Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 12.1.1
Report Generated On: Sun, 4 May 2025 13:07:27 -0400
Dependencies Scanned: 26 (26 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 0
...
NVD API Last Checked: 2025-05-04T13:07:18-04
NVD API Last Modified: 2025-05-04T09:17:08Z

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Confidence	Evidence Count
args4j-2.37.jar	cpe:2.3:a:jsite:jsite:2.37:::::::*	pkg:maven/args4j/args4j@2.37	Low	26
checker-qual-3.49.2.jar		pkg:maven/org.checkerframework/checker-qual@3.49.2		44
commons-io-2.19.0.jar	cpe:2.3:a:apache:commons_io:2.19.0:::::::*	pkg:maven/commons-io/commons-io@2.19.0	Highest	125
commons-math3-3.6.1.jar		pkg:maven/org.apache.commons/commons-math3@3.6.1		134
error_prone_annotations-2.37.0.jar		pkg:maven/com.google.errorprone/error_prone_annotations@2.37.0		29
failureaccess-1.0.3.jar		pkg:maven/com.google.guava/failureaccess@1.0.3		32
guava-33.4.8-jre.jar	cpe:2.3:a:google:guava:33.4.8:::::::*	pkg:maven/com.google.guava/guava@33.4.8-jre	Highest	25
j2objc-annotations-3.0.0.jar		pkg:maven/com.google.j2objc/j2objc-annotations@3.0.0		33
jspecify-1.0.0.jar		pkg:maven/org.jspecify/jspecify@1.0.0		32
jsr305-3.0.2.jar		pkg:maven/com.google.code.findbugs/jsr305@3.0.2		17
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar		pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava		13
lombok-1.18.38.jar: mavenEcjBootstrapAgent.jar				7
lombok-1.18.38.jar		pkg:maven/org.projectlombok/lombok@1.18.38		36
maven-artifact-3.9.9.jar		pkg:maven/org.apache.maven/maven-artifact@3.9.9		26
maven-model-3.9.9.jar		pkg:maven/org.apache.maven/maven-model@3.9.9		26
maven-plugin-annotations-3.15.1.jar		pkg:maven/org.apache.maven.plugin-tools/maven-plugin-annotations@3.15.1		26
maven-plugin-api-3.9.9.jar		pkg:maven/org.apache.maven/maven-plugin-api@3.9.9		26
modernizer-maven-annotations-3.1.0.jar		pkg:maven/org.gaul/modernizer-maven-annotations@3.1.0		19
org.eclipse.sisu.inject-0.9.0.M3.jar		pkg:maven/org.eclipse.sisu/org.eclipse.sisu.inject@0.9.0.M3		34
org.eclipse.sisu.plexus-0.9.0.M3.jar		pkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.9.0.M3		29
plexus-classworlds-2.8.0.jar		pkg:maven/org.codehaus.plexus/plexus-classworlds@2.8.0		30
plexus-component-annotations-2.1.0.jar		pkg:maven/org.codehaus.plexus/plexus-component-annotations@2.1.0		27
plexus-utils-4.0.2.jar	cpe:2.3:a:codehaus-plexus:plexus-utils:4.0.2:::::::* cpe:2.3:a:utils_project:utils:4.0.2:::::::*	pkg:maven/org.codehaus.plexus/plexus-utils@4.0.2	Highest	219
plexus-xml-3.0.2.jar		pkg:maven/org.codehaus.plexus/plexus-xml@3.0.2		29
smartsprites-0.4.0.jar		pkg:maven/com.github.hazendaz/smartsprites@0.4.0		53
spotbugs-annotations-4.9.3.jar		pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.3		53

Dependencies (vulnerable)

args4j-2.37.jar

Description:

args4j : Java command line arguments parser

License:

http://www.opensource.org/licenses/mit-license.php

File Path: C:\Users\Jeremy\.m2\repository\args4j\args4j\2.37\args4j-2.37.jar
MD5: f58e89e55a715448f1eac17edaf4b511
SHA1: 244f60c057d72a785227c0562d3560f42a7ea54b
SHA256:5a13b0f7ff519183e55b8f453b8faaa23b92ccf0443f1fac515fedf2246bdc18
Referenced In Project/Scope: smartsprites-maven-plugin:compile
pkg:maven/com.github.hazendaz/smartsprites@0.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	args4j	High
Vendor	jar	package name	args4j	Highest
Vendor	jar	package name	kohsuke	Highest
Vendor	Manifest	automatic-module-name	args4j	Medium
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	http://www.kohsuke.org/	Low
Vendor	Manifest	bundle-symbolicname	org.kohsuke.args4j	Medium
Vendor	pom	artifactid	args4j	Highest
Vendor	pom	artifactid	args4j	Low
Vendor	pom	groupid	args4j	Highest
Vendor	pom	name	args4j	High
Vendor	pom	parent-artifactid	args4j-site	Low
Product	file	name	args4j	High
Product	jar	package name	args4j	Highest
Product	jar	package name	kohsuke	Highest
Product	Manifest	automatic-module-name	args4j	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	http://www.kohsuke.org/	Low
Product	Manifest	Bundle-Name	args4j	Medium
Product	Manifest	bundle-symbolicname	org.kohsuke.args4j	Medium
Product	pom	artifactid	args4j	Highest
Product	pom	groupid	args4j	Highest
Product	pom	name	args4j	High
Product	pom	parent-artifactid	args4j-site	Medium
Version	file	version	2.37	High
Version	pom	version	2.37	Highest

