Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies;
false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and
the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties,
implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided
is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever
arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
Scan Information (
show all):
- dependency-check version: 10.0.4
- Report Generated On: Fri, 4 Oct 2024 11:14:28 +0200
- Dependencies Scanned: 7 (6 unique)
- Vulnerable Dependencies: 0
- Vulnerabilities Found: 0
- Vulnerabilities Suppressed: 0
- ...
- NVD API Last Checked: 2024-10-04T10:43:26+02
- NVD API Last Modified: 2024-10-04T07:15:03Z
Summary
Display:
Showing Vulnerable Dependencies (click to show all) commons-net-3.11.1.jar
Description:
Apache Commons Net library contains a collection of network utilities and protocol implementations.
Supported protocols include Echo, Finger, FTP, NNTP, NTP, POP3(S), SMTP(S), Telnet, and Whois.
License:
https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\PowerStat\.m2\repository\commons-net\commons-net\3.11.1\commons-net-3.11.1.jar
MD5: 70d04eeadda06f916d05acbb8c1fc052
SHA1: f0689b01d2e3ef4b316bcc87360849a22f05d06d
SHA256:3bb861274992dba5487de328303745b7085de72694b63a3300be1e057144311e
Referenced In Project/Scope: PowerStatsValidationUtilities:compile
commons-net-3.11.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.powerstat.validation/validation@3.1.0
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | file | name | commons-net | High |
| Vendor | jar | package name | apache | Highest |
| Vendor | jar | package name | commons | Highest |
| Vendor | jar | package name | echo | Highest |
| Vendor | jar | package name | finger | Highest |
| Vendor | jar | package name | ftp | Highest |
| Vendor | jar | package name | net | Highest |
| Vendor | jar | package name | nntp | Highest |
| Vendor | jar | package name | pop3 | Highest |
| Vendor | jar | package name | smtp | Highest |
| Vendor | jar | package name | telnet | Highest |
| Vendor | jar | package name | whois | Highest |
| Vendor | Manifest | automatic-module-name | org.apache.commons.net | Medium |
| Vendor | Manifest | build-jdk-spec | 21 | Low |
| Vendor | Manifest | bundle-docurl | https://commons.apache.org/proper/commons-net/ | Low |
| Vendor | Manifest | bundle-symbolicname | org.apache.commons.commons-net | Medium |
| Vendor | Manifest | Implementation-Vendor | The Apache Software Foundation | High |
| Vendor | Manifest | multi-release | true | Low |
| Vendor | Manifest | specification-vendor | The Apache Software Foundation | Low |
| Vendor | pom | artifactid | commons-net | Highest |
| Vendor | pom | artifactid | commons-net | Low |
| Vendor | pom | developer email | bruno.davanzo@hp.com | Low |
| Vendor | pom | developer email | dfs@apache.org | Low |
| Vendor | pom | developer email | ggregory at apache.org | Low |
| Vendor | pom | developer email | Jeff.Brekke@qg.com | Low |
| Vendor | pom | developer email | rwinston@apache.org | Low |
| Vendor | pom | developer email | rwinston@checkfree.com | Low |
| Vendor | pom | developer email | scohen@apache.org | Low |
| Vendor | pom | developer id | brekke | Medium |
| Vendor | pom | developer id | brudav | Medium |
| Vendor | pom | developer id | dfs | Medium |
| Vendor | pom | developer id | ggregory | Medium |
| Vendor | pom | developer id | rwinston | Medium |
| Vendor | pom | developer id | scohen | Medium |
| Vendor | pom | developer name | Bruno D'Avanzo | Medium |
| Vendor | pom | developer name | Daniel F. Savarese | Medium |
| Vendor | pom | developer name | Gary Gregory | Medium |
| Vendor | pom | developer name | Jeffrey D. Brekke | Medium |
| Vendor | pom | developer name | Rory Winston | Medium |
