Vendor	pom	groupid	com.google.code.findbugs	Highest
Vendor	pom	name	FindBugs-jsr305	High
Vendor	pom	url	http://findbugs.sourceforge.net/	Highest
Product	file	name	jsr305	High
Product	Manifest	Bundle-Name	FindBugs-jsr305	Medium
Product	Manifest	bundle-symbolicname	org.jsr-305	Medium
Product	pom	artifactid	jsr305	Highest
Product	pom	groupid	com.google.code.findbugs	Highest
Product	pom	name	FindBugs-jsr305	High
Product	pom	url	http://findbugs.sourceforge.net/	Medium
Version	file	version	3.0.2	High
Version	Manifest	Bundle-Version	3.0.2	High
Version	pom	version	3.0.2	Highest

Identifiers

pkg:maven/com.google.code.findbugs/jsr305@3.0.2 (Confidence:High)

kafka-clients-4.1.1.jar

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/apache/kafka/kafka-clients/4.1.1/kafka-clients-4.1.1.jar
MD5: 26bde31278403cf747284fe50b01d660
SHA1: 094cb8f39c3157038ec9577634d310a2bf5fb516
SHA256:00247122a572c3d3ae4eb60a50192a5811bc0181f51923d13018600f892e821d
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/org.springframework.kafka/spring-kafka@4.0.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	kafka-clients	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	apache	Low
Vendor	jar	package name	clients	Highest
Vendor	jar	package name	common	Low
Vendor	jar	package name	kafka	Highest
Vendor	jar	package name	kafka	Low
Vendor	pom	artifactid	kafka-clients	Highest
Vendor	pom	artifactid	kafka-clients	Low
Vendor	pom	groupid	org.apache.kafka	Highest
Vendor	pom	name	Apache Kafka	High
Vendor	pom	url	https://kafka.apache.org	Highest
Product	file	name	kafka-clients	High
Product	jar	package name	apache	Highest
Product	jar	package name	clients	Highest
Product	jar	package name	common	Low
Product	jar	package name	kafka	Highest
Product	jar	package name	kafka	Low
Product	pom	artifactid	kafka-clients	Highest
Product	pom	groupid	org.apache.kafka	Highest
Product	pom	name	Apache Kafka	High
Product	pom	url	https://kafka.apache.org	Medium
Version	file	version	4.1.1	High
Version	pom	version	4.1.1	Highest

Identifiers

pkg:maven/org.apache.kafka/kafka-clients@4.1.1 (Confidence:High)
cpe:2.3:a:apache:kafka:4.1.1:*:*:*:*:*:*:* (Confidence:Highest)

log4j-core-2.25.4.jar

Description:

A versatile, industrial-grade, and reference implementation of the Log4j API.
    It bundles a rich set of components to assist various use cases:
    Appenders targeting files, network sockets, databases, SMTP servers;
    Layouts that can render CSV, HTML, JSON, Syslog, etc. formatted outputs;
    Filters that can be configured using log event rates, regular expressions, scripts, time, etc.
    It contains several extension points to introduce custom components, if needed.

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/apache/logging/log4j/log4j-core/2.25.4/log4j-core-2.25.4.jar
MD5: 62233cc04ded515e14b5fa4e88a9c5a9
SHA1: b963c3d6bfdf05c61ad47a74e9f9295131607df2
SHA256:10fee2c0485d54fa44ee75d314f6295508f7b932281873db61a91b88073200e6
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	log4j-core	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	log4j	Highest
Vendor	jar	package name	logging	Highest
Vendor	jar	package name	org	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-activationpolicy	lazy	Low
Vendor	Manifest	bundle-symbolicname	org.apache.logging.log4j.core	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	provide-capability	osgi.service;objectClass:List="javax.annotation.processing.Processor";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.core.util.ContextDataProvider";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.annotation.processing.Processor";register:="org.apache.logging.log4j.core.config.plugins.processor.GraalVmProcessor",osgi.serviceloader;osgi.serviceloader="javax.annotation.processing.Processor";register:="org.apache.logging.log4j.core.config.plugins.processor.PluginProcessor",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.core.util.ContextDataProvider";register:="org.apache.logging.log4j.core.impl.ThreadContextDataProvider",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";register:="org.apache.logging.log4j.core.message.ExtendedThreadInfoFactory",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.log4j.core.impl.Log4jProvider"	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	log4j-core	Highest
Vendor	pom	artifactid	log4j-core	Low
Vendor	pom	groupid	org.apache.logging.log4j	Highest
Vendor	pom	name	Apache Log4j Core	High
Vendor	pom	parent-artifactid	log4j	Low
Vendor	pom	url	https://logging.apache.org/log4j/2.x/	Highest
Product	file	name	log4j-core	High
Product	jar	package name	apache	Highest
Product	jar	package name	core	Highest
Product	jar	package name	log4j	Highest
Product	jar	package name	logging	Highest
Product	jar	package name	org	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-activationpolicy	lazy	Low
Product	Manifest	Bundle-Name	Apache Log4j Core	Medium
Product	Manifest	bundle-symbolicname	org.apache.logging.log4j.core	Medium
Product	Manifest	Implementation-Title	Apache Log4j Core	High
Product	Manifest	multi-release	true	Low
Product	Manifest	provide-capability	osgi.service;objectClass:List="javax.annotation.processing.Processor";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.core.util.ContextDataProvider";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.annotation.processing.Processor";register:="org.apache.logging.log4j.core.config.plugins.processor.GraalVmProcessor",osgi.serviceloader;osgi.serviceloader="javax.annotation.processing.Processor";register:="org.apache.logging.log4j.core.config.plugins.processor.PluginProcessor",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.core.util.ContextDataProvider";register:="org.apache.logging.log4j.core.impl.ThreadContextDataProvider",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";register:="org.apache.logging.log4j.core.message.ExtendedThreadInfoFactory",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.log4j.core.impl.Log4jProvider"	Low
Product	Manifest	specification-title	Apache Log4j Core	Medium
Product	pom	artifactid	log4j-core	Highest
Product	pom	groupid	org.apache.logging.log4j	Highest
Product	pom	name	Apache Log4j Core	High
Product	pom	parent-artifactid	log4j	Medium
Product	pom	url	https://logging.apache.org/log4j/2.x/	Medium
Version	file	version	2.25.4	High
Version	Manifest	Bundle-Version	2.25.4	High
Version	Manifest	Implementation-Version	2.25.4	High
Version	pom	version	2.25.4	Highest

Related Dependencies

Identifiers

pkg:maven/org.apache.logging.log4j/log4j-core@2.25.4 (Confidence:High)
cpe:2.3:a:apache:log4j:2.25.4:*:*:*:*:*:*:* (Confidence:Highest)

logback-core-1.5.32.jar

Description:

logback-core module

License:

https://www.eclipse.org/legal/epl-v20.html, https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html

File Path: /home/runner/.m2/repository/ch/qos/logback/logback-core/1.5.32/logback-core-1.5.32.jar
MD5: 053d4a28d6ba4c9b6247c6fd859ca64f
SHA1: fdfb3ff9a842303d4a95207294a6c6bc64e2605d
SHA256:6a904d5778d0e361a9692f9cbe68b1b0620ae0f3eda2ec2ed09102755bf036c4
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	logback-core	High
Vendor	jar	package name	ch	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	logback	Highest
Vendor	jar	package name	qos	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	http://www.qos.ch	Low
Vendor	Manifest	bundle-symbolicname	ch.qos.logback.core	Medium
Vendor	Manifest	Implementation-Vendor	QOS.ch	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin 5.1.9	Low
Vendor	Manifest	specification-vendor	QOS.ch	Low
Vendor	pom	artifactid	logback-core	Highest
Vendor	pom	artifactid	logback-core	Low
Vendor	pom	groupid	ch.qos.logback	Highest
Vendor	pom	name	Logback Core Module	High
Vendor	pom	parent-artifactid	logback-parent	Low
Product	file	name	logback-core	High
Product	jar	package name	21	Highest
Product	jar	package name	ch	Highest
Product	jar	package name	core	Highest
Product	jar	package name	logback	Highest
Product	jar	package name	qos	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	http://www.qos.ch	Low
Product	Manifest	Bundle-Name	Logback Core Module	Medium
Product	Manifest	bundle-symbolicname	ch.qos.logback.core	Medium
Product	Manifest	Implementation-Title	Logback Core Module	High
Product	Manifest	multi-release	true	Low
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin 5.1.9	Low
Product	Manifest	specification-title	Logback Core Module	Medium
Product	pom	artifactid	logback-core	Highest
Product	pom	groupid	ch.qos.logback	Highest
Product	pom	name	Logback Core Module	High
Product	pom	parent-artifactid	logback-parent	Medium
Version	file	version	1.5.32	High
Version	Manifest	Bundle-Version	1.5.32	High
Version	Manifest	Implementation-Version	1.5.32	High
Version	pom	version	1.5.32	Highest

Related Dependencies

Identifiers

pkg:maven/ch.qos.logback/logback-core@1.5.32 (Confidence:High)
cpe:2.3:a:qos:logback:1.5.32:*:*:*:*:*:*:* (Confidence:Highest)

lombok-1.18.44.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE

File Path: /home/runner/.m2/repository/org/projectlombok/lombok/1.18.44/lombok-1.18.44.jar
MD5: 7682dbc64a602a58797a323f006be06f
SHA1: 503fd0b002dbb237fa4656cf4b8021666a8aebac
SHA256:c6e91bfdc358bb1efb25ee185e95aaf9b600043e5f81d03bd76aefc01035bf86
Referenced In Project/Scope: RealLifeDeveloper Common:provided
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	lombok	High
Vendor	jar	package name	java	Highest
Vendor	jar	package name	lombok	Highest
Vendor	jar	package name	tostring	Highest
Vendor	Manifest	automatic-module-name	lombok	Medium
Vendor	Manifest	can-redefine-classes	true	Low
Vendor	pom	artifactid	lombok	Highest
Vendor	pom	artifactid	lombok	Low
Vendor	pom	developer email	reinier@projectlombok.org	Low
Vendor	pom	developer email	roel@projectlombok.org	Low
Vendor	pom	developer id	rspilker	Medium
Vendor	pom	developer id	rzwitserloot	Medium
Vendor	pom	developer name	Reinier Zwitserloot	Medium
Vendor	pom	developer name	Roel Spilker	Medium
Vendor	pom	groupid	org.projectlombok	Highest
Vendor	pom	name	Project Lombok	High
Vendor	pom	url	https://projectlombok.org	Highest
Product	file	name	lombok	High
Product	jar	package name	java	Highest
Product	jar	package name	lombok	Highest
Product	jar	package name	tostring	Highest
Product	Manifest	automatic-module-name	lombok	Medium
Product	Manifest	can-redefine-classes	true	Low
Product	pom	artifactid	lombok	Highest
Product	pom	developer email	reinier@projectlombok.org	Low
Product	pom	developer email	roel@projectlombok.org	Low
Product	pom	developer id	rspilker	Low
Product	pom	developer id	rzwitserloot	Low
Product	pom	developer name	Reinier Zwitserloot	Low
Product	pom	developer name	Roel Spilker	Low
Product	pom	groupid	org.projectlombok	Highest
Product	pom	name	Project Lombok	High
Product	pom	url	https://projectlombok.org	Medium
Version	file	version	1.18.44	High
Version	Manifest	lombok-version	1.18.44	Medium
Version	pom	version	1.18.44	Highest