Identifiers

pkg:maven/args4j/args4j@2.37 (Confidence:High)
cpe:2.3:a:jsite:jsite:2.37:*:*:*:*:*:*:* (Confidence:Low)

checker-qual-3.49.2.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT

File Path: C:\Users\Jeremy\.m2\repository\org\checkerframework\checker-qual\3.49.2\checker-qual-3.49.2.jar
MD5: 41c09e58f686fc6d4e194aa37a1125b0
SHA1: 98ac669ccce59dba8ca360d3e07891d62b6b946a
SHA256:33b1d8b2c4b00f7d4f4b4931424274f3f729474ce3a87cea09a879976a1dcaeb
Referenced In Project/Scope: smartsprites-maven-plugin:compile
pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	checker-qual	High
Vendor	jar	package name	checker	Highest
Vendor	jar	package name	checkerframework	Highest
Vendor	jar	package name	framework	Highest
Vendor	jar	package name	qual	Highest
Vendor	Manifest	bundle-symbolicname	checker-qual	Medium
Vendor	Manifest	implementation-url	https://checkerframework.org	Low
Vendor	pom	artifactid	checker-qual	Highest
Vendor	pom	artifactid	checker-qual	Low
Vendor	pom	developer email	mernst@cs.washington.edu	Low
Vendor	pom	developer email	smillst@cs.washington.edu	Low
Vendor	pom	developer id	mernst	Medium
Vendor	pom	developer id	smillst	Medium
Vendor	pom	developer name	Michael Ernst	Medium
Vendor	pom	developer name	Suzanne Millstein	Medium
Vendor	pom	developer org	University of Washington	Medium
Vendor	pom	developer org URL	https://www.cs.washington.edu/	Medium
Vendor	pom	groupid	org.checkerframework	Highest
Vendor	pom	name	Checker Qual	High
Vendor	pom	url	https://checkerframework.org/	Highest
Product	file	name	checker-qual	High
Product	jar	package name	checker	Highest
Product	jar	package name	checkerframework	Highest
Product	jar	package name	framework	Highest
Product	jar	package name	qual	Highest
Product	Manifest	Bundle-Name	checker-qual	Medium
Product	Manifest	bundle-symbolicname	checker-qual	Medium
Product	Manifest	implementation-url	https://checkerframework.org	Low
Product	pom	artifactid	checker-qual	Highest
Product	pom	developer email	mernst@cs.washington.edu	Low
Product	pom	developer email	smillst@cs.washington.edu	Low
Product	pom	developer id	mernst	Low
Product	pom	developer id	smillst	Low
Product	pom	developer name	Michael Ernst	Low
Product	pom	developer name	Suzanne Millstein	Low
Product	pom	developer org	University of Washington	Low
Product	pom	developer org URL	https://www.cs.washington.edu/	Low
Product	pom	groupid	org.checkerframework	Highest
Product	pom	name	Checker Qual	High
Product	pom	url	https://checkerframework.org/	Medium
Version	file	version	3.49.2	High
Version	Manifest	Bundle-Version	3.49.2	High
Version	Manifest	Implementation-Version	3.49.2	High
Version	pom	version	3.49.2	Highest

Identifiers

pkg:maven/org.checkerframework/checker-qual@3.49.2 (Confidence:High)