| Vendor | pom | developer name | Steve Cohen | Medium |
| Vendor | pom | developer org |
<a href="http://www.savarese.com/">Savarese Software Research</a> | Medium |
| Vendor | pom | developer org | Hewlett-Packard | Medium |
| Vendor | pom | developer org | javactivity.org | Medium |
| Vendor | pom | developer org | Quad/Graphics, Inc. | Medium |
| Vendor | pom | developer org | The Apache Software Foundation | Medium |
| Vendor | pom | developer org URL | https://www.apache.org/ | Medium |
| Vendor | pom | groupid | commons-net | Highest |
| Vendor | pom | name | Apache Commons Net | High |
| Vendor | pom | parent-artifactid | commons-parent | Low |
| Vendor | pom | parent-groupid | org.apache.commons | Medium |
| Vendor | pom | url | https://commons.apache.org/proper/commons-net/ | Highest |
| Product | file | name | commons-net | High |
| Product | jar | package name | apache | Highest |
| Product | jar | package name | commons | Highest |
| Product | jar | package name | echo | Highest |
| Product | jar | package name | finger | Highest |
| Product | jar | package name | ftp | Highest |
| Product | jar | package name | net | Highest |
| Product | jar | package name | nntp | Highest |
| Product | jar | package name | pop3 | Highest |
| Product | jar | package name | smtp | Highest |
| Product | jar | package name | telnet | Highest |
| Product | jar | package name | whois | Highest |
| Product | Manifest | automatic-module-name | org.apache.commons.net | Medium |
| Product | Manifest | build-jdk-spec | 21 | Low |
| Product | Manifest | bundle-docurl | https://commons.apache.org/proper/commons-net/ | Low |
| Product | Manifest | Bundle-Name | Apache Commons Net | Medium |
| Product | Manifest | bundle-symbolicname | org.apache.commons.commons-net | Medium |
| Product | Manifest | Implementation-Title | Apache Commons Net | High |
| Product | Manifest | multi-release | true | Low |
| Product | Manifest | specification-title | Apache Commons Net | Medium |
| Product | pom | artifactid | commons-net | Highest |
| Product | pom | developer email | bruno.davanzo@hp.com | Low |
| Product | pom | developer email | dfs@apache.org | Low |
| Product | pom | developer email | ggregory at apache.org | Low |
| Product | pom | developer email | Jeff.Brekke@qg.com | Low |
| Product | pom | developer email | rwinston@apache.org | Low |
| Product | pom | developer email | rwinston@checkfree.com | Low |
| Product | pom | developer email | scohen@apache.org | Low |
| Product | pom | developer id | brekke | Low |
| Product | pom | developer id | brudav | Low |
| Product | pom | developer id | dfs | Low |
| Product | pom | developer id | ggregory | Low |
| Product | pom | developer id | rwinston | Low |
| Product | pom | developer id | scohen | Low |
| Product | pom | developer name | Bruno D'Avanzo | Low |
| Product | pom | developer name | Daniel F. Savarese | Low |
| Product | pom | developer name | Gary Gregory | Low |
| Product | pom | developer name | Jeffrey D. Brekke | Low |
| Product | pom | developer name | Rory Winston | Low |
| Product | pom | developer name | Steve Cohen | Low |
| Product | pom | developer org |
<a href="http://www.savarese.com/">Savarese Software Research</a> | Low |
| Product | pom | developer org | Hewlett-Packard | Low |
| Product | pom | developer org | javactivity.org | Low |
| Product | pom | developer org | Quad/Graphics, Inc. | Low |
| Product | pom | developer org | The Apache Software Foundation | Low |
| Product | pom | developer org URL | https://www.apache.org/ | Low |
| Product | pom | groupid | commons-net | Highest |
| Product | pom | name | Apache Commons Net | High |
| Product | pom | parent-artifactid | commons-parent | Medium |
| Product | pom | parent-groupid | org.apache.commons | Medium |