Identifiers

pkg:maven/org.projectlombok/lombok@1.18.44 (Confidence:High)

lombok-1.18.44.jar: mavenEcjBootstrapAgent.jar

File Path: /home/runner/.m2/repository/org/projectlombok/lombok/1.18.44/lombok-1.18.44.jar/lombok/launch/mavenEcjBootstrapAgent.jar
MD5: 99d4e19630a2936991d953330fc0b04f
SHA1: 359faffcbd93e4c825e3eee0e88854d900c2dd77
SHA256:b749ed13b7ee30619334206f84ade583df68183afb83374fbff075ee2ebe83e2
Referenced In Project/Scope: RealLifeDeveloper Common:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	mavenEcjBootstrapAgent	High
Vendor	jar	package name	launch	Low
Vendor	jar	package name	lombok	Low
Vendor	Manifest	can-redefine-classes	true	Low
Product	file	name	mavenEcjBootstrapAgent	High
Product	jar	package name	launch	Low
Product	Manifest	can-redefine-classes	true	Low

Identifiers

None

lz4-java-1.8.0.jar

Description:

Java ports and bindings of the LZ4 compression algorithm and the xxHash hashing algorithm

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/lz4/lz4-java/1.8.0/lz4-java-1.8.0.jar
MD5: 936a927700aa8fc3b75d21d7571171f6
SHA1: 4b986a99445e49ea5fbf5d149c4b63f6ed6c6780
SHA256:d74a3334fb35195009b338a951f918203d6bbca3d1d359033dc33edd1cadc9ef
Referenced In Project/Scope: RealLifeDeveloper Common:runtime
pkg:maven/org.springframework.kafka/spring-kafka@4.0.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	lz4-java	High
Vendor	jar	package name	lz4	Highest
Vendor	jar	package name	xxhash	Highest
Vendor	Manifest	automatic-module-name	org.lz4.java	Medium
Vendor	Manifest	bundle-symbolicname	lz4-java	Medium
Vendor	Manifest	originally-created-by	1.7.0_302-b01 (Azul Systems, Inc.)	Low
Vendor	pom	artifactid	lz4-java	Highest
Vendor	pom	artifactid	lz4-java	Low
Vendor	pom	developer email	jpountz@gmail.com	Low
Vendor	pom	developer email	Rei.Odaira@gmail.com	Low
Vendor	pom	developer id	jpountz	Medium
Vendor	pom	developer id	odaira	Medium
Vendor	pom	developer name	Adrien Grand	Medium
Vendor	pom	developer name	Rei Odaira	Medium
Vendor	pom	groupid	org.lz4	Highest
Vendor	pom	name	LZ4 and xxHash	High
Vendor	pom	url	lz4/lz4-java	Highest
Product	file	name	lz4-java	High
Product	jar	package name	lz4	Highest
Product	jar	package name	xxhash	Highest
Product	Manifest	automatic-module-name	org.lz4.java	Medium
Product	Manifest	Bundle-Name	LZ4 Java Compression	Medium
Product	Manifest	bundle-symbolicname	lz4-java	Medium
Product	Manifest	originally-created-by	1.7.0_302-b01 (Azul Systems, Inc.)	Low
Product	pom	artifactid	lz4-java	Highest
Product	pom	developer email	jpountz@gmail.com	Low
Product	pom	developer email	Rei.Odaira@gmail.com	Low
Product	pom	developer id	jpountz	Low
Product	pom	developer id	odaira	Low
Product	pom	developer name	Adrien Grand	Low
Product	pom	developer name	Rei Odaira	Low
Product	pom	groupid	org.lz4	Highest
Product	pom	name	LZ4 and xxHash	High
Product	pom	url	lz4/lz4-java	High
Version	file	version	1.8.0	High
Version	Manifest	Bundle-Version	1.8.0	High
Version	pom	version	1.8.0	Highest

Identifiers

pkg:maven/org.lz4/lz4-java@1.8.0 (Confidence:High)

markdown4j-2.2-cj-1.1.jar

Description:

An OSGi-fied version of markdown4j

File Path: /home/runner/.m2/repository/org/commonjava/googlecode/markdown4j/markdown4j/2.2-cj-1.1/markdown4j-2.2-cj-1.1.jar
MD5: ab033e59e040e34bb79bb2220b0b7207
SHA1: 9e920737c365f0a7985d2050bb99a7edd36b6e19
SHA256:28eb991f702c6d85d6cafd68c24d1ce841d1f5c995c943f25aedb433c0c13f60
Referenced In Project/Scope: RealLifeDeveloper Common:compile
markdown4j-2.2-cj-1.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	markdown4j-2.2-cj	High
Vendor	jar	package name	markdown4j	Highest
Vendor	Manifest	bundle-activationpolicy	lazy	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.7	Low
Vendor	Manifest	bundle-symbolicname	markdown4j	Medium
Vendor	pom	artifactid	markdown4j	Highest
Vendor	pom	artifactid	markdown4j	Low
Vendor	pom	groupid	org.commonjava.googlecode.markdown4j	Highest
Vendor	pom	parent-artifactid	commonjava	Low
Vendor	pom	parent-groupid	org.commonjava	Medium
Product	file	name	markdown4j-2.2-cj	High
Product	jar	package name	markdown4j	Highest
Product	Manifest	bundle-activationpolicy	lazy	Low
Product	Manifest	Bundle-Name	markdown4j	Medium
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.7	Low
Product	Manifest	bundle-symbolicname	markdown4j	Medium
Product	pom	artifactid	markdown4j	Highest
Product	pom	groupid	org.commonjava.googlecode.markdown4j	Highest
Product	pom	parent-artifactid	commonjava	Medium
Product	pom	parent-groupid	org.commonjava	Medium
Version	pom	parent-version	2.2-cj-1.1	Low
Version	pom	version	2.2-cj-1.1	Highest

Identifiers

pkg:maven/org.commonjava.googlecode.markdown4j/markdown4j@2.2-cj-1.1 (Confidence:High)

micrometer-commons-1.16.4.jar

Description:

Module containing common code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/io/micrometer/micrometer-commons/1.16.4/micrometer-commons-1.16.4.jar
MD5: afbe1e6f6a034873cf8e9d006d3f0853
SHA1: b6a0e350a714f4cd973d760e68104c9602b4564c
SHA256:d13307840a8078abedc5979168c0be7877d2dba4c7db6c01665be457571213c4
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/org.springframework/spring-context@7.0.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	micrometer-commons	High
Vendor	jar	package name	common	Highest
Vendor	jar	package name	io	Highest
Vendor	jar	package name	micrometer	Highest
Vendor	Manifest	automatic-module-name	micrometer.commons	Medium
Vendor	Manifest	branch	HEAD	Low
Vendor	Manifest	build-date	2026-03-09_09:19:05	Low
Vendor	Manifest	build-date-utc	2026-03-09T09:19:05.879108792Z	Low
Vendor	Manifest	build-host	4c3960252dc0	Low
Vendor	Manifest	build-job	deploy	Low
Vendor	Manifest	build-number	65227	Low
Vendor	Manifest	build-timezone	Etc/UTC	Low
Vendor	Manifest	build-url	https://circleci.com/gh/micrometer-metrics/micrometer/65227	Low
Vendor	Manifest	built-os	Linux	Low
Vendor	Manifest	built-status	release	Low
Vendor	Manifest	bundle-symbolicname	micrometer-commons	Medium
Vendor	Manifest	change	414cb90	Low
Vendor	Manifest	full-change	414cb9057ec888387f5e2fb9471fcbca9ca131f0	Low
Vendor	Manifest	module-email	tludwig@vmware.com	Low
Vendor	Manifest	module-origin	micrometer-metrics/micrometer.git	Low
Vendor	Manifest	module-owner	tludwig@vmware.com	Low
Vendor	Manifest	module-source	/micrometer-commons	Low
Vendor	pom	artifactid	micrometer-commons	Highest
Vendor	pom	artifactid	micrometer-commons	Low
Vendor	pom	developer email	tludwig@vmware.com	Low
Vendor	pom	developer id	shakuzen	Medium
Vendor	pom	developer name	Tommy Ludwig	Medium
Vendor	pom	groupid	io.micrometer	Highest
Vendor	pom	name	micrometer-commons	High
Vendor	pom	url	micrometer-metrics/micrometer	Highest
Product	file	name	micrometer-commons	High
Product	jar	package name	common	Highest
Product	jar	package name	io	Highest
Product	jar	package name	micrometer	Highest
Product	Manifest	automatic-module-name	micrometer.commons	Medium
Product	Manifest	branch	HEAD	Low
Product	Manifest	build-date	2026-03-09_09:19:05	Low
Product	Manifest	build-date-utc	2026-03-09T09:19:05.879108792Z	Low
Product	Manifest	build-host	4c3960252dc0	Low
Product	Manifest	build-job	deploy	Low
Product	Manifest	build-number	65227	Low
Product	Manifest	build-timezone	Etc/UTC	Low
Product	Manifest	build-url	https://circleci.com/gh/micrometer-metrics/micrometer/65227	Low
Product	Manifest	built-os	Linux	Low
Product	Manifest	built-status	release	Low
Product	Manifest	Bundle-Name	micrometer-commons	Medium
Product	Manifest	bundle-symbolicname	micrometer-commons	Medium
Product	Manifest	change	414cb90	Low
Product	Manifest	full-change	414cb9057ec888387f5e2fb9471fcbca9ca131f0	Low
Product	Manifest	Implementation-Title	io.micrometer#micrometer-commons;1.16.4	High
Product	Manifest	module-email	tludwig@vmware.com	Low
Product	Manifest	module-origin	micrometer-metrics/micrometer.git	Low
Product	Manifest	module-owner	tludwig@vmware.com	Low
Product	Manifest	module-source	/micrometer-commons	Low
Product	pom	artifactid	micrometer-commons	Highest
Product	pom	developer email	tludwig@vmware.com	Low
Product	pom	developer id	shakuzen	Low
Product	pom	developer name	Tommy Ludwig	Low
Product	pom	groupid	io.micrometer	Highest
Product	pom	name	micrometer-commons	High
Product	pom	url	micrometer-metrics/micrometer	High
Version	file	version	1.16.4	High
Version	Manifest	Bundle-Version	1.16.4	High
Version	Manifest	Implementation-Version	1.16.4	High
Version	pom	version	1.16.4	Highest

Identifiers

pkg:maven/io.micrometer/micrometer-commons@1.16.4 (Confidence:High)

micrometer-observation-1.16.4.jar

Description:

Module containing Observation related code

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/io/micrometer/micrometer-observation/1.16.4/micrometer-observation-1.16.4.jar
MD5: 21a66d76bd0afd7d3592fa7ca73eddd3
SHA1: 64b57332a68b75ba36d9bf9b4cfd62610d0fb158
SHA256:dd410c6a4225731a3466e56b81ff097d14cd092dbc9b97384fd96feec1cc36af
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/org.springframework/spring-context@7.0.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	micrometer-observation	High
Vendor	jar	package name	io	Highest
Vendor	jar	package name	micrometer	Highest
Vendor	jar	package name	observation	Highest
Vendor	Manifest	automatic-module-name	micrometer.observation	Medium
Vendor	Manifest	branch	HEAD	Low
Vendor	Manifest	build-date	2026-03-09_09:19:06	Low
Vendor	Manifest	build-date-utc	2026-03-09T09:19:06.298109510Z	Low
Vendor	Manifest	build-host	4c3960252dc0	Low
Vendor	Manifest	build-job	deploy	Low
Vendor	Manifest	build-number	65227	Low
Vendor	Manifest	build-timezone	Etc/UTC	Low
Vendor	Manifest	build-url	https://circleci.com/gh/micrometer-metrics/micrometer/65227	Low
Vendor	Manifest	built-os	Linux	Low
Vendor	Manifest	built-status	release	Low
Vendor	Manifest	bundle-symbolicname	micrometer-observation	Medium
Vendor	Manifest	change	414cb90	Low
Vendor	Manifest	full-change	414cb9057ec888387f5e2fb9471fcbca9ca131f0	Low
Vendor	Manifest	module-email	tludwig@vmware.com	Low
Vendor	Manifest	module-origin	micrometer-metrics/micrometer.git	Low
Vendor	Manifest	module-owner	tludwig@vmware.com	Low
Vendor	Manifest	module-source	/micrometer-observation	Low
Vendor	pom	artifactid	micrometer-observation	Highest
Vendor	pom	artifactid	micrometer-observation	Low
Vendor	pom	developer email	tludwig@vmware.com	Low
Vendor	pom	developer id	shakuzen	Medium
Vendor	pom	developer name	Tommy Ludwig	Medium
Vendor	pom	groupid	io.micrometer	Highest
Vendor	pom	name	micrometer-observation	High
Vendor	pom	url	micrometer-metrics/micrometer	Highest
Product	file	name	micrometer-observation	High
Product	jar	package name	io	Highest
Product	jar	package name	micrometer	Highest
Product	jar	package name	observation	Highest
Product	Manifest	automatic-module-name	micrometer.observation	Medium
Product	Manifest	branch	HEAD	Low
Product	Manifest	build-date	2026-03-09_09:19:06	Low
Product	Manifest	build-date-utc	2026-03-09T09:19:06.298109510Z	Low
Product	Manifest	build-host	4c3960252dc0	Low
Product	Manifest	build-job	deploy	Low
Product	Manifest	build-number	65227	Low
Product	Manifest	build-timezone	Etc/UTC	Low
Product	Manifest	build-url	https://circleci.com/gh/micrometer-metrics/micrometer/65227	Low
Product	Manifest	built-os	Linux	Low
Product	Manifest	built-status	release	Low
Product	Manifest	Bundle-Name	micrometer-observation	Medium
Product	Manifest	bundle-symbolicname	micrometer-observation	Medium
Product	Manifest	change	414cb90	Low
Product	Manifest	full-change	414cb9057ec888387f5e2fb9471fcbca9ca131f0	Low
Product	Manifest	Implementation-Title	io.micrometer#micrometer-observation;1.16.4	High
Product	Manifest	module-email	tludwig@vmware.com	Low
Product	Manifest	module-origin	micrometer-metrics/micrometer.git	Low
Product	Manifest	module-owner	tludwig@vmware.com	Low
Product	Manifest	module-source	/micrometer-observation	Low
Product	pom	artifactid	micrometer-observation	Highest
Product	pom	developer email	tludwig@vmware.com	Low
Product	pom	developer id	shakuzen	Low
Product	pom	developer name	Tommy Ludwig	Low
Product	pom	groupid	io.micrometer	Highest
Product	pom	name	micrometer-observation	High
Product	pom	url	micrometer-metrics/micrometer	High
Version	file	version	1.16.4	High
Version	Manifest	Bundle-Version	1.16.4	High
Version	Manifest	Implementation-Version	1.16.4	High
Version	pom	version	1.16.4	Highest

Identifiers

pkg:maven/io.micrometer/micrometer-observation@1.16.4 (Confidence:High)

netty-codec-protobuf-4.2.10.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/runner/.m2/repository/io/netty/netty-codec-protobuf/4.2.10.Final/netty-codec-protobuf-4.2.10.Final.jar
MD5: feb86d86bd4c8f7e642e4ec69ef03585
SHA1: e7d69687bcf4f812bba119b8b9c3942d9c8c6c7a
SHA256:df6390a29ffde35426fa5ad49cccc491c58e6ca2253e364825a204ed03d0fbfc
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.rabbitmq/amqp-client@5.29.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	netty-codec-protobuf	High
Vendor	jar	package name	codec	Highest
Vendor	jar	package name	io	Highest
Vendor	jar	package name	netty	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://netty.io/	Low
Vendor	Manifest	bundle-symbolicname	io.netty.codec-protobuf	Medium
Vendor	Manifest	implementation-url	https://netty.io/netty-codec-protobuf/	Low
Vendor	Manifest	Implementation-Vendor	The Netty Project	High
Vendor	Manifest	Implementation-Vendor-Id	io.netty	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Netty Project	Low
Vendor	pom	artifactid	netty-codec-protobuf	Highest
Vendor	pom	artifactid	netty-codec-protobuf	Low
Vendor	pom	groupid	io.netty	Highest
Vendor	pom	name	Netty/Codec/Protobuf	High
Vendor	pom	parent-artifactid	netty-parent	Low
Product	file	name	netty-codec-protobuf	High
Product	jar	package name	11	Highest
Product	jar	package name	codec	Highest
Product	jar	package name	io	Highest
Product	jar	package name	netty	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://netty.io/	Low
Product	Manifest	Bundle-Name	Netty/Codec/Protobuf	Medium
Product	Manifest	bundle-symbolicname	io.netty.codec-protobuf	Medium
Product	Manifest	Implementation-Title	Netty/Codec/Protobuf	High
Product	Manifest	implementation-url	https://netty.io/netty-codec-protobuf/	Low
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Netty/Codec/Protobuf	Medium
Product	pom	artifactid	netty-codec-protobuf	Highest
Product	pom	groupid	io.netty	Highest
Product	pom	name	Netty/Codec/Protobuf	High
Product	pom	parent-artifactid	netty-parent	Medium
Version	Manifest	Bundle-Version	4.2.10.Final	High
Version	Manifest	Implementation-Version	4.2.10.Final	High
Version	pom	version	4.2.10.Final	Highest

Identifiers

pkg:maven/io.netty/netty-codec-protobuf@4.2.10.Final (Confidence:High)
cpe:2.3:a:netty:netty:4.2.10:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:protobuf:protobuf:4.2.10:*:*:*:*:*:*:* (Confidence:Highest)

netty-common-4.2.10.Final.jar (shaded: org.jctools:jctools-core:4.0.5)

Description:

Java Concurrency Tools Core Library

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/io/netty/netty-common/4.2.10.Final/netty-common-4.2.10.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: 5d5135397b920a7dcbca5c1fb0576cf2
SHA1: eaa05d6ad937464312a2681a3236c0e06602bbb7
SHA256:a69897b8ff0c2198b4b8cd7d4f93fde6d42b8e9dbfc95553585e27587b24e211
Referenced In Project/Scope: RealLifeDeveloper Common:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	jctools-core	Low
Vendor	pom	groupid	org.jctools	Highest
Vendor	pom	name	Java Concurrency Tools Core Library	High
Vendor	pom	url	JCTools	Highest
Product	pom	artifactid	jctools-core	Highest
Product	pom	groupid	org.jctools	Highest
Product	pom	name	Java Concurrency Tools Core Library	High
Product	pom	url	JCTools	High
Version	pom	version	4.0.5	Highest

Identifiers

pkg:maven/org.jctools/jctools-core@4.0.5 (Confidence:High)

netty-transport-4.2.10.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/runner/.m2/repository/io/netty/netty-transport/4.2.10.Final/netty-transport-4.2.10.Final.jar
MD5: 0d16ed7e5266244c2aa8df0d887fd116
SHA1: d9ce85a6b94fe584b0dec4b07230ac455ff975c1
SHA256:aaff8b2958eea0e94d3e5521d795e65ea91faf58fa1152e45584b36348a81abd
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.rabbitmq/amqp-client@5.29.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	netty-transport	High
Vendor	jar	package name	io	Highest
Vendor	jar	package name	netty	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://netty.io/	Low
Vendor	Manifest	bundle-symbolicname	io.netty.transport	Medium
Vendor	Manifest	implementation-url	https://netty.io/netty-transport/	Low
Vendor	Manifest	Implementation-Vendor	The Netty Project	High
Vendor	Manifest	Implementation-Vendor-Id	io.netty	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Netty Project	Low
Vendor	pom	artifactid	netty-transport	Highest
Vendor	pom	artifactid	netty-transport	Low
Vendor	pom	groupid	io.netty	Highest
Vendor	pom	name	Netty/Transport	High
Vendor	pom	parent-artifactid	netty-parent	Low
Product	file	name	netty-transport	High
Product	jar	package name	11	Highest
Product	jar	package name	io	Highest
Product	jar	package name	netty	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://netty.io/	Low
Product	Manifest	Bundle-Name	Netty/Transport	Medium
Product	Manifest	bundle-symbolicname	io.netty.transport	Medium
Product	Manifest	Implementation-Title	Netty/Transport	High
Product	Manifest	implementation-url	https://netty.io/netty-transport/	Low
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Netty/Transport	Medium
Product	pom	artifactid	netty-transport	Highest
Product	pom	groupid	io.netty	Highest
Product	pom	name	Netty/Transport	High
Product	pom	parent-artifactid	netty-parent	Medium
Version	Manifest	Bundle-Version	4.2.10.Final	High
Version	Manifest	Implementation-Version	4.2.10.Final	High
Version	pom	version	4.2.10.Final	Highest

Related Dependencies

netty-buffer-4.2.10.Final.jar
- File Path: /home/runner/.m2/repository/io/netty/netty-buffer/4.2.10.Final/netty-buffer-4.2.10.Final.jar
- MD5: 0ab56f967880a1e332813984990767e0
- SHA1: b9b67175347d45b1caa5525440258904e01fac22
- SHA256: a430cfedce93c171a56a86d1d27c8d829db4793f1c59c381c65e84e5bcd5bcaa
- pkg:maven/io.netty/netty-buffer@4.2.10.Final
netty-codec-4.2.10.Final.jar
- File Path: /home/runner/.m2/repository/io/netty/netty-codec/4.2.10.Final/netty-codec-4.2.10.Final.jar
- MD5: 9337902c6fb73a40a654f95b5c4eae9a
- SHA1: 47b3239ce9ac99b6cab7623300123a332ce5f599
- SHA256: 94ebf64dea2843649f3a0f75f804e60562ea74f2ed430e1d41ea7945e8e2ff03
- pkg:maven/io.netty/netty-codec@4.2.10.Final
netty-codec-base-4.2.10.Final.jar
- File Path: /home/runner/.m2/repository/io/netty/netty-codec-base/4.2.10.Final/netty-codec-base-4.2.10.Final.jar
- MD5: 74cc444af0396c1bd5da34a3e50e12cf
- SHA1: e81b71d93024736f174397bff1fdd590e0aa9c44
- SHA256: 2a420ee609c1c4ad750609b6d7e2ee9f26a0431a8bbd7f48afb8ac576f1c40b9
- pkg:maven/io.netty/netty-codec-base@4.2.10.Final
netty-codec-compression-4.2.10.Final.jar
- File Path: /home/runner/.m2/repository/io/netty/netty-codec-compression/4.2.10.Final/netty-codec-compression-4.2.10.Final.jar
- MD5: a414c212744a98db85f7e2dedb87e24e
- SHA1: 5cc88546ee2ac730041eb33dff868037c8e85e78
- SHA256: 6ed70c21d6b4eb237dfab29214dfc029e1e85e9804751cb94924fa04f36c04cd
- pkg:maven/io.netty/netty-codec-compression@4.2.10.Final
netty-codec-marshalling-4.2.10.Final.jar
- File Path: /home/runner/.m2/repository/io/netty/netty-codec-marshalling/4.2.10.Final/netty-codec-marshalling-4.2.10.Final.jar
- MD5: 27bdf1a110dbf05869c9ac2608ea3327
- SHA1: ba4677a2ad56d4daf3abe0a01b991de225c4edd1
- SHA256: 84ccf4e6e095434041f6ba47a003609ad42f2baf60136a2b0c7696c7056cf1aa
- pkg:maven/io.netty/netty-codec-marshalling@4.2.10.Final
netty-common-4.2.10.Final.jar
- File Path: /home/runner/.m2/repository/io/netty/netty-common/4.2.10.Final/netty-common-4.2.10.Final.jar
- MD5: 5390e35e3ebafbbf348fe7ecd66aef94
- SHA1: c55e97d9bd061a2d88418d2d831e1fa39cb975e7
- SHA256: ad7ff0989d76be928069176754deec42c6a0e3305013df21814b4ac46b1ace9a
- pkg:maven/io.netty/netty-common@4.2.10.Final
netty-handler-4.2.10.Final.jar
- File Path: /home/runner/.m2/repository/io/netty/netty-handler/4.2.10.Final/netty-handler-4.2.10.Final.jar
- MD5: 34ea67c97c2c95bfb262dcf15fdf919f
- SHA1: 730b1c0df761ecae4de489b974efe29135d996f5
- SHA256: 769fecbfbca5756c52a442da35563218ced4d6cc179da2a8e782aae6ce8a187b
- pkg:maven/io.netty/netty-handler@4.2.10.Final
netty-resolver-4.2.10.Final.jar
- File Path: /home/runner/.m2/repository/io/netty/netty-resolver/4.2.10.Final/netty-resolver-4.2.10.Final.jar
- MD5: 71f670cd33feed6e48be74b0cd555270
- SHA1: 888daac4608a9b5fa1a74763e0de88d0dbf459a4
- SHA256: 14dfad791466ab2cc87316841c1c976af140bdb8c6ed5f84725e1225a1e0bbe6
- pkg:maven/io.netty/netty-resolver@4.2.10.Final
netty-transport-native-unix-common-4.2.10.Final.jar
- File Path: /home/runner/.m2/repository/io/netty/netty-transport-native-unix-common/4.2.10.Final/netty-transport-native-unix-common-4.2.10.Final.jar
- MD5: 0d4423aea3ff37c909ca5d65a0af4cd2
- SHA1: 8a8495c494ab2f5b0fdd93d2f670a1ea50a6b7de
- SHA256: 6bea060f5ffe953acab6c922236d284ca8f1e8c6a59d8a13eaba053fa280a88f
- pkg:maven/io.netty/netty-transport-native-unix-common@4.2.10.Final