commons-io-2.19.0.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\commons-io\commons-io\2.19.0\commons-io-2.19.0.jar
MD5: 3d1fd45f9d2a247c1d05ab1e98c07160
SHA1: 1f8d4a99ba72b77aa69101175efc79b0c7dcdd7e
SHA256:824268919b4b62f9f40f08c54381de5993b078f58667e332d17348ae019d72b9
Referenced In Project/Scope: smartsprites-maven-plugin:compile
pkg:maven/com.github.hazendaz/smartsprites@0.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-io	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	file	Highest
Vendor	jar	package name	io	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.io	Medium
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-io/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-io	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-io	Highest
Vendor	pom	artifactid	commons-io	Low
Vendor	pom	developer email	bayard@apache.org	Low
Vendor	pom	developer email	dion@apache.org	Low
Vendor	pom	developer email	ggregory at apache.org	Low
Vendor	pom	developer email	jeremias@apache.org	Low
Vendor	pom	developer email	jochen.wiedmann@gmail.com	Low
Vendor	pom	developer email	krosenvold@apache.org	Low
Vendor	pom	developer email	martinc@apache.org	Low
Vendor	pom	developer email	matth@apache.org	Low
Vendor	pom	developer email	nicolaken@apache.org	Low
Vendor	pom	developer email	roxspring@apache.org	Low
Vendor	pom	developer email	sanders@apache.org	Low
Vendor	pom	developer id	bayard	Medium
Vendor	pom	developer id	dion	Medium
Vendor	pom	developer id	ggregory	Medium
Vendor	pom	developer id	jeremias	Medium
Vendor	pom	developer id	jochen	Medium
Vendor	pom	developer id	jukka	Medium
Vendor	pom	developer id	krosenvold	Medium
Vendor	pom	developer id	martinc	Medium
Vendor	pom	developer id	matth	Medium
Vendor	pom	developer id	niallp	Medium
Vendor	pom	developer id	nicolaken	Medium
Vendor	pom	developer id	roxspring	Medium
Vendor	pom	developer id	sanders	Medium
Vendor	pom	developer id	scolebourne	Medium
Vendor	pom	developer name	dIon Gillard	Medium
Vendor	pom	developer name	Gary Gregory	Medium
Vendor	pom	developer name	Henri Yandell	Medium
Vendor	pom	developer name	Jeremias Maerki	Medium
Vendor	pom	developer name	Jochen Wiedmann	Medium
Vendor	pom	developer name	Jukka Zitting	Medium
Vendor	pom	developer name	Kristian Rosenvold	Medium
Vendor	pom	developer name	Martin Cooper	Medium
Vendor	pom	developer name	Matthew Hawthorne	Medium
Vendor	pom	developer name	Niall Pemberton	Medium
Vendor	pom	developer name	Nicola Ken Barozzi	Medium
Vendor	pom	developer name	Rob Oxspring	Medium
Vendor	pom	developer name	Scott Sanders	Medium
Vendor	pom	developer name	Stephen Colebourne	Medium
Vendor	pom	developer org	The Apache Software Foundation	Medium
Vendor	pom	developer org URL	https://www.apache.org/	Medium
Vendor	pom	groupid	commons-io	Highest
Vendor	pom	name	Apache Commons IO	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	https://commons.apache.org/proper/commons-io/	Highest
Product	file	name	commons-io	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	file	Highest
Product	jar	package name	io	Highest
Product	Manifest	automatic-module-name	org.apache.commons.io	Medium
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-io/	Low
Product	Manifest	Bundle-Name	Apache Commons IO	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-io	Medium
Product	Manifest	Implementation-Title	Apache Commons IO	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Apache Commons IO	Medium
Product	pom	artifactid	commons-io	Highest
Product	pom	developer email	bayard@apache.org	Low
Product	pom	developer email	dion@apache.org	Low
Product	pom	developer email	ggregory at apache.org	Low
Product	pom	developer email	jeremias@apache.org	Low
Product	pom	developer email	jochen.wiedmann@gmail.com	Low
Product	pom	developer email	krosenvold@apache.org	Low
Product	pom	developer email	martinc@apache.org	Low
Product	pom	developer email	matth@apache.org	Low
Product	pom	developer email	nicolaken@apache.org	Low
Product	pom	developer email	roxspring@apache.org	Low
Product	pom	developer email	sanders@apache.org	Low
Product	pom	developer id	bayard	Low
Product	pom	developer id	dion	Low
Product	pom	developer id	ggregory	Low
Product	pom	developer id	jeremias	Low
Product	pom	developer id	jochen	Low
Product	pom	developer id	jukka	Low
Product	pom	developer id	krosenvold	Low
Product	pom	developer id	martinc	Low
Product	pom	developer id	matth	Low
Product	pom	developer id	niallp	Low
Product	pom	developer id	nicolaken	Low
Product	pom	developer id	roxspring	Low
Product	pom	developer id	sanders	Low
Product	pom	developer id	scolebourne	Low
Product	pom	developer name	dIon Gillard	Low
Product	pom	developer name	Gary Gregory	Low
Product	pom	developer name	Henri Yandell	Low
Product	pom	developer name	Jeremias Maerki	Low
Product	pom	developer name	Jochen Wiedmann	Low
Product	pom	developer name	Jukka Zitting	Low
Product	pom	developer name	Kristian Rosenvold	Low
Product	pom	developer name	Martin Cooper	Low
Product	pom	developer name	Matthew Hawthorne	Low
Product	pom	developer name	Niall Pemberton	Low
Product	pom	developer name	Nicola Ken Barozzi	Low
Product	pom	developer name	Rob Oxspring	Low
Product	pom	developer name	Scott Sanders	Low
Product	pom	developer name	Stephen Colebourne	Low
Product	pom	developer org	The Apache Software Foundation	Low
Product	pom	developer org URL	https://www.apache.org/	Low
Product	pom	groupid	commons-io	Highest
Product	pom	name	Apache Commons IO	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	https://commons.apache.org/proper/commons-io/	Medium
Version	file	version	2.19.0	High
Version	Manifest	Bundle-Version	2.19.0	High
Version	Manifest	Implementation-Version	2.19.0	High
Version	pom	parent-version	2.19.0	Low
Version	pom	version	2.19.0	Highest

Identifiers

pkg:maven/commons-io/commons-io@2.19.0 (Confidence:High)
cpe:2.3:a:apache:commons_io:2.19.0:*:*:*:*:*:*:* (Confidence:Highest)

commons-math3-3.6.1.jar

Description:

The Apache Commons Math project is a library of lightweight, self-contained mathematics and statistics components addressing the most common practical problems not immediately available in the Java programming language or commons-lang.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\org\apache\commons\commons-math3\3.6.1\commons-math3-3.6.1.jar
MD5: 5b730d97e4e6368069de1983937c508e
SHA1: e4ba98f1d4b3c80ec46392f25e094a6a2e58fcbf
SHA256:1e56d7b058d28b65abd256b8458e3885b674c1d588fa43cd7d1cbb9c7ef2b308
Referenced In Project/Scope: smartsprites-maven-plugin:compile
pkg:maven/com.github.hazendaz/smartsprites@0.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	commons-math3	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	math3	Highest
Vendor	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-math/	Low
Vendor	Manifest	bundle-symbolicname	org.apache.commons.math3	Medium
Vendor	Manifest	implementation-build	16abfe5de688cc52fb0396e0609cb33044b15653; 2016-03-17 13:30:43-0400	Low
Vendor	Manifest	implementation-url	http://commons.apache.org/proper/commons-math/	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	commons-math3	Highest
Vendor	pom	artifactid	commons-math3	Low
Vendor	pom	developer email	achou at apache dot org	Low
Vendor	pom	developer email	billbarker at apache dot org	Low
Vendor	pom	developer email	brentworden at apache dot org	Low
Vendor	pom	developer email	celestin at apache dot org	Low
Vendor	pom	developer email	dimpbx at apache dot org	Low
Vendor	pom	developer email	erans at apache dot org	Low
Vendor	pom	developer email	evanward at apache dot org	Low
Vendor	pom	developer email	gregs at apache dot org	Low
Vendor	pom	developer email	j3322ptm at yahoo dot de	Low
Vendor	pom	developer email	luc at apache dot org	Low
Vendor	pom	developer email	mdiggory at apache dot org	Low
Vendor	pom	developer email	mikl at apache dot org	Low
Vendor	pom	developer email	oertl at apache dot org	Low
Vendor	pom	developer email	rdonkin at apache dot org	Low
Vendor	pom	developer email	tn at apache dot org	Low
Vendor	pom	developer email	tobrien at apache dot org	Low
Vendor	pom	developer id	achou	Medium
Vendor	pom	developer id	billbarker	Medium
Vendor	pom	developer id	brentworden	Medium
Vendor	pom	developer id	celestin	Medium
Vendor	pom	developer id	dimpbx	Medium
Vendor	pom	developer id	erans	Medium
Vendor	pom	developer id	evanward	Medium
Vendor	pom	developer id	gregs	Medium
Vendor	pom	developer id	luc	Medium
Vendor	pom	developer id	mdiggory	Medium
Vendor	pom	developer id	mikl	Medium
Vendor	pom	developer id	oertl	Medium
Vendor	pom	developer id	pietsch	Medium
Vendor	pom	developer id	rdonkin	Medium
Vendor	pom	developer id	tn	Medium
Vendor	pom	developer id	tobrien	Medium
Vendor	pom	developer name	Albert Davidson Chou	Medium
Vendor	pom	developer name	Bill Barker	Medium
Vendor	pom	developer name	Brent Worden	Medium
Vendor	pom	developer name	Dimitri Pourbaix	Medium
Vendor	pom	developer name	Evan Ward	Medium
Vendor	pom	developer name	Gilles Sadowski	Medium
Vendor	pom	developer name	Greg Sterijevski	Medium
Vendor	pom	developer name	J. Pietschmann	Medium
Vendor	pom	developer name	Luc Maisonobe	Medium
Vendor	pom	developer name	Mark Diggory	Medium
Vendor	pom	developer name	Mikkel Meyer Andersen	Medium
Vendor	pom	developer name	Otmar Ertl	Medium
Vendor	pom	developer name	Robert Burrell Donkin	Medium
Vendor	pom	developer name	Sébastien Brisard	Medium
Vendor	pom	developer name	Thomas Neidhart	Medium
Vendor	pom	developer name	Tim O'Brien	Medium
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	pom	name	Apache Commons Math	High
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	pom	url	http://commons.apache.org/proper/commons-math/	Highest
Product	file	name	commons-math3	High
Product	jar	package name	apache	Highest
Product	jar	package name	commons	Highest
Product	jar	package name	math3	Highest
Product	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-math/	Low
Product	Manifest	Bundle-Name	Apache Commons Math	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.math3	Medium
Product	Manifest	implementation-build	16abfe5de688cc52fb0396e0609cb33044b15653; 2016-03-17 13:30:43-0400	Low
Product	Manifest	Implementation-Title	Apache Commons Math	High
Product	Manifest	implementation-url	http://commons.apache.org/proper/commons-math/	Low
Product	Manifest	specification-title	Apache Commons Math	Medium
Product	pom	artifactid	commons-math3	Highest
Product	pom	developer email	achou at apache dot org	Low
Product	pom	developer email	billbarker at apache dot org	Low
Product	pom	developer email	brentworden at apache dot org	Low
Product	pom	developer email	celestin at apache dot org	Low
Product	pom	developer email	dimpbx at apache dot org	Low
Product	pom	developer email	erans at apache dot org	Low
Product	pom	developer email	evanward at apache dot org	Low
Product	pom	developer email	gregs at apache dot org	Low
Product	pom	developer email	j3322ptm at yahoo dot de	Low
Product	pom	developer email	luc at apache dot org	Low
Product	pom	developer email	mdiggory at apache dot org	Low
Product	pom	developer email	mikl at apache dot org	Low
Product	pom	developer email	oertl at apache dot org	Low
Product	pom	developer email	rdonkin at apache dot org	Low
Product	pom	developer email	tn at apache dot org	Low
Product	pom	developer email	tobrien at apache dot org	Low
Product	pom	developer id	achou	Low
Product	pom	developer id	billbarker	Low
Product	pom	developer id	brentworden	Low
Product	pom	developer id	celestin	Low
Product	pom	developer id	dimpbx	Low
Product	pom	developer id	erans	Low
Product	pom	developer id	evanward	Low
Product	pom	developer id	gregs	Low
Product	pom	developer id	luc	Low
Product	pom	developer id	mdiggory	Low
Product	pom	developer id	mikl	Low
Product	pom	developer id	oertl	Low
Product	pom	developer id	pietsch	Low
Product	pom	developer id	rdonkin	Low
Product	pom	developer id	tn	Low
Product	pom	developer id	tobrien	Low
Product	pom	developer name	Albert Davidson Chou	Low
Product	pom	developer name	Bill Barker	Low
Product	pom	developer name	Brent Worden	Low
Product	pom	developer name	Dimitri Pourbaix	Low
Product	pom	developer name	Evan Ward	Low
Product	pom	developer name	Gilles Sadowski	Low
Product	pom	developer name	Greg Sterijevski	Low
Product	pom	developer name	J. Pietschmann	Low
Product	pom	developer name	Luc Maisonobe	Low
Product	pom	developer name	Mark Diggory	Low
Product	pom	developer name	Mikkel Meyer Andersen	Low
Product	pom	developer name	Otmar Ertl	Low
Product	pom	developer name	Robert Burrell Donkin	Low
Product	pom	developer name	Sébastien Brisard	Low
Product	pom	developer name	Thomas Neidhart	Low
Product	pom	developer name	Tim O'Brien	Low
Product	pom	groupid	org.apache.commons	Highest
Product	pom	name	Apache Commons Math	High
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	url	http://commons.apache.org/proper/commons-math/	Medium
Version	file	version	3.6.1	High
Version	Manifest	Bundle-Version	3.6.1	High
Version	Manifest	Implementation-Version	3.6.1	High
Version	pom	parent-version	3.6.1	Low
Version	pom	version	3.6.1	Highest