| Product | pom | url | https://commons.apache.org/proper/commons-net/ | Medium |
| Version | file | version | 3.11.1 | High |
| Version | Manifest | Bundle-Version | 3.11.1 | High |
| Version | Manifest | Implementation-Version | 3.11.1 | High |
| Version | pom | parent-version | 3.11.1 | Low |
| Version | pom | version | 3.11.1 | Highest |
jsr305-3.0.2.jar
Description:
JSR305 Annotations for Findbugs
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\PowerStat\.m2\repository\com\google\code\findbugs\jsr305\3.0.2\jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: PowerStatsValidationUtilities:compile
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | file | name | jsr305 | High |
| Vendor | Manifest | bundle-symbolicname | org.jsr-305 | Medium |
| Vendor | pom | artifactid | jsr305 | Highest |
| Vendor | pom | artifactid | jsr305 | Low |
| Vendor | pom | groupid | com.google.code.findbugs | Highest |
| Vendor | pom | name | FindBugs-jsr305 | High |
| Vendor | pom | url | http://findbugs.sourceforge.net/ | Highest |
| Product | file | name | jsr305 | High |
| Product | Manifest | Bundle-Name | FindBugs-jsr305 | Medium |
| Product | Manifest | bundle-symbolicname | org.jsr-305 | Medium |
| Product | pom | artifactid | jsr305 | Highest |
| Product | pom | groupid | com.google.code.findbugs | Highest |
| Product | pom | name | FindBugs-jsr305 | High |
| Product | pom | url | http://findbugs.sourceforge.net/ | Medium |
| Version | file | version | 3.0.2 | High |
| Version | Manifest | Bundle-Version | 3.0.2 | High |
| Version | pom | version | 3.0.2 | Highest |
log4j-core-2.23.1.jar
Description:
The Apache Log4j Implementation
License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\PowerStat\.m2\repository\org\apache\logging\log4j\log4j-core\2.23.1\log4j-core-2.23.1.jar
MD5: 34fad2df975cf874a2fdf4b797122f16
SHA1: 905802940e2c78042d75b837c136ac477d2b4e4d
SHA256:7079368005fc34f56248f57f8a8a53361c3a53e9007d556dbc66fc669df081b5
Referenced In Project/Scope: PowerStatsValidationUtilities:compile
log4j-core-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.powerstat.validation/validation@3.1.0
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | file | name | log4j-core | High |
| Vendor | jar | package name | apache | Highest |
| Vendor | jar | package name | core | Highest |
| Vendor | jar | package name | log4j | Highest |
| Vendor | jar | package name | logging | Highest |
| Vendor | jar | package name | org | Highest |
| Vendor | Manifest | build-jdk-spec | 17 | Low |
| Vendor | Manifest | bundle-activationpolicy | lazy | Low |
| Vendor | Manifest | bundle-symbolicname | org.apache.logging.log4j.core | Medium |
| Vendor | Manifest | Implementation-Vendor | The Apache Software Foundation | High |
| Vendor | Manifest | multi-release | true | Low |
| Vendor | Manifest | provide-capability | osgi.service;objectClass:List="javax.annotation.processing.Processor";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.core.util.ContextDataProvider";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.annotation.processing.Processor";register:="org.apache.logging.log4j.core.config.plugins.processor.PluginProcessor",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.core.util.ContextDataProvider";register:="org.apache.logging.log4j.core.impl.ThreadContextDataProvider",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";register:="org.apache.logging.log4j.core.message.ExtendedThreadInfoFactory",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.log4j.core.impl.Log4jProvider" | Low |
| Vendor | Manifest | specification-vendor | The Apache Software Foundation | Low |
| Vendor | pom | artifactid | log4j-core | Highest |
| Vendor | pom | artifactid | log4j-core | Low |
| Vendor | pom | groupid | org.apache.logging.log4j | Highest |
| Vendor | pom | name | Apache Log4j Core | High |