Identifiers

pkg:maven/io.netty/netty-transport@4.2.10.Final (Confidence:High)
cpe:2.3:a:netty:netty:4.2.10:*:*:*:*:*:*:* (Confidence:Highest)

org.eclipse.sisu.plexus-0.9.0.M4.jar

Description:

Plexus-JSR330 adapter; adds Plexus support to the Sisu-Inject container

License:

"Eclipse Public License, Version 2.0";link="https://www.eclipse.org/legal/epl-v20.html"

File Path: /home/runner/.m2/repository/org/eclipse/sisu/org.eclipse.sisu.plexus/0.9.0.M4/org.eclipse.sisu.plexus-0.9.0.M4.jar
MD5: 51eea54bbc85323fc68f6a79f9b8f179
SHA1: 478f7935e88cd9da7ef01f509e4853e80ede9034
SHA256:b90579bc652eac7331436e0a25533fce14130b9c6e015f2dd3a3d4bb07e942b7
Referenced In Project/Scope: RealLifeDeveloper Common:provided
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	org.eclipse.sisu.plexus	High
Vendor	jar	package name	eclipse	Highest
Vendor	jar	package name	plexus	Highest
Vendor	jar	package name	sisu	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-copyright	Copyright (c) 2010-present Sonatype, Inc. and others	Low
Vendor	Manifest	bundle-developers	mcculls;name="Stuart McCulloch",cstamas;name="Tamas Cservenak",kwin;name="Konrad Windszus"	Low
Vendor	Manifest	bundle-docurl	http://www.eclipse.org/sisu/	Low
Vendor	Manifest	bundle-symbolicname	org.eclipse.sisu.plexus;singleton:=true	Medium
Vendor	pom	artifactid	eclipse.sisu.plexus	Low
Vendor	pom	artifactid	org.eclipse.sisu.plexus	Highest
Vendor	pom	groupid	org.eclipse.sisu	Highest
Vendor	pom	name	:	High
Vendor	pom	parent-artifactid	sisu-inject	Low
Product	file	name	org.eclipse.sisu.plexus	High
Product	jar	package name	eclipse	Highest
Product	jar	package name	plexus	Highest
Product	jar	package name	sisu	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-copyright	Copyright (c) 2010-present Sonatype, Inc. and others	Low
Product	Manifest	bundle-developers	mcculls;name="Stuart McCulloch",cstamas;name="Tamas Cservenak",kwin;name="Konrad Windszus"	Low
Product	Manifest	bundle-docurl	http://www.eclipse.org/sisu/	Low
Product	Manifest	Bundle-Name	Sisu-Plexus (Incubation)	Medium
Product	Manifest	bundle-symbolicname	org.eclipse.sisu.plexus;singleton:=true	Medium
Product	pom	artifactid	eclipse.sisu.plexus	Highest
Product	pom	artifactid	org.eclipse.sisu.plexus	Highest
Product	pom	groupid	org.eclipse.sisu	Highest
Product	pom	name	:	High
Product	pom	parent-artifactid	sisu-inject	Medium
Version	Manifest	Bundle-Version	0.9.0.M4	High
Version	pom	version	0.9.0.M4	Highest

Identifiers

pkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.9.0.M4 (Confidence:High)

org.osgi.annotation.versioning-1.1.2.jar

Description:

OSGi Companion Code for org.osgi.annotation.versioning Version 1.1.2

License:

Apache-2.0: https://opensource.org/licenses/Apache-2.0

File Path: /home/runner/.m2/repository/org/osgi/org.osgi.annotation.versioning/1.1.2/org.osgi.annotation.versioning-1.1.2.jar
MD5: a61b3b8d09c85ad296c61e21bf77ec70
SHA1: dc3cd4ec96c0b3c5459fe00694bd73a816ecf93e
SHA256:f51f235e80df8ffbc30ef1b557b6ea38a696632d675404ec117e952978b8b863
Referenced In Project/Scope: RealLifeDeveloper Common:provided
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	org.osgi.annotation.versioning	High
Vendor	jar	package name	annotation	Highest
Vendor	jar	package name	osgi	Highest
Vendor	jar	package name	versioning	Highest
Vendor	Manifest	automatic-module-name	org.osgi.annotation.versioning	Medium
Vendor	Manifest	bundle-copyright	Copyright (c) Contributors to the Eclipse Foundation	Low
Vendor	Manifest	bundle-developers	osgi; email=osgi-wg@eclipse.org; name="OSGi Working Group"; organization="Eclipse Foundation"; organizationUrl="https://www.osgi.org/"	Low
Vendor	Manifest	bundle-docurl	https://docs.osgi.org/	Low
Vendor	Manifest	bundle-symbolicname	org.osgi.annotation.versioning	Medium
Vendor	Manifest	git-descriptor	r8-cmpn-final	Low
Vendor	Manifest	git-sha	db39ce672917cadce15aad14a33795cbed7e8791	Low
Vendor	pom	artifactid	org.osgi.annotation.versioning	Highest
Vendor	pom	artifactid	osgi.annotation.versioning	Low
Vendor	pom	developer email	osgi-wg@eclipse.org	Low
Vendor	pom	developer id	osgi	Medium
Vendor	pom	developer name	OSGi Working Group	Medium
Vendor	pom	developer org	Eclipse Foundation	Medium
Vendor	pom	developer org URL	https://www.osgi.org/	Medium
Vendor	pom	groupid	org.osgi	Highest
Vendor	pom	name	org.osgi:org.osgi.annotation.versioning	High
Vendor	pom	organization name	Eclipse Foundation	High
Vendor	pom	url	https://docs.osgi.org/	Highest
Product	file	name	org.osgi.annotation.versioning	High
Product	jar	package name	annotation	Highest
Product	jar	package name	osgi	Highest
Product	jar	package name	versioning	Highest
Product	Manifest	automatic-module-name	org.osgi.annotation.versioning	Medium
Product	Manifest	bundle-copyright	Copyright (c) Contributors to the Eclipse Foundation	Low
Product	Manifest	bundle-developers	osgi; email=osgi-wg@eclipse.org; name="OSGi Working Group"; organization="Eclipse Foundation"; organizationUrl="https://www.osgi.org/"	Low
Product	Manifest	bundle-docurl	https://docs.osgi.org/	Low
Product	Manifest	Bundle-Name	org.osgi:org.osgi.annotation.versioning	Medium
Product	Manifest	bundle-symbolicname	org.osgi.annotation.versioning	Medium
Product	Manifest	git-descriptor	r8-cmpn-final	Low
Product	Manifest	git-sha	db39ce672917cadce15aad14a33795cbed7e8791	Low
Product	pom	artifactid	org.osgi.annotation.versioning	Highest
Product	pom	artifactid	osgi.annotation.versioning	Highest
Product	pom	developer email	osgi-wg@eclipse.org	Low
Product	pom	developer id	osgi	Low
Product	pom	developer name	OSGi Working Group	Low
Product	pom	developer org	Eclipse Foundation	Low
Product	pom	developer org URL	https://www.osgi.org/	Low
Product	pom	groupid	org.osgi	Highest
Product	pom	name	org.osgi:org.osgi.annotation.versioning	High
Product	pom	organization name	Eclipse Foundation	Low
Product	pom	url	https://docs.osgi.org/	Medium
Version	file	version	1.1.2	High
Version	pom	version	1.1.2	Highest

Identifiers

pkg:maven/org.osgi/org.osgi.annotation.versioning@1.1.2 (Confidence:High)

slf4j-api-2.0.17.jar

Description:

The slf4j API

License:

https://opensource.org/license/mit

File Path: /home/runner/.m2/repository/org/slf4j/slf4j-api/2.0.17/slf4j-api-2.0.17.jar
MD5: b6480d114a23683498ac3f746f959d2f
SHA1: d9e58ac9c7779ba3bf8142aff6c830617a7fe60f
SHA256:7b751d952061954d5abfed7181c1f645d336091b679891591d63329c622eb832
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	slf4j-api	High
Vendor	jar	package name	slf4j	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	http://www.slf4j.org	Low
Vendor	Manifest	bundle-symbolicname	slf4j.api	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	slf4j-api	Highest
Vendor	pom	artifactid	slf4j-api	Low
Vendor	pom	groupid	org.slf4j	Highest
Vendor	pom	name	SLF4J API Module	High
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	url	http://www.slf4j.org	Highest
Product	file	name	slf4j-api	High
Product	jar	package name	slf4j	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	http://www.slf4j.org	Low
Product	Manifest	Bundle-Name	SLF4J API Module	Medium
Product	Manifest	bundle-symbolicname	slf4j.api	Medium
Product	Manifest	Implementation-Title	slf4j-api	High
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	slf4j-api	Highest
Product	pom	groupid	org.slf4j	Highest
Product	pom	name	SLF4J API Module	High
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	url	http://www.slf4j.org	Medium
Version	file	version	2.0.17	High
Version	Manifest	Bundle-Version	2.0.17	High
Version	Manifest	Implementation-Version	2.0.17	High
Version	pom	version	2.0.17	Highest