Identifiers

pkg:maven/org.apache.commons/commons-math3@3.6.1 (Confidence:High)

error_prone_annotations-2.37.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\google\errorprone\error_prone_annotations\2.37.0\error_prone_annotations-2.37.0.jar
MD5: dce0a1c83d3dc06c2715c96e11d2c429
SHA1: 8512660d1269d166fad497f51de35da61447f063
SHA256:d29a6263b48d46d4c7c28b64717a6d105b3e2a3e64256092f845e8e774fca6ba
Referenced In Project/Scope: smartsprites-maven-plugin:provided
pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	error_prone_annotations	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	errorprone	Highest
Vendor	jar	package name	google	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-docurl	https://errorprone.info/error_prone_annotations	Low
Vendor	Manifest	bundle-symbolicname	com.google.errorprone.annotations	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	error_prone_annotations	Highest
Vendor	pom	artifactid	error_prone_annotations	Low
Vendor	pom	groupid	com.google.errorprone	Highest
Vendor	pom	name	error-prone annotations	High
Vendor	pom	parent-artifactid	error_prone_parent	Low
Product	file	name	error_prone_annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	errorprone	Highest
Product	jar	package name	google	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-docurl	https://errorprone.info/error_prone_annotations	Low
Product	Manifest	Bundle-Name	error-prone annotations	Medium
Product	Manifest	bundle-symbolicname	com.google.errorprone.annotations	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	error_prone_annotations	Highest
Product	pom	groupid	com.google.errorprone	Highest
Product	pom	name	error-prone annotations	High
Product	pom	parent-artifactid	error_prone_parent	Medium
Version	file	version	2.37.0	High
Version	Manifest	Bundle-Version	2.37.0	High
Version	pom	version	2.37.0	Highest

Identifiers

pkg:maven/com.google.errorprone/error_prone_annotations@2.37.0 (Confidence:High)

failureaccess-1.0.3.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes are conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\failureaccess\1.0.3\failureaccess-1.0.3.jar
MD5: 29a782e90f6b37218b18bb880d2a8f4a
SHA1: aeaffd00d57023a2c947393ed251f0354f0985fc
SHA256:cbfc3906b19b8f55dd7cfd6dfe0aa4532e834250d7f080bd8d211a3e246b59cb
Referenced In Project/Scope: smartsprites-maven-plugin:compile
pkg:maven/com.github.hazendaz/smartsprites@0.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	failureaccess	High
Vendor	jar	package name	common	Highest
Vendor	jar	package name	concurrent	Highest
Vendor	jar	package name	google	Highest
Vendor	jar	package name	util	Highest
Vendor	Manifest	build-jdk-spec	17	Low
Vendor	Manifest	bundle-docurl	https://github.com/google/guava/	Low
Vendor	Manifest	bundle-symbolicname	com.google.guava.failureaccess	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	failureaccess	Highest
Vendor	pom	artifactid	failureaccess	Low
Vendor	pom	groupid	com.google.guava	Highest
Vendor	pom	name	Guava InternalFutureFailureAccess and InternalFutures	High
Vendor	pom	parent-artifactid	guava-parent	Low
Product	file	name	failureaccess	High
Product	jar	package name	common	Highest
Product	jar	package name	concurrent	Highest
Product	jar	package name	google	Highest
Product	jar	package name	util	Highest
Product	Manifest	build-jdk-spec	17	Low
Product	Manifest	bundle-docurl	https://github.com/google/guava/	Low
Product	Manifest	Bundle-Name	Guava InternalFutureFailureAccess and InternalFutures	Medium
Product	Manifest	bundle-symbolicname	com.google.guava.failureaccess	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	failureaccess	Highest
Product	pom	groupid	com.google.guava	Highest
Product	pom	name	Guava InternalFutureFailureAccess and InternalFutures	High
Product	pom	parent-artifactid	guava-parent	Medium
Version	file	version	1.0.3	High
Version	Manifest	Bundle-Version	1.0.3	High
Version	pom	parent-version	1.0.3	Low
Version	pom	version	1.0.3	Highest

Identifiers

pkg:maven/com.google.guava/failureaccess@1.0.3 (Confidence:High)

guava-33.4.8-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\guava\33.4.8-jre\guava-33.4.8-jre.jar
MD5: 72920caab34426c5815e3b00f80e3b01
SHA1: e70a3268e6cd3e7d458aa15787ce6811c34e96ae
SHA256:f3d7f57f67fd622f4d468dfdd692b3a5e3909246c28017ac3263405f0fe617ed
Referenced In Project/Scope: smartsprites-maven-plugin:compile
pkg:maven/com.github.hazendaz/smartsprites@0.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	guava	High
Vendor	jar	package name	google	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://github.com/google/guava/	Low
Vendor	Manifest	bundle-symbolicname	com.google.guava	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	guava	Highest
Vendor	pom	artifactid	guava	Low
Vendor	pom	groupid	com.google.guava	Highest
Vendor	pom	name	Guava: Google Core Libraries for Java	High
Vendor	pom	parent-artifactid	guava-parent	Low
Vendor	pom	url	google/guava	Highest
Product	file	name	guava	High
Product	jar	package name	google	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://github.com/google/guava/	Low
Product	Manifest	Bundle-Name	Guava: Google Core Libraries for Java	Medium
Product	Manifest	bundle-symbolicname	com.google.guava	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	guava	Highest
Product	pom	groupid	com.google.guava	Highest
Product	pom	name	Guava: Google Core Libraries for Java	High
Product	pom	parent-artifactid	guava-parent	Medium
Product	pom	url	google/guava	High
Version	pom	version	33.4.8-jre	Highest