| Vendor | pom | parent-artifactid | log4j | Low |
| Product | file | name | log4j-core | High |
| Product | jar | package name | apache | Highest |
| Product | jar | package name | core | Highest |
| Product | jar | package name | log4j | Highest |
| Product | jar | package name | logging | Highest |
| Product | jar | package name | org | Highest |
| Product | Manifest | build-jdk-spec | 17 | Low |
| Product | Manifest | bundle-activationpolicy | lazy | Low |
| Product | Manifest | Bundle-Name | Apache Log4j Core | Medium |
| Product | Manifest | bundle-symbolicname | org.apache.logging.log4j.core | Medium |
| Product | Manifest | Implementation-Title | Apache Log4j Core | High |
| Product | Manifest | multi-release | true | Low |
| Product | Manifest | provide-capability | osgi.service;objectClass:List="javax.annotation.processing.Processor";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.core.util.ContextDataProvider";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";effective:=active,osgi.service;objectClass:List="org.apache.logging.log4j.spi.Provider";effective:=active,osgi.serviceloader;osgi.serviceloader="javax.annotation.processing.Processor";register:="org.apache.logging.log4j.core.config.plugins.processor.PluginProcessor",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.core.util.ContextDataProvider";register:="org.apache.logging.log4j.core.impl.ThreadContextDataProvider",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.message.ThreadDumpMessage$ThreadInfoFactory";register:="org.apache.logging.log4j.core.message.ExtendedThreadInfoFactory",osgi.serviceloader;osgi.serviceloader="org.apache.logging.log4j.spi.Provider";register:="org.apache.logging.log4j.core.impl.Log4jProvider" | Low |
| Product | Manifest | specification-title | Apache Log4j Core | Medium |
| Product | pom | artifactid | log4j-core | Highest |
| Product | pom | groupid | org.apache.logging.log4j | Highest |
| Product | pom | name | Apache Log4j Core | High |
| Product | pom | parent-artifactid | log4j | Medium |
| Version | file | version | 2.23.1 | High |
| Version | Manifest | Bundle-Version | 2.23.1 | High |
| Version | Manifest | Implementation-Version | 2.23.1 | High |
| Version | pom | version | 2.23.1 | Highest |
Related Dependencies
- log4j-api-2.23.1.jar
- File Path: C:\Users\PowerStat\.m2\repository\org\apache\logging\log4j\log4j-api\2.23.1\log4j-api-2.23.1.jar
- MD5: bee2e2dcbeeb983bdb6b71c9c3476b6a
- SHA1: 9c15c29c526d9c6783049c0a77722693c66706e1
- SHA256: 92ec1fd36ab3bc09de6198d2d7c0914685c0f7127ea931acc32fd2ecdd82ea89
- pkg:maven/org.apache.logging.log4j/log4j-api@2.23.1
log4j-slf4j-impl-2.23.1.jar
Description:
The Apache Log4j SLF4J API binding to Log4j 2 Core
License:
Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\PowerStat\.m2\repository\org\apache\logging\log4j\log4j-slf4j-impl\2.23.1\log4j-slf4j-impl-2.23.1.jar
MD5: c5a27e08e18600d379d0ca72d71838b8
SHA1: 9ef67909a1b4eae999af4c7a211ab2379e4b86c2
SHA256:210742c8fb85b0dcc26a9d74a32fbc828e0429087dee3d2920d4a76b1eb96d91
Referenced In Project/Scope: PowerStatsValidationUtilities:runtime
log4j-slf4j-impl-2.23.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.powerstat.validation/validation@3.1.0
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | file | name | log4j-slf4j-impl | High |
| Vendor | jar | package name | apache | Highest |
| Vendor | jar | package name | impl | Highest |
| Vendor | jar | package name | logging | Highest |
| Vendor | jar | package name | slf4j | Highest |
| Vendor | Manifest | build-jdk-spec | 17 | Low |
| Vendor | Manifest | bundle-activationpolicy | lazy | Low |
| Vendor | Manifest | bundle-symbolicname | org.apache.logging.log4j.slf4j.impl | Medium |
| Vendor | Manifest | Implementation-Vendor | The Apache Software Foundation | High |