Identifiers

pkg:maven/org.slf4j/slf4j-api@2.0.17 (Confidence:High)

snappy-java-1.1.10.7.jar

Description:

snappy-java: A fast compression/decompression library

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/runner/.m2/repository/org/xerial/snappy/snappy-java/1.1.10.7/snappy-java-1.1.10.7.jar
MD5: d74bb2e2857f965683c9de931b71fc86
SHA1: 3049f95640f4625a945cfab85715f603fa4c8f80
SHA256:4c766cb3f855415ee734b2392949a0b6f12a60879334a74518deaf6270d32e36
Referenced In Project/Scope: RealLifeDeveloper Common:runtime
pkg:maven/org.springframework.kafka/spring-kafka@4.0.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	snappy-java	High
Vendor	jar	package name	snappy	Highest
Vendor	jar	package name	xerial	Highest
Vendor	Manifest	bundle-activationpolicy	lazy	Low
Vendor	Manifest	bundle-docurl	http://www.xerial.org/	Low
Vendor	Manifest	bundle-nativecode	org/xerial/snappy/native/Windows/x86_64/snappyjava.dll;osname=win32;processor=x86-64,org/xerial/snappy/native/Windows/x86_64/snappyjava.dll;osname=win32;processor=x64,org/xerial/snappy/native/Windows/x86_64/snappyjava.dll;osname=win32;processor=amd64,org/xerial/snappy/native/Windows/x86/snappyjava.dll;osname=win32;processor=x86,org/xerial/snappy/native/Mac/x86/libsnappyjava.jnilib;osname=macosx;processor=x86,org/xerial/snappy/native/Mac/x86_64/libsnappyjava.dylib;osname=macosx;processor=x86-64,org/xerial/snappy/native/Mac/aarch64/libsnappyjava.dylib;osname=macosx;processor=aarch64,org/xerial/snappy/native/Linux/x86_64/libsnappyjava.so;osname=linux;processor=x86-64,org/xerial/snappy/native/Linux/x86_64/libsnappyjava.so;osname=linux;processor=x64,org/xerial/snappy/native/Linux/x86_64/libsnappyjava.so;osname=linux;processor=amd64,org/xerial/snappy/native/Linux/x86/libsnappyjava.so;osname=linux;processor=x86,org/xerial/snappy/native/Linux/aarch64/libsnappyjava.so;osname=linux;processor=aarch64,org/xerial/snappy/native/Linux/riscv64/libsnappyjava.so;osname=linux;processor=riscv64,org/xerial/snappy/native/Linux/arm/libsnappyjava.so;osname=linux;processor=arm,org/xerial/snappy/native/Linux/armv7/libsnappyjava.so;osname=linux;processor=arm_le,org/xerial/snappy/native/Linux/ppc64/libsnappyjava.so;osname=linux;processor=ppc64le,org/xerial/snappy/native/Linux/s390x/libsnappyjava.so;osname=linux;processor=s390x,org/xerial/snappy/native/Linux/loongarch64/libsnappyjava.so;osname=linux;processor=loongarch64,org/xerial/snappy/native/AIX/ppc/libsnappyjava.a;osname=aix;processor=ppc,org/xerial/snappy/native/AIX/ppc64/libsnappyjava.a;osname=aix;processor=ppc64,org/xerial/snappy/native/SunOS/x86/libsnappyjava.so;osname=sunos;processor=x86,org/xerial/snappy/native/SunOS/x86_64/libsnappyjava.so;osname=sunos;processor=x86-64,org/xerial/snappy/native/SunOS/sparc/libsnappyjava.so;osname=sunos;processor=sparc	Low
Vendor	Manifest	bundle-symbolicname	org.xerial.snappy.snappy-java	Medium
Vendor	Manifest	implementation-url	https://github.com/xerial/snappy-java	Low
Vendor	Manifest	Implementation-Vendor	xerial.org	High
Vendor	Manifest	Implementation-Vendor-Id	org.xerial.snappy	Medium
Vendor	Manifest	specification-vendor	xerial.org	Low
Vendor	pom	artifactid	snappy-java	Highest
Vendor	pom	artifactid	snappy-java	Low
Vendor	pom	developer email	leo@xerial.org	Low
Vendor	pom	developer id	leo	Medium
Vendor	pom	developer name	Taro L. Saito	Medium
Vendor	pom	groupid	org.xerial.snappy	Highest
Vendor	pom	name	snappy-java	High
Vendor	pom	organization name	xerial.org	High
Vendor	pom	organization url	xerial/snappy-java	Medium
Vendor	pom	url	xerial/snappy-java	Highest
Product	file	name	snappy-java	High
Product	jar	package name	snappy	Highest
Product	jar	package name	xerial	Highest
Product	Manifest	bundle-activationpolicy	lazy	Low
Product	Manifest	bundle-docurl	http://www.xerial.org/	Low
Product	Manifest	Bundle-Name	snappy-java: A fast compression/decompression library	Medium
Product	Manifest	bundle-nativecode	org/xerial/snappy/native/Windows/x86_64/snappyjava.dll;osname=win32;processor=x86-64,org/xerial/snappy/native/Windows/x86_64/snappyjava.dll;osname=win32;processor=x64,org/xerial/snappy/native/Windows/x86_64/snappyjava.dll;osname=win32;processor=amd64,org/xerial/snappy/native/Windows/x86/snappyjava.dll;osname=win32;processor=x86,org/xerial/snappy/native/Mac/x86/libsnappyjava.jnilib;osname=macosx;processor=x86,org/xerial/snappy/native/Mac/x86_64/libsnappyjava.dylib;osname=macosx;processor=x86-64,org/xerial/snappy/native/Mac/aarch64/libsnappyjava.dylib;osname=macosx;processor=aarch64,org/xerial/snappy/native/Linux/x86_64/libsnappyjava.so;osname=linux;processor=x86-64,org/xerial/snappy/native/Linux/x86_64/libsnappyjava.so;osname=linux;processor=x64,org/xerial/snappy/native/Linux/x86_64/libsnappyjava.so;osname=linux;processor=amd64,org/xerial/snappy/native/Linux/x86/libsnappyjava.so;osname=linux;processor=x86,org/xerial/snappy/native/Linux/aarch64/libsnappyjava.so;osname=linux;processor=aarch64,org/xerial/snappy/native/Linux/riscv64/libsnappyjava.so;osname=linux;processor=riscv64,org/xerial/snappy/native/Linux/arm/libsnappyjava.so;osname=linux;processor=arm,org/xerial/snappy/native/Linux/armv7/libsnappyjava.so;osname=linux;processor=arm_le,org/xerial/snappy/native/Linux/ppc64/libsnappyjava.so;osname=linux;processor=ppc64le,org/xerial/snappy/native/Linux/s390x/libsnappyjava.so;osname=linux;processor=s390x,org/xerial/snappy/native/Linux/loongarch64/libsnappyjava.so;osname=linux;processor=loongarch64,org/xerial/snappy/native/AIX/ppc/libsnappyjava.a;osname=aix;processor=ppc,org/xerial/snappy/native/AIX/ppc64/libsnappyjava.a;osname=aix;processor=ppc64,org/xerial/snappy/native/SunOS/x86/libsnappyjava.so;osname=sunos;processor=x86,org/xerial/snappy/native/SunOS/x86_64/libsnappyjava.so;osname=sunos;processor=x86-64,org/xerial/snappy/native/SunOS/sparc/libsnappyjava.so;osname=sunos;processor=sparc	Low
Product	Manifest	bundle-symbolicname	org.xerial.snappy.snappy-java	Medium
Product	Manifest	Implementation-Title	snappy-java	High
Product	Manifest	implementation-url	https://github.com/xerial/snappy-java	Low
Product	Manifest	specification-title	snappy-java	Medium
Product	pom	artifactid	snappy-java	Highest
Product	pom	developer email	leo@xerial.org	Low
Product	pom	developer id	leo	Low
Product	pom	developer name	Taro L. Saito	Low
Product	pom	groupid	org.xerial.snappy	Highest
Product	pom	name	snappy-java	High
Product	pom	organization name	xerial.org	Low
Product	pom	url	xerial/snappy-java	High
Version	file	version	1.1.10.7	High
Version	Manifest	Bundle-Version	1.1.10.7	High
Version	Manifest	Implementation-Version	1.1.10.7	High
Version	pom	version	1.1.10.7	Highest

Identifiers

pkg:maven/org.xerial.snappy/snappy-java@1.1.10.7 (Confidence:High)
cpe:2.3:a:xerial:snappy-java:1.1.10.7:*:*:*:*:*:*:* (Confidence:Highest)

snappy-java-1.1.10.7.jar: snappyjava.dll

File Path: /home/runner/.m2/repository/org/xerial/snappy/snappy-java/1.1.10.7/snappy-java-1.1.10.7.jar/org/xerial/snappy/native/Windows/aarch64/snappyjava.dll
MD5: e048fff98f2eab2d60b8d1b0ba68c738
SHA1: 2b35231edb0e225390bb9811a859ffdac70a4f5c
SHA256:c8ffc0b29a931c12c134e62d78e78e60f4cb07d341176363729ad9ca64f65008
Referenced In Project/Scope: RealLifeDeveloper Common:runtime

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	snappyjava	High
Product	file	name	snappyjava	High

Identifiers

None

snappy-java-1.1.10.7.jar: snappyjava.dll

File Path: /home/runner/.m2/repository/org/xerial/snappy/snappy-java/1.1.10.7/snappy-java-1.1.10.7.jar/org/xerial/snappy/native/Windows/x86/snappyjava.dll
MD5: bf5815cae57523b4abc1e534c42be880
SHA1: 076d9af93933210cb53a952a88b8163b3b0210f5
SHA256:dd61eba39e26462d12828ca2c85a31bb6beec3ee0b27409ad78a92131a3a318a
Referenced In Project/Scope: RealLifeDeveloper Common:runtime

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	snappyjava	High
Product	file	name	snappyjava	High

Identifiers

None

snappy-java-1.1.10.7.jar: snappyjava.dll

File Path: /home/runner/.m2/repository/org/xerial/snappy/snappy-java/1.1.10.7/snappy-java-1.1.10.7.jar/org/xerial/snappy/native/Windows/x86_64/snappyjava.dll
MD5: bbf1620e74dd44a34e5a86ccd1c9dc70
SHA1: e4150416cdb0f65ee39e0f1c0c921e3ff9937d4e
SHA256:3879fdfd746b77f29e6fade812669796c8dfcf4db2f5d5409b10c5e584ae5494
Referenced In Project/Scope: RealLifeDeveloper Common:runtime

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	snappyjava	High
Product	file	name	snappyjava	High

Identifiers

None

spotbugs-annotations-4.9.8.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html