Identifiers

pkg:maven/com.google.guava/guava@33.4.8-jre (Confidence:High)
cpe:2.3:a:google:guava:33.4.8:*:*:*:*:*:*:* (Confidence:Highest)

j2objc-annotations-3.0.0.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\google\j2objc\j2objc-annotations\3.0.0\j2objc-annotations-3.0.0.jar
MD5: f59529b29202a5baf37f491ea5ec8627
SHA1: 7399e65dd7e9ff3404f4535b2f017093bdb134c7
SHA256:88241573467ddca44ffd4d74aa04c2bbfd11bf7c17e0c342c94c9de7a70a7c64
Referenced In Project/Scope: smartsprites-maven-plugin:provided
pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	j2objc-annotations	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	google	Highest
Vendor	jar	package name	j2objc	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	j2objc-annotations	Highest
Vendor	pom	artifactid	j2objc-annotations	Low
Vendor	pom	developer email	tball@google.com	Low
Vendor	pom	developer id	tomball	Medium
Vendor	pom	developer name	Tom Ball	Medium
Vendor	pom	developer org	Google	Medium
Vendor	pom	developer org URL	https://www.google.com	Medium
Vendor	pom	groupid	com.google.j2objc	Highest
Vendor	pom	name	J2ObjC Annotations	High
Vendor	pom	url	google/j2objc/	Highest
Product	file	name	j2objc-annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	google	Highest
Product	jar	package name	j2objc	Highest
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	j2objc-annotations	Highest
Product	pom	developer email	tball@google.com	Low
Product	pom	developer id	tomball	Low
Product	pom	developer name	Tom Ball	Low
Product	pom	developer org	Google	Low
Product	pom	developer org URL	https://www.google.com	Low
Product	pom	groupid	com.google.j2objc	Highest
Product	pom	name	J2ObjC Annotations	High
Product	pom	url	google/j2objc/	High
Version	file	version	3.0.0	High
Version	pom	version	3.0.0	Highest

Identifiers

pkg:maven/com.google.j2objc/j2objc-annotations@3.0.0 (Confidence:High)

jspecify-1.0.0.jar

Description:

An artifact of well-named and well-specified annotations to power static analysis checks

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\org\jspecify\jspecify\1.0.0\jspecify-1.0.0.jar
MD5: 9133aba420d0ca3b001dbb6ae9992cf6
SHA1: 7425a601c1c7ec76645a78d22b8c6a627edee507
SHA256:1fad6e6be7557781e4d33729d49ae1cdc8fdda6fe477bb0cc68ce351eafdfbab
Referenced In Project/Scope: smartsprites-maven-plugin:compile
pkg:maven/com.github.hazendaz/smartsprites@0.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jspecify	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	jspecify	Highest
Vendor	Manifest	bundle-docurl	https://jspecify.dev/docs/start-here	Low
Vendor	Manifest	bundle-symbolicname	org.jspecify.jspecify	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	jspecify	Highest
Vendor	pom	artifactid	jspecify	Low
Vendor	pom	developer email	kevinb9n@gmail.com	Low
Vendor	pom	developer id	kevinb9n	Medium
Vendor	pom	developer name	Kevin Bourrillion	Medium
Vendor	pom	groupid	org.jspecify	Highest
Vendor	pom	name	JSpecify annotations	High
Vendor	pom	url	http://jspecify.org/	Highest
Product	file	name	jspecify	High
Product	jar	package name	annotations	Highest
Product	jar	package name	jspecify	Highest
Product	Manifest	bundle-docurl	https://jspecify.dev/docs/start-here	Low
Product	Manifest	Bundle-Name	JSpecify annotations	Medium
Product	Manifest	bundle-symbolicname	org.jspecify.jspecify	Medium
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	jspecify	Highest
Product	pom	developer email	kevinb9n@gmail.com	Low
Product	pom	developer id	kevinb9n	Low
Product	pom	developer name	Kevin Bourrillion	Low
Product	pom	groupid	org.jspecify	Highest
Product	pom	name	JSpecify annotations	High
Product	pom	url	http://jspecify.org/	Medium
Version	file	version	1.0.0	High
Version	Manifest	Bundle-Version	1.0.0	High
Version	Manifest	Implementation-Version	1.0.0	High
Version	pom	version	1.0.0	Highest

Identifiers

pkg:maven/org.jspecify/jspecify@1.0.0 (Confidence:High)

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\jsr305\3.0.2\jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: smartsprites-maven-plugin:provided
pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.3

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jsr305	High
Vendor	Manifest	bundle-symbolicname	org.jsr-305	Medium
Vendor	pom	artifactid	jsr305	Highest
Vendor	pom	artifactid	jsr305	Low
Vendor	pom	groupid	com.google.code.findbugs	Highest
Vendor	pom	name	FindBugs-jsr305	High
Vendor	pom	url	http://findbugs.sourceforge.net/	Highest
Product	file	name	jsr305	High
Product	Manifest	Bundle-Name	FindBugs-jsr305	Medium
Product	Manifest	bundle-symbolicname	org.jsr-305	Medium
Product	pom	artifactid	jsr305	Highest
Product	pom	groupid	com.google.code.findbugs	Highest
Product	pom	name	FindBugs-jsr305	High
Product	pom	url	http://findbugs.sourceforge.net/	Medium
Version	file	version	3.0.2	High
Version	Manifest	Bundle-Version	3.0.2	High
Version	pom	version	3.0.2	Highest