| Vendor | Manifest | multi-release | false | Low |
| Vendor | Manifest | specification-vendor | The Apache Software Foundation | Low |
| Vendor | pom | artifactid | log4j-slf4j-impl | Highest |
| Vendor | pom | artifactid | log4j-slf4j-impl | Low |
| Vendor | pom | groupid | org.apache.logging.log4j | Highest |
| Vendor | pom | name | Apache Log4j SLF4J Binding | High |
| Vendor | pom | parent-artifactid | log4j | Low |
| Product | file | name | log4j-slf4j-impl | High |
| Product | jar | package name | apache | Highest |
| Product | jar | package name | impl | Highest |
| Product | jar | package name | logging | Highest |
| Product | jar | package name | slf4j | Highest |
| Product | Manifest | build-jdk-spec | 17 | Low |
| Product | Manifest | bundle-activationpolicy | lazy | Low |
| Product | Manifest | Bundle-Name | Apache Log4j SLF4J Binding | Medium |
| Product | Manifest | bundle-symbolicname | org.apache.logging.log4j.slf4j.impl | Medium |
| Product | Manifest | Implementation-Title | Apache Log4j SLF4J Binding | High |
| Product | Manifest | multi-release | false | Low |
| Product | Manifest | specification-title | Apache Log4j SLF4J Binding | Medium |
| Product | pom | artifactid | log4j-slf4j-impl | Highest |
| Product | pom | groupid | org.apache.logging.log4j | Highest |
| Product | pom | name | Apache Log4j SLF4J Binding | High |
| Product | pom | parent-artifactid | log4j | Medium |
| Version | file | version | 2.23.1 | High |
| Version | Manifest | Bundle-Version | 2.23.1 | High |
| Version | Manifest | Implementation-Version | 2.23.1 | High |
| Version | pom | version | 2.23.1 | Highest |
slf4j-api-1.7.36.jar
Description:
The slf4j API
File Path: C:\Users\PowerStat\.m2\repository\org\slf4j\slf4j-api\1.7.36\slf4j-api-1.7.36.jar
MD5: 872da51f5de7f3923da4de871d57fd85
SHA1: 6c62681a2f655b49963a5983b8b0950a6120ae14
SHA256:d3ef575e3e4979678dc01bf1dcce51021493b4d11fb7f1be8ad982877c16a1c0
Referenced In Project/Scope: PowerStatsValidationUtilities:runtime
slf4j-api-1.7.36.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.23.1
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | file | name | slf4j-api | High |
| Vendor | jar | package name | slf4j | Highest |
| Vendor | Manifest | automatic-module-name | org.slf4j | Medium |
| Vendor | Manifest | build-jdk-spec | 1.8 | Low |
| Vendor | Manifest | bundle-requiredexecutionenvironment | J2SE-1.5 | Low |
| Vendor | Manifest | bundle-symbolicname | slf4j.api | Medium |
| Vendor | pom | artifactid | slf4j-api | Highest |
| Vendor | pom | artifactid | slf4j-api | Low |
| Vendor | pom | groupid | org.slf4j | Highest |
| Vendor | pom | name | SLF4J API Module | High |
| Vendor | pom | parent-artifactid | slf4j-parent | Low |
| Vendor | pom | url | http://www.slf4j.org | Highest |
| Product | file | name | slf4j-api | High |
| Product | jar | package name | slf4j | Highest |
| Product | Manifest | automatic-module-name | org.slf4j | Medium |
| Product | Manifest | build-jdk-spec | 1.8 | Low |
| Product | Manifest | Bundle-Name | slf4j-api | Medium |
| Product | Manifest | bundle-requiredexecutionenvironment | J2SE-1.5 | Low |
| Product | Manifest | bundle-symbolicname | slf4j.api | Medium |
| Product | Manifest | Implementation-Title | slf4j-api | High |
| Product | pom | artifactid | slf4j-api | Highest |
| Product | pom | groupid | org.slf4j | Highest |
| Product | pom | name | SLF4J API Module | High |
| Product | pom | parent-artifactid | slf4j-parent | Medium |
| Product | pom | url | http://www.slf4j.org | Medium |
| Version | file | version | 1.7.36 | High |
| Version | Manifest | Bundle-Version | 1.7.36 | High |
| Version | Manifest | Implementation-Version | 1.7.36 | High |
| Version | pom | version | 1.7.36 | Highest |
spotbugs-annotations-4.8.6.jar
Description:
Annotations the SpotBugs tool supports
License:
GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: C:\Users\PowerStat\.m2\repository\com\github\spotbugs\spotbugs-annotations\4.8.6\spotbugs-annotations-4.8.6.jar
MD5: 0806b237c67c69869506ce3ced9a722f
SHA1: 1dcffed3e561ed32134a0dff4717f19bc2fdf4d8
SHA256:4548b74a815ed44f5480ca4f06204a8b00809dc7e5f6a825a9edf18f40377b65
Referenced In Project/Scope: PowerStatsValidationUtilities:compile
spotbugs-annotations-4.8.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/de.powerstat.validation/validation@3.1.0
Evidence
| Type | Source | Name | Value | Confidence |
|---|
| Vendor | file | name | spotbugs-annotations | High |
| Vendor | Manifest | automatic-module-name | com.github.spotbugs.annotations | Medium |
| Vendor | Manifest | bundle-requiredexecutionenvironment | J2SE-1.5 | Low |
| Vendor | Manifest | bundle-symbolicname | spotbugs-annotations | Medium |
| Vendor | pom | artifactid | spotbugs-annotations | Highest |
| Vendor | pom | artifactid | spotbugs-annotations | Low |
| Vendor | pom | developer email | andreas.sewe@codetrails.com | Low |
| Vendor | pom | developer email | dbrosius@mebigfatguy.com | Low |
| Vendor | pom | developer email | loskutov@gmx.de | Low |
| Vendor | pom | developer email | skypencil@gmail.com | Low |
| Vendor | pom | developer id | henrik242 | Medium |
| Vendor | pom | developer id | iloveeclipse | Medium |
| Vendor | pom | developer id | jsotuyod | Medium |
| Vendor | pom | developer id | KengoTODA | Medium |
| Vendor | pom | developer id | mebigfatguy | Medium |
| Vendor | pom | developer id | sewe | Medium |
| Vendor | pom | developer id | ThrawnCA | Medium |
| Vendor | pom | developer name | Andreas Sewe | Medium |
| Vendor | pom | developer name | Andrey Loskutov | Medium |
| Vendor | pom | developer name | Dave Brosius | Medium |
| Vendor | pom | developer name | Juan Martín Sotuyo Dodero | Medium |
| Vendor | pom | developer name | Kengo TODA | Medium |
| Vendor | pom | groupid | com.github.spotbugs | Highest |
| Vendor | pom | name | SpotBugs Annotations | High |
| Vendor | pom | url | https://spotbugs.github.io/ | Highest |
| Product | file | name | spotbugs-annotations | High |
| Product | Manifest | automatic-module-name | com.github.spotbugs.annotations | Medium |
| Product | Manifest | Bundle-Name | spotbugs-annotations | Medium |
| Product | Manifest | bundle-requiredexecutionenvironment | J2SE-1.5 | Low |
| Product | Manifest | bundle-symbolicname | spotbugs-annotations | Medium |
| Product | pom | artifactid | spotbugs-annotations | Highest |
| Product | pom | developer email | andreas.sewe@codetrails.com | Low |
| Product | pom | developer email | dbrosius@mebigfatguy.com | Low |
| Product | pom | developer email | loskutov@gmx.de | Low |
| Product | pom | developer email | skypencil@gmail.com | Low |
| Product | pom | developer id | henrik242 | Low |
| Product | pom | developer id | iloveeclipse | Low |
| Product | pom | developer id | jsotuyod | Low |
| Product | pom | developer id | KengoTODA | Low |
| Product | pom | developer id | mebigfatguy | Low |
| Product | pom | developer id | sewe | Low |
| Product | pom | developer id | ThrawnCA | Low |
| Product | pom | developer name | Andreas Sewe | Low |
| Product | pom | developer name | Andrey Loskutov | Low |
| Product | pom | developer name | Dave Brosius | Low |
| Product | pom | developer name | Juan Martín Sotuyo Dodero | Low |
| Product | pom | developer name | Kengo TODA | Low |
| Product | pom | groupid | com.github.spotbugs | Highest |
| Product | pom | name | SpotBugs Annotations | High |
| Product | pom | url | https://spotbugs.github.io/ | Medium |
| Version | file | version | 4.8.6 | High |
| Version | Manifest | Bundle-Version | 4.8.6 | High |
| Version | pom | version | 4.8.6 | Highest |