File Path: /home/runner/.m2/repository/com/github/spotbugs/spotbugs-annotations/4.9.8/spotbugs-annotations-4.9.8.jar
MD5: d4c2e7bd090be697ad409a4e75684a94
SHA1: ca4a2783a6123e67124fd7feb4caccd2e2ac9a73
SHA256:6f69d6fe9c55a54dcb30e87d8fa2d5f52246af50d7a3445246d9539ef221be1c
Referenced In Project/Scope: RealLifeDeveloper Common:provided
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spotbugs-annotations	High
Vendor	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.8	Low
Vendor	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Vendor	pom	artifactid	spotbugs-annotations	Highest
Vendor	pom	artifactid	spotbugs-annotations	Low
Vendor	pom	developer email	andreas.sewe@codetrails.com	Low
Vendor	pom	developer email	dbrosius@mebigfatguy.com	Low
Vendor	pom	developer email	loskutov@gmx.de	Low
Vendor	pom	developer email	skypencil@gmail.com	Low
Vendor	pom	developer id	henrik242	Medium
Vendor	pom	developer id	iloveeclipse	Medium
Vendor	pom	developer id	jsotuyod	Medium
Vendor	pom	developer id	KengoTODA	Medium
Vendor	pom	developer id	mebigfatguy	Medium
Vendor	pom	developer id	sewe	Medium
Vendor	pom	developer id	ThrawnCA	Medium
Vendor	pom	developer name	Andreas Sewe	Medium
Vendor	pom	developer name	Andrey Loskutov	Medium
Vendor	pom	developer name	Dave Brosius	Medium
Vendor	pom	developer name	Juan Martín Sotuyo Dodero	Medium
Vendor	pom	developer name	Kengo TODA	Medium
Vendor	pom	groupid	com.github.spotbugs	Highest
Vendor	pom	name	SpotBugs Annotations	High
Vendor	pom	url	https://spotbugs.github.io/	Highest
Product	file	name	spotbugs-annotations	High
Product	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Product	Manifest	Bundle-Name	spotbugs-annotations	Medium
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-1.8	Low
Product	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Product	pom	artifactid	spotbugs-annotations	Highest
Product	pom	developer email	andreas.sewe@codetrails.com	Low
Product	pom	developer email	dbrosius@mebigfatguy.com	Low
Product	pom	developer email	loskutov@gmx.de	Low
Product	pom	developer email	skypencil@gmail.com	Low
Product	pom	developer id	henrik242	Low
Product	pom	developer id	iloveeclipse	Low
Product	pom	developer id	jsotuyod	Low
Product	pom	developer id	KengoTODA	Low
Product	pom	developer id	mebigfatguy	Low
Product	pom	developer id	sewe	Low
Product	pom	developer id	ThrawnCA	Low
Product	pom	developer name	Andreas Sewe	Low
Product	pom	developer name	Andrey Loskutov	Low
Product	pom	developer name	Dave Brosius	Low
Product	pom	developer name	Juan Martín Sotuyo Dodero	Low
Product	pom	developer name	Kengo TODA	Low
Product	pom	groupid	com.github.spotbugs	Highest
Product	pom	name	SpotBugs Annotations	High
Product	pom	url	https://spotbugs.github.io/	Medium
Version	file	version	4.9.8	High
Version	Manifest	Bundle-Version	4.9.8	High
Version	pom	version	4.9.8	Highest

Identifiers

pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.8 (Confidence:High)

spring-core-7.0.6.jar

Description:

Spring Core

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/runner/.m2/repository/org/springframework/spring-core/7.0.6/spring-core-7.0.6.jar
MD5: 1f3d2895637b5748500480f1751d19f2
SHA1: 5e4e7fd5bee4be66a0786abe0c90419a713114b5
SHA256:cfb7a8255748c86c59b73611cca168e7476db38d8621c992cb6f1cc55f357e8e
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/org.springframework/spring-context@7.0.6

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spring-core	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	io	Highest
Vendor	jar	package name	org	Highest
Vendor	jar	package name	springframework	Highest
Vendor	Manifest	automatic-module-name	spring.core	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	spring-core	Highest
Vendor	pom	artifactid	spring-core	Low
Vendor	pom	developer email	juergen.hoeller@broadcom.com	Low
Vendor	pom	developer id	jhoeller	Medium
Vendor	pom	developer name	Juergen Hoeller	Medium
Vendor	pom	groupid	org.springframework	Highest
Vendor	pom	name	Spring Core	High
Vendor	pom	organization name	Spring IO	High
Vendor	pom	organization url	https://spring.io/projects/spring-framework	Medium
Vendor	pom	url	spring-projects/spring-framework	Highest
Product	file	name	spring-core	High
Product	hint analyzer	product	springsource_spring_framework	Highest
Product	jar	package name	core	Highest
Product	jar	package name	io	Highest
Product	jar	package name	org	Highest
Product	jar	package name	springframework	Highest
Product	Manifest	automatic-module-name	spring.core	Medium
Product	Manifest	Implementation-Title	spring-core	High
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	spring-core	Highest
Product	pom	developer email	juergen.hoeller@broadcom.com	Low
Product	pom	developer id	jhoeller	Low
Product	pom	developer name	Juergen Hoeller	Low
Product	pom	groupid	org.springframework	Highest
Product	pom	name	Spring Core	High
Product	pom	organization name	Spring IO	Low
Product	pom	organization url	https://spring.io/projects/spring-framework	Low
Product	pom	url	spring-projects/spring-framework	High
Version	file	version	7.0.6	High
Version	Manifest	Implementation-Version	7.0.6	High
Version	pom	version	7.0.6	Highest

Related Dependencies

spring-aop-7.0.6.jar
- File Path: /home/runner/.m2/repository/org/springframework/spring-aop/7.0.6/spring-aop-7.0.6.jar
- MD5: 79c2f69e3de92ee61f454ffae83faf3a
- SHA1: 1b8358db4326013f8cfcbf22061aa076489dfbbe
- SHA256: d02a9e1e30a9b85b02c5e54b0e86745a657011b1dd124028b9bc387ee9f43a65
- pkg:maven/org.springframework/spring-aop@7.0.6
spring-beans-7.0.6.jar
- File Path: /home/runner/.m2/repository/org/springframework/spring-beans/7.0.6/spring-beans-7.0.6.jar
- MD5: d14622b4c57452f78dbf350996b805c6
- SHA1: e8433956653fd38cf0b1d8769484ca8411123713
- SHA256: 5e789cf3e7c8ee748c26ce6adcd76f50c4f1df6b4deed705483c7a3b0f6d991f
- pkg:maven/org.springframework/spring-beans@7.0.6
spring-context-7.0.6.jar
- File Path: /home/runner/.m2/repository/org/springframework/spring-context/7.0.6/spring-context-7.0.6.jar
- MD5: 9ef8514ad19e44a0b414b91d465920df
- SHA1: e722fa5455c1be437de1947d570506cb2bb142e9
- SHA256: ba2920d69d96683425c0e6cc3717715d8ec1225988dcb1a6017815b70cf29d66
- pkg:maven/org.springframework/spring-context@7.0.6
spring-expression-7.0.6.jar
- File Path: /home/runner/.m2/repository/org/springframework/spring-expression/7.0.6/spring-expression-7.0.6.jar
- MD5: 3304017174d9e304ef7aa0fcc0f21eac
- SHA1: c00c73c545c81e2eae224a46a7c509fca74a2860
- SHA256: 14b11a2948cee1367ef661b56d753dc705119b6bb53babf704a2221d37eed427
- pkg:maven/org.springframework/spring-expression@7.0.6
spring-jdbc-7.0.6.jar
- File Path: /home/runner/.m2/repository/org/springframework/spring-jdbc/7.0.6/spring-jdbc-7.0.6.jar
- MD5: 288f4ef0705e482bf9c784c5bc761fb9
- SHA1: 5640a8dd396b13e5ecc7ad222c0788eb0214a743
- SHA256: 738a2ceacefad3be1e48d070e723def47778b6a09d84461e8af8e639e0323c40
- pkg:maven/org.springframework/spring-jdbc@7.0.6
spring-messaging-7.0.6.jar
- File Path: /home/runner/.m2/repository/org/springframework/spring-messaging/7.0.6/spring-messaging-7.0.6.jar
- MD5: 84636276653e25b53db3ef3ea6ae1620
- SHA1: 9b1fe6eb94f75b85ba75242a24c145be8ffc3beb
- SHA256: 644e7c2468bfa3d9e79fb60c4d45596e3b211a58b1a3f20ffde0d20c70b94824
- pkg:maven/org.springframework/spring-messaging@7.0.6
spring-orm-7.0.6.jar
- File Path: /home/runner/.m2/repository/org/springframework/spring-orm/7.0.6/spring-orm-7.0.6.jar
- MD5: 2bf0c20711aaac675a001e87fdbbfe0a
- SHA1: 719bd92fe383fcc5b084675667da870ff8dabeca
- SHA256: 457c48837e1b607e88aba6b4056f3dda298157cec584e2ae6daf24051e07c7a8
- pkg:maven/org.springframework/spring-orm@7.0.6
spring-tx-7.0.6.jar
- File Path: /home/runner/.m2/repository/org/springframework/spring-tx/7.0.6/spring-tx-7.0.6.jar
- MD5: c51e9c0b0b5517e0a3c6fac41e9fde72
- SHA1: 94e443fe301137d8fec6f8092e10ed62bd6432b3
- SHA256: ba782496bbc87831e02ae502b0088de181cba1a9518ca8b0f2ffeadfd2cb8092
- pkg:maven/org.springframework/spring-tx@7.0.6
spring-web-7.0.6.jar
- File Path: /home/runner/.m2/repository/org/springframework/spring-web/7.0.6/spring-web-7.0.6.jar
- MD5: 0533b4281a79336d7fa366fc26b4c798
- SHA1: 2baeb353efd42374239cc45e8d02780d6c6e7a77
- SHA256: 6a63ffb7b744f3e48ad049576f63697d635c3089f551379368e06a22d2d046c9
- pkg:maven/org.springframework/spring-web@7.0.6

Identifiers

pkg:maven/org.springframework/spring-core@7.0.6 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_framework:7.0.6:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:springsource:spring_framework:7.0.6:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_framework:7.0.6:*:*:*:*:*:*:* (Confidence:Highest)

spring-data-commons-4.0.4.jar

Description:

Core Spring concepts underpinning every Spring Data module.

File Path: /home/runner/.m2/repository/org/springframework/data/spring-data-commons/4.0.4/spring-data-commons-4.0.4.jar
MD5: 565deb16a8c8f4321836bd6919661ab6
SHA1: 7770d18057ad59f7af71584c45583f303d17a6f0
SHA256:ccbc609c1d8ac0faec43e1f2a19608af88e5cab8ebe0522ae7f0d16075182bba
Referenced In Project/Scope: RealLifeDeveloper Common:compile
spring-data-commons-4.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.springframework.data/spring-data-jpa@4.0.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spring-data-commons	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	data	Highest
Vendor	jar	package name	springframework	Highest
Vendor	Manifest	automatic-module-name	spring.data.commons	Medium
Vendor	Manifest	build-jdk-spec	25	Low
Vendor	pom	artifactid	spring-data-commons	Highest
Vendor	pom	artifactid	spring-data-commons	Low
Vendor	pom	groupid	org.springframework.data	Highest
Vendor	pom	name	Spring Data Core	High
Vendor	pom	parent-artifactid	spring-data-parent	Low
Vendor	pom	parent-groupid	org.springframework.data.build	Medium
Vendor	pom	url	https://spring.io/projects/spring-data	Highest
Product	file	name	spring-data-commons	High
Product	jar	package name	core	Highest
Product	jar	package name	data	Highest
Product	jar	package name	springframework	Highest
Product	Manifest	automatic-module-name	spring.data.commons	Medium
Product	Manifest	build-jdk-spec	25	Low
Product	Manifest	Implementation-Title	Spring Data Core	High
Product	pom	artifactid	spring-data-commons	Highest
Product	pom	groupid	org.springframework.data	Highest
Product	pom	name	Spring Data Core	High
Product	pom	parent-artifactid	spring-data-parent	Medium
Product	pom	parent-groupid	org.springframework.data.build	Medium
Product	pom	url	https://spring.io/projects/spring-data	Medium
Version	file	version	4.0.4	High
Version	Manifest	Implementation-Version	4.0.4	High
Version	pom	version	4.0.4	Highest

Identifiers

pkg:maven/org.springframework.data/spring-data-commons@4.0.4 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_data_commons:4.0.4:*:*:*:*:*:*:* (Confidence:Highest)

spring-data-jpa-4.0.4.jar

Description:

Spring Data module for JPA repositories.