Identifiers

pkg:maven/com.google.code.findbugs/jsr305@3.0.2 (Confidence:High)

listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar

Description:

    An empty artifact that Guava depends on to signal that it is providing
    ListenableFuture -- but is also available in a second "version" that
    contains com.google.common.util.concurrent.ListenableFuture class, without
    any other Guava classes. The idea is:

    - If users want only ListenableFuture, they depend on listenablefuture-1.0.

    - If users want all of Guava, they depend on guava, which, as of Guava
    27.0, depends on
    listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
    version number is enough for some build systems (notably, Gradle) to select
    that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....

File Path: C:\Users\Jeremy\.m2\repository\com\google\guava\listenablefuture\9999.0-empty-to-avoid-conflict-with-guava\listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
MD5: d094c22570d65e132c19cea5d352e381
SHA1: b421526c5f297295adef1c886e5246c39d4ac629
SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
Referenced In Project/Scope: smartsprites-maven-plugin:compile
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz/smartsprites@0.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	listenablefuture	High
Vendor	pom	artifactid	listenablefuture	Highest
Vendor	pom	artifactid	listenablefuture	Low
Vendor	pom	groupid	com.google.guava	Highest
Vendor	pom	name	Guava ListenableFuture only	High
Vendor	pom	parent-artifactid	guava-parent	Low
Product	file	name	listenablefuture	High
Product	pom	artifactid	listenablefuture	Highest
Product	pom	groupid	com.google.guava	Highest
Product	pom	name	Guava ListenableFuture only	High
Product	pom	parent-artifactid	guava-parent	Medium
Version	pom	parent-version	9999.0-empty-to-avoid-conflict-with-guava	Low
Version	pom	version	9999.0-empty-to-avoid-conflict-with-guava	Highest

Identifiers

pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava (Confidence:High)

lombok-1.18.38.jar: mavenEcjBootstrapAgent.jar

File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.18.38\lombok-1.18.38.jar\lombok\launch\mavenEcjBootstrapAgent.jar
MD5: 885d5d6be90a5dcd4b82cdf741e3f31a
SHA1: e1f7f1779f40157fd0b984c1bc32a0cb45cae66e
SHA256:74a80a6ee84e5c6fe497dfcc46a46dbe30578525e747eb531e918ee0750c8da9
Referenced In Project/Scope: smartsprites-maven-plugin:provided

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	mavenEcjBootstrapAgent	High
Vendor	jar	package name	launch	Low
Vendor	jar	package name	lombok	Low
Vendor	Manifest	can-redefine-classes	true	Low
Product	file	name	mavenEcjBootstrapAgent	High
Product	jar	package name	launch	Low
Product	Manifest	can-redefine-classes	true	Low

Identifiers

None

lombok-1.18.38.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE

File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.18.38\lombok-1.18.38.jar
MD5: 789cacd8d3969e9d23e6e6baec747f70
SHA1: 57f8f5e02e92a30fd21b80cbd426a4172b5f8e29
SHA256:1e1e427c36ff63c44fd30ef292d9e773ea3154460ab6265d3fed7e6f5bc50fb9
Referenced In Project/Scope: smartsprites-maven-plugin:provided
pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	lombok	High
Vendor	jar	package name	java	Highest
Vendor	jar	package name	lombok	Highest
Vendor	jar	package name	tostring	Highest
Vendor	Manifest	automatic-module-name	lombok	Medium
Vendor	Manifest	can-redefine-classes	true	Low
Vendor	pom	artifactid	lombok	Highest
Vendor	pom	artifactid	lombok	Low
Vendor	pom	developer email	reinier@projectlombok.org	Low
Vendor	pom	developer email	roel@projectlombok.org	Low
Vendor	pom	developer id	rspilker	Medium
Vendor	pom	developer id	rzwitserloot	Medium
Vendor	pom	developer name	Reinier Zwitserloot	Medium
Vendor	pom	developer name	Roel Spilker	Medium
Vendor	pom	groupid	org.projectlombok	Highest
Vendor	pom	name	Project Lombok	High
Vendor	pom	url	https://projectlombok.org	Highest
Product	file	name	lombok	High
Product	jar	package name	java	Highest
Product	jar	package name	lombok	Highest
Product	jar	package name	tostring	Highest
Product	Manifest	automatic-module-name	lombok	Medium
Product	Manifest	can-redefine-classes	true	Low
Product	pom	artifactid	lombok	Highest
Product	pom	developer email	reinier@projectlombok.org	Low
Product	pom	developer email	roel@projectlombok.org	Low
Product	pom	developer id	rspilker	Low
Product	pom	developer id	rzwitserloot	Low
Product	pom	developer name	Reinier Zwitserloot	Low
Product	pom	developer name	Roel Spilker	Low
Product	pom	groupid	org.projectlombok	Highest
Product	pom	name	Project Lombok	High
Product	pom	url	https://projectlombok.org	Medium
Version	file	version	1.18.38	High
Version	Manifest	lombok-version	1.18.38	Medium
Version	pom	version	1.18.38	Highest