File Path: /home/runner/.m2/repository/org/springframework/data/spring-data-jpa/4.0.4/spring-data-jpa-4.0.4.jar
MD5: aebe772f4d490a257d918bac544dc1a3
SHA1: 4421c139d505613ee2bb4cee1f8d51c219e36380
SHA256:bbd485c2b8edc67e81dfb8107ba232d8ede900e78b0e98fa1b2367d79c5d3ddf
Referenced In Project/Scope: RealLifeDeveloper Common:compile
spring-data-jpa-4.0.4.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spring-data-jpa	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	data	Highest
Vendor	jar	package name	jpa	Highest
Vendor	jar	package name	springframework	Highest
Vendor	Manifest	automatic-module-name	spring.data.jpa	Medium
Vendor	Manifest	build-jdk-spec	25	Low
Vendor	pom	artifactid	spring-data-jpa	Highest
Vendor	pom	artifactid	spring-data-jpa	Low
Vendor	pom	groupid	org.springframework.data	Highest
Vendor	pom	name	Spring Data JPA	High
Vendor	pom	parent-artifactid	spring-data-jpa-parent	Low
Vendor	pom	url	https://projects.spring.io/spring-data-jpa	Highest
Product	file	name	spring-data-jpa	High
Product	jar	package name	data	Highest
Product	jar	package name	jpa	Highest
Product	jar	package name	springframework	Highest
Product	Manifest	automatic-module-name	spring.data.jpa	Medium
Product	Manifest	build-jdk-spec	25	Low
Product	Manifest	Implementation-Title	Spring Data JPA	High
Product	pom	artifactid	spring-data-jpa	Highest
Product	pom	groupid	org.springframework.data	Highest
Product	pom	name	Spring Data JPA	High
Product	pom	parent-artifactid	spring-data-jpa-parent	Medium
Product	pom	url	https://projects.spring.io/spring-data-jpa	Medium
Version	file	version	4.0.4	High
Version	Manifest	Implementation-Version	4.0.4	High
Version	pom	version	4.0.4	Highest

Identifiers

pkg:maven/org.springframework.data/spring-data-jpa@4.0.4 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_data_jpa:4.0.4:*:*:*:*:*:*:* (Confidence:Highest)

spring-kafka-4.0.4.jar

Description:

Spring Kafka Support

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/springframework/kafka/spring-kafka/4.0.4/spring-kafka-4.0.4.jar
MD5: aa471e140f6a1d47466d792ba63eaf37
SHA1: 92ad03c6839539b25d485fe25d5be66b34a95071
SHA256:1948c044e2a58420069783f556f822ae3d42412c697e85f3bde335772aacfd1b
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spring-kafka	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	kafka	Highest
Vendor	jar	package name	springframework	Highest
Vendor	jar	package name	support	Highest
Vendor	Manifest	automatic-module-name	spring.kafka	Medium
Vendor	Manifest	implementation-url	https://github.com/spring-projects/spring-kafka	Low
Vendor	Manifest	Implementation-Vendor	Broadcom Inc.	High
Vendor	Manifest	Implementation-Vendor-Id	org.springframework.kafka	Medium
Vendor	pom	artifactid	spring-kafka	Highest
Vendor	pom	artifactid	spring-kafka	Low
Vendor	pom	developer email	artem.bilan@broadcom.com	Low
Vendor	pom	developer email	github@gprussell.net	Low
Vendor	pom	developer email	soby.chacko@broadcom.com	Low
Vendor	pom	developer id	artembilan	Medium
Vendor	pom	developer id	garyrussell	Medium
Vendor	pom	developer id	sobychacko	Medium
Vendor	pom	developer name	Artem Bilan	Medium
Vendor	pom	developer name	Gary Russell	Medium
Vendor	pom	developer name	Soby Chacko	Medium
Vendor	pom	groupid	org.springframework.kafka	Highest
Vendor	pom	name	Spring Kafka Support	High
Vendor	pom	organization name	Spring IO	High
Vendor	pom	organization url	https://spring.io/projects/spring-kafka	Medium
Vendor	pom	url	spring-projects/spring-kafka	Highest
Product	file	name	spring-kafka	High
Product	jar	package name	kafka	Highest
Product	jar	package name	springframework	Highest
Product	jar	package name	support	Highest
Product	Manifest	automatic-module-name	spring.kafka	Medium
Product	Manifest	Implementation-Title	spring-kafka	High
Product	Manifest	implementation-url	https://github.com/spring-projects/spring-kafka	Low
Product	pom	artifactid	spring-kafka	Highest
Product	pom	developer email	artem.bilan@broadcom.com	Low
Product	pom	developer email	github@gprussell.net	Low
Product	pom	developer email	soby.chacko@broadcom.com	Low
Product	pom	developer id	artembilan	Low
Product	pom	developer id	garyrussell	Low
Product	pom	developer id	sobychacko	Low
Product	pom	developer name	Artem Bilan	Low
Product	pom	developer name	Gary Russell	Low
Product	pom	developer name	Soby Chacko	Low
Product	pom	groupid	org.springframework.kafka	Highest
Product	pom	name	Spring Kafka Support	High
Product	pom	organization name	Spring IO	Low
Product	pom	organization url	https://spring.io/projects/spring-kafka	Low
Product	pom	url	spring-projects/spring-kafka	High
Version	file	version	4.0.4	High
Version	Manifest	Implementation-Version	4.0.4	High
Version	pom	version	4.0.4	Highest

Identifiers

pkg:maven/org.springframework.kafka/spring-kafka@4.0.4 (Confidence:High)

spring-security-core-7.0.4.jar

Description:

Spring Security

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/runner/.m2/repository/org/springframework/security/spring-security-core/7.0.4/spring-security-core-7.0.4.jar
MD5: 0bf84b382b3ef55db133bac30ce7d5ff
SHA1: 9e4c8cca413a8962ada9c93094da26a440976c14
SHA256:f177aeb00a35e129803502627547768179e9fafe85b1691954c51fdeb48caf3d
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spring-security-core	High
Vendor	hint analyzer	vendor	pivotal software	Highest
Vendor	hint analyzer	vendor	SpringSource	Highest
Vendor	hint analyzer	vendor	vmware	Highest
Vendor	jar	package name	core	Highest
Vendor	jar	package name	security	Highest
Vendor	jar	package name	springframework	Highest
Vendor	Manifest	automatic-module-name	spring.security.core	Medium
Vendor	pom	artifactid	spring-security-core	Highest
Vendor	pom	artifactid	spring-security-core	Low
Vendor	pom	developer email	info@pivotal.io	Low
Vendor	pom	developer name	Pivotal	Medium
Vendor	pom	developer org	Pivotal Software, Inc.	Medium
Vendor	pom	developer org URL	https://www.spring.io	Medium
Vendor	pom	groupid	org.springframework.security	Highest
Vendor	pom	name	spring-security-core	High
Vendor	pom	organization name	Pivotal Software, Inc.	High
Vendor	pom	organization url	https://spring.io	Medium
Vendor	pom	url	https://spring.io/projects/spring-security	Highest
Product	file	name	spring-security-core	High
Product	jar	package name	core	Highest
Product	jar	package name	security	Highest
Product	jar	package name	springframework	Highest
Product	Manifest	automatic-module-name	spring.security.core	Medium
Product	Manifest	Implementation-Title	spring-security-core	High
Product	pom	artifactid	spring-security-core	Highest
Product	pom	developer email	info@pivotal.io	Low
Product	pom	developer name	Pivotal	Low
Product	pom	developer org	Pivotal Software, Inc.	Low
Product	pom	developer org URL	https://www.spring.io	Low
Product	pom	groupid	org.springframework.security	Highest
Product	pom	name	spring-security-core	High
Product	pom	organization name	Pivotal Software, Inc.	Low
Product	pom	organization url	https://spring.io	Low
Product	pom	url	https://spring.io/projects/spring-security	Medium
Version	file	version	7.0.4	High
Version	Manifest	Implementation-Version	7.0.4	High
Version	pom	version	7.0.4	Highest

Related Dependencies

Identifiers

pkg:maven/org.springframework.security/spring-security-core@7.0.4 (Confidence:High)
cpe:2.3:a:pivotal_software:spring_security:7.0.4:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:vmware:spring_security:7.0.4:*:*:*:*:*:*:* (Confidence:Highest)

tomcat-jdbc-11.0.21.jar

Description:

Tomcat JDBC Pool Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-jdbc/11.0.21/tomcat-jdbc-11.0.21.jar
MD5: 38b3b6076bb9fe8028230e118f7a2fce
SHA1: eefeced8281064c4ab4ee8847f9904218b67a52e
SHA256:709585491a8bfba1174859607303e509e8d1ce642812b3871ef099a357e8ee87
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/com.reallifedeveloper/rld-common@3.0.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	tomcat-jdbc	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	jdbc	Highest
Vendor	jar	package name	pool	Highest
Vendor	jar	package name	tomcat	Highest
Vendor	Manifest	bundle-symbolicname	org.apache.tomcat.jdbc	Medium
Vendor	pom	artifactid	tomcat-jdbc	Highest
Vendor	pom	artifactid	tomcat-jdbc	Low
Vendor	pom	groupid	org.apache.tomcat	Highest
Vendor	pom	url	https://tomcat.apache.org/	Highest
Product	file	name	tomcat-jdbc	High
Product	jar	package name	apache	Highest
Product	jar	package name	jdbc	Highest
Product	jar	package name	pool	Highest
Product	jar	package name	tomcat	Highest
Product	Manifest	Bundle-Name	Apache Tomcat JDBC Connection Pool	Medium
Product	Manifest	bundle-symbolicname	org.apache.tomcat.jdbc	Medium
Product	pom	artifactid	tomcat-jdbc	Highest
Product	pom	groupid	org.apache.tomcat	Highest
Product	pom	url	https://tomcat.apache.org/	Medium
Version	file	version	11.0.21	High
Version	Manifest	Bundle-Version	11.0.21	High
Version	pom	version	11.0.21	Highest

Identifiers

pkg:maven/org.apache.tomcat/tomcat-jdbc@11.0.21 (Confidence:High)

tomcat-juli-11.0.21.jar

Description:

Tomcat Core Logging Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/runner/.m2/repository/org/apache/tomcat/tomcat-juli/11.0.21/tomcat-juli-11.0.21.jar
MD5: 5d166faaf17d894ad3256eb2e429bb79
SHA1: 75a87488135196efa3d8a23a8fba1528c5906c53
SHA256:a67ce591598aad0bdfcf9269ee27cdf54309c1888200df75994224f16936281f
Referenced In Project/Scope: RealLifeDeveloper Common:compile
pkg:maven/org.apache.tomcat/tomcat-jdbc@11.0.21

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	tomcat-juli	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	juli	Highest
Vendor	jar	package name	logging	Highest
Vendor	Manifest	bundle-symbolicname	org.apache.tomcat-juli	Medium
Vendor	Manifest	Implementation-Vendor	Apache Software Foundation	High
Vendor	Manifest	specification-vendor	Apache Software Foundation	Low
Vendor	pom	artifactid	tomcat-juli	Highest
Vendor	pom	artifactid	tomcat-juli	Low
Vendor	pom	groupid	org.apache.tomcat	Highest
Vendor	pom	url	https://tomcat.apache.org/	Highest
Product	file	name	tomcat-juli	High
Product	jar	package name	apache	Highest
Product	jar	package name	juli	Highest
Product	jar	package name	logging	Highest
Product	Manifest	Bundle-Name	tomcat-juli	Medium
Product	Manifest	bundle-symbolicname	org.apache.tomcat-juli	Medium
Product	Manifest	Implementation-Title	Apache Tomcat	High
Product	Manifest	specification-title	Apache Tomcat	Medium
Product	pom	artifactid	tomcat-juli	Highest
Product	pom	groupid	org.apache.tomcat	Highest
Product	pom	url	https://tomcat.apache.org/	Medium
Version	file	version	11.0.21	High
Version	Manifest	Bundle-Version	11.0.21	High
Version	Manifest	Implementation-Version	11.0.21	High
Version	pom	version	11.0.21	Highest

Identifiers

pkg:maven/org.apache.tomcat/tomcat-juli@11.0.21 (Confidence:High)

zstd-jni-1.5.6-10.jar

Description:

JNI bindings for Zstd native library that provides fast and high compression lossless algorithm for Java and all JVM languages.

License:

BSD 2-Clause License: https://opensource.org/licenses/BSD-2-Clause

File Path: /home/runner/.m2/repository/com/github/luben/zstd-jni/1.5.6-10/zstd-jni-1.5.6-10.jar
MD5: 93299f5422c91c08b9e4b7c5e401dd56
SHA1: 7e146ecb598af55d1f64d1c118af27569a848558
SHA256:b6c3237e24b8252a5a9c3a0e1ae30ef8f323412e74bd358548b7a9e527d676df
Referenced In Project/Scope: RealLifeDeveloper Common:runtime
pkg:maven/org.springframework.kafka/spring-kafka@4.0.4

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	zstd-jni	High
Vendor	jar	package name	github	Highest
Vendor	jar	package name	luben	Highest
Vendor	jar	package name	zstd	Highest
Vendor	Manifest	bundle-nativecode	darwin/x86_64/libzstd-jni-1.5.6-10.dylib;osname=MacOS;osname=MacOSX;processor=x86_64,darwin/aarch64/libzstd-jni-1.5.6-10.dylib;osname=MacOS;osname=MacOSX;processor=aarch64,freebsd/amd64/libzstd-jni-1.5.6-10.so;osname=FreeBSD;processor=amd64,freebsd/i386/libzstd-jni-1.5.6-10.so;osname=FreeBSD;processor=i386,linux/aarch64/libzstd-jni-1.5.6-10.so;osname=Linux;processor=aarch64,linux/amd64/libzstd-jni-1.5.6-10.so;osname=Linux;processor=amd64,linux/arm/libzstd-jni-1.5.6-10.so;osname=Linux;processor=arm,linux/i386/libzstd-jni-1.5.6-10.so;osname=Linux;processor=i386,linux/mips64/libzstd-jni-1.5.6-10.so;osname=Linux;processor=mips64,linux/loongarch64/libzstd-jni-1.5.6-10.so;osname=Linux;processor=loongarch64,linux/ppc64/libzstd-jni-1.5.6-10.so;osname=Linux;processor=ppc64,linux/ppc64le/libzstd-jni-1.5.6-10.so;osname=Linux;processor=ppc64le,linux/riscv64/libzstd-jni-1.5.6-10.so;osname=Linux;processor=riscv64,linux/s390x/libzstd-jni-1.5.6-10.so;osname=Linux;processor=s390x,win/amd64/libzstd-jni-1.5.6-10.dll;osname=Win32;processor=amd64,win/aarch64/libzstd-jni-1.5.6-10.dll;osname=Win32;processor=aarch64,win/x86/libzstd-jni-1.5.6-10.dll;osname=Win32;processor=x86,aix/ppc64/libzstd-jni-1.5.6-10.so;osname=AIX;processor=ppc64	Low
Vendor	Manifest	bundle-symbolicname	com.github.luben.zstd-jni	Medium
Vendor	Manifest	Implementation-Vendor	com.github.luben	High
Vendor	Manifest	Implementation-Vendor-Id	com.github.luben	Medium
Vendor	Manifest	specification-vendor	com.github.luben	Low
Vendor	pom	artifactid	zstd-jni	Highest
Vendor	pom	artifactid	zstd-jni	Low
Vendor	pom	developer email	karavelov@gmail.com	Low
Vendor	pom	developer id	karavelov	Medium
Vendor	pom	developer name	Luben Karavelov	Medium
Vendor	pom	developer org	com.github.luben	Medium
Vendor	pom	developer org URL	https://github.com/luben	Medium
Vendor	pom	groupid	com.github.luben	Highest
Vendor	pom	name	zstd-jni	High
Vendor	pom	organization name	com.github.luben	High
Vendor	pom	url	luben/zstd-jni	Highest
Product	file	name	zstd-jni	High
Product	jar	package name	github	Highest
Product	jar	package name	luben	Highest
Product	jar	package name	zstd	Highest
Product	Manifest	Bundle-Name	zstd-jni	Medium
Product	Manifest	bundle-nativecode	darwin/x86_64/libzstd-jni-1.5.6-10.dylib;osname=MacOS;osname=MacOSX;processor=x86_64,darwin/aarch64/libzstd-jni-1.5.6-10.dylib;osname=MacOS;osname=MacOSX;processor=aarch64,freebsd/amd64/libzstd-jni-1.5.6-10.so;osname=FreeBSD;processor=amd64,freebsd/i386/libzstd-jni-1.5.6-10.so;osname=FreeBSD;processor=i386,linux/aarch64/libzstd-jni-1.5.6-10.so;osname=Linux;processor=aarch64,linux/amd64/libzstd-jni-1.5.6-10.so;osname=Linux;processor=amd64,linux/arm/libzstd-jni-1.5.6-10.so;osname=Linux;processor=arm,linux/i386/libzstd-jni-1.5.6-10.so;osname=Linux;processor=i386,linux/mips64/libzstd-jni-1.5.6-10.so;osname=Linux;processor=mips64,linux/loongarch64/libzstd-jni-1.5.6-10.so;osname=Linux;processor=loongarch64,linux/ppc64/libzstd-jni-1.5.6-10.so;osname=Linux;processor=ppc64,linux/ppc64le/libzstd-jni-1.5.6-10.so;osname=Linux;processor=ppc64le,linux/riscv64/libzstd-jni-1.5.6-10.so;osname=Linux;processor=riscv64,linux/s390x/libzstd-jni-1.5.6-10.so;osname=Linux;processor=s390x,win/amd64/libzstd-jni-1.5.6-10.dll;osname=Win32;processor=amd64,win/aarch64/libzstd-jni-1.5.6-10.dll;osname=Win32;processor=aarch64,win/x86/libzstd-jni-1.5.6-10.dll;osname=Win32;processor=x86,aix/ppc64/libzstd-jni-1.5.6-10.so;osname=AIX;processor=ppc64	Low
Product	Manifest	bundle-symbolicname	com.github.luben.zstd-jni	Medium
Product	Manifest	Implementation-Title	zstd-jni	High
Product	Manifest	specification-title	zstd-jni	Medium
Product	pom	artifactid	zstd-jni	Highest
Product	pom	developer email	karavelov@gmail.com	Low
Product	pom	developer id	karavelov	Low
Product	pom	developer name	Luben Karavelov	Low
Product	pom	developer org	com.github.luben	Low
Product	pom	developer org URL	https://github.com/luben	Low
Product	pom	groupid	com.github.luben	Highest
Product	pom	name	zstd-jni	High
Product	pom	organization name	com.github.luben	Low
Product	pom	url	luben/zstd-jni	High
Version	Manifest	Implementation-Version	1.5.6-10	High
Version	pom	version	1.5.6-10	Highest

Identifiers

pkg:maven/com.github.luben/zstd-jni@1.5.6-10 (Confidence:High)

zstd-jni-1.5.6-10.jar: libzstd-jni-1.5.6-10.dll

File Path: /home/runner/.m2/repository/com/github/luben/zstd-jni/1.5.6-10/zstd-jni-1.5.6-10.jar/win/aarch64/libzstd-jni-1.5.6-10.dll
MD5: fcca7fbcff1ddc750350750f12d41cb1
SHA1: 72dd401e86d3aef67daad672f11349862c054827
SHA256:1e26e1d71a16a8d5416cae974662828893df9e7da333f8602661e2e89a80309b
Referenced In Project/Scope: RealLifeDeveloper Common:runtime

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	libzstd-jni	High
Product	file	name	libzstd-jni	High
Version	file	name	libzstd-jni	Medium
Version	file	version	1.5.6.10	High

Identifiers

None

zstd-jni-1.5.6-10.jar: libzstd-jni-1.5.6-10.dll

File Path: /home/runner/.m2/repository/com/github/luben/zstd-jni/1.5.6-10/zstd-jni-1.5.6-10.jar/win/amd64/libzstd-jni-1.5.6-10.dll
MD5: ce287e8dea537d3acbda8f2482c2d37d
SHA1: 2baab66a170639d4df506decb49029931634a69a
SHA256:35a19029edf45958d22c4d6f2f32a6476115952ec09ffba44e5ab72516f207b4
Referenced In Project/Scope: RealLifeDeveloper Common:runtime

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	libzstd-jni	High
Product	file	name	libzstd-jni	High
Version	file	name	libzstd-jni	Medium
Version	file	version	1.5.6.10	High

Identifiers

None

zstd-jni-1.5.6-10.jar: libzstd-jni-1.5.6-10.dll

File Path: /home/runner/.m2/repository/com/github/luben/zstd-jni/1.5.6-10/zstd-jni-1.5.6-10.jar/win/x86/libzstd-jni-1.5.6-10.dll
MD5: 27759f91efabb0b8afb562ea4ebfab2c
SHA1: 797058d885cb3dbcb10bd46701464035f3ab5183
SHA256:b73a69920a6cd97afa0b022402356c61c449129065e26188c9c596d2a85c24b6
Referenced In Project/Scope: RealLifeDeveloper Common:runtime

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	libzstd-jni	High
Product	file	name	libzstd-jni	High
Version	file	name	libzstd-jni	Medium
Version	file	version	1.5.6.10	High

Identifiers

None

How to read the report | Suppressing false positives | Getting Help: github issues

Project: RealLifeDeveloper Common

com.reallifedeveloper:rld-common:3.0.0

Summary

Dependencies (vulnerable)

amqp-client-5.29.0.jar

Evidence

Identifiers

antlr4-runtime-4.13.2.jar

Evidence

Identifiers

checker-qual-3.55.1.jar

Evidence

Identifiers

commons-logging-1.3.5.jar

Evidence

Identifiers

error_prone_annotations-2.41.0.jar

Evidence

Identifiers

gson-2.13.2.jar

Evidence

Identifiers

jackson-annotations-2.21.jar

Evidence

Identifiers

jackson-core-2.21.2.jar

Evidence

Identifiers

jackson-databind-2.21.2.jar

Evidence

Identifiers

jackson-jakarta-rs-base-2.21.2.jar

Evidence

Identifiers

jackson-jakarta-rs-json-provider-2.21.2.jar

Evidence

Identifiers

jackson-module-jakarta-xmlbind-annotations-2.21.2.jar

Evidence

Identifiers

jakarta.activation-api-2.1.3.jar

Evidence

Identifiers

jakarta.annotation-api-3.0.0.jar

Evidence

Identifiers

jakarta.persistence-api-3.2.0.jar

Evidence

Identifiers

jakarta.servlet-api-6.1.0.jar

Evidence

Identifiers

jakarta.ws.rs-api-4.0.0.jar

Evidence

Identifiers

jakarta.xml.bind-api-4.0.5.jar

Evidence

Identifiers

jspecify-1.0.0.jar

Evidence

Identifiers

jsr305-3.0.2.jar

Evidence

Identifiers

kafka-clients-4.1.1.jar

Evidence

Identifiers

log4j-core-2.25.4.jar

Evidence

Related Dependencies

Identifiers

logback-core-1.5.32.jar

Evidence

Related Dependencies

Identifiers

lombok-1.18.44.jar

Evidence

Identifiers

lombok-1.18.44.jar: mavenEcjBootstrapAgent.jar