Identifiers

pkg:maven/org.projectlombok/lombok@1.18.38 (Confidence:High)

maven-artifact-3.9.9.jar

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-artifact\3.9.9\maven-artifact-3.9.9.jar
MD5: fcb27c2b8225edec3f2356973fa39e98
SHA1: a130ec431ef32e12a4424f9b074735bb58e15d2d
SHA256:30f015d1c1a393e19c18cd4f43532089c36d4ca328608ce3dda78b74d3d31515
Referenced In Project/Scope: smartsprites-maven-plugin:provided
maven-artifact-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.9.9

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-artifact	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	artifact	Highest
Vendor	jar	package name	maven	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-artifact	Highest
Vendor	pom	artifactid	maven-artifact	Low
Vendor	pom	groupid	org.apache.maven	Highest
Vendor	pom	name	Maven Artifact	High
Vendor	pom	parent-artifactid	maven	Low
Product	file	name	maven-artifact	High
Product	jar	package name	apache	Highest
Product	jar	package name	artifact	Highest
Product	jar	package name	maven	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Maven Artifact	High
Product	Manifest	specification-title	Maven Artifact	Medium
Product	pom	artifactid	maven-artifact	Highest
Product	pom	groupid	org.apache.maven	Highest
Product	pom	name	Maven Artifact	High
Product	pom	parent-artifactid	maven	Medium
Version	file	version	3.9.9	High
Version	Manifest	Implementation-Version	3.9.9	High
Version	pom	version	3.9.9	Highest

Identifiers

pkg:maven/org.apache.maven/maven-artifact@3.9.9 (Confidence:High)

maven-model-3.9.9.jar

Description:

Model for Maven POM (Project Object Model)

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-model\3.9.9\maven-model-3.9.9.jar
MD5: 813d4aceaaa8e16f8a83c95a96afa22c
SHA1: 585bff8f220ddc1c08c5263b7dee26c49fc7df94
SHA256:8f59b0a16fe9c933be749a60ae0705a0cb337bb5abaf38801b40b740ff775727
Referenced In Project/Scope: smartsprites-maven-plugin:provided
maven-model-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.9.9

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-model	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	model	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-model	Highest
Vendor	pom	artifactid	maven-model	Low
Vendor	pom	groupid	org.apache.maven	Highest
Vendor	pom	name	Maven Model	High
Vendor	pom	parent-artifactid	maven	Low
Product	file	name	maven-model	High
Product	jar	package name	apache	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	model	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Maven Model	High
Product	Manifest	specification-title	Maven Model	Medium
Product	pom	artifactid	maven-model	Highest
Product	pom	groupid	org.apache.maven	Highest
Product	pom	name	Maven Model	High
Product	pom	parent-artifactid	maven	Medium
Version	file	version	3.9.9	High
Version	Manifest	Implementation-Version	3.9.9	High
Version	pom	version	3.9.9	Highest

Identifiers

pkg:maven/org.apache.maven/maven-model@3.9.9 (Confidence:High)

maven-plugin-annotations-3.15.1.jar

Description:

Java annotations to use in Mojos

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\plugin-tools\maven-plugin-annotations\3.15.1\maven-plugin-annotations-3.15.1.jar
MD5: 0723da1364961f527fbfce10c8b9c7dd
SHA1: ca287d08819d5d87f3a06b8f065a79eb33c3ecc3
SHA256:b58bcb3a1f362f6e1efa2772064026bb3d4ad92e6f43a1812d8d2886489912f5
Referenced In Project/Scope: smartsprites-maven-plugin:provided
maven-plugin-annotations-3.15.1.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-plugin-annotations	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	maven	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-plugin-annotations	Highest
Vendor	pom	artifactid	maven-plugin-annotations	Low
Vendor	pom	groupid	org.apache.maven.plugin-tools	Highest
Vendor	pom	name	Maven Plugin Tools Java Annotations	High
Vendor	pom	parent-artifactid	maven-plugin-tools	Low
Product	file	name	maven-plugin-annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	apache	Highest
Product	jar	package name	maven	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Maven Plugin Tools Java Annotations	High
Product	Manifest	specification-title	Maven Plugin Tools Java Annotations	Medium
Product	pom	artifactid	maven-plugin-annotations	Highest
Product	pom	groupid	org.apache.maven.plugin-tools	Highest
Product	pom	name	Maven Plugin Tools Java Annotations	High
Product	pom	parent-artifactid	maven-plugin-tools	Medium
Version	file	version	3.15.1	High
Version	Manifest	Implementation-Version	3.15.1	High
Version	pom	version	3.15.1	Highest

Identifiers

pkg:maven/org.apache.maven.plugin-tools/maven-plugin-annotations@3.15.1 (Confidence:High)

maven-plugin-api-3.9.9.jar

Description:

The API for plugins - Mojos - development.

File Path: C:\Users\Jeremy\.m2\repository\org\apache\maven\maven-plugin-api\3.9.9\maven-plugin-api-3.9.9.jar
MD5: 0bf1ae393ffac0c034ce8f3a4b7fc406
SHA1: 7e06aef37b14f8452928e5efaa88bcf2ee8aed02
SHA256:2b491d38db45b0e8eef522e8f7889a3366e546e58b376b07fcb56e34c424e932
Referenced In Project/Scope: smartsprites-maven-plugin:provided
maven-plugin-api-3.9.9.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	maven-plugin-api	High
Vendor	jar	package name	apache	Highest
Vendor	jar	package name	maven	Highest
Vendor	jar	package name	plugin	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	artifactid	maven-plugin-api	Highest
Vendor	pom	artifactid	maven-plugin-api	Low
Vendor	pom	groupid	org.apache.maven	Highest
Vendor	pom	name	Maven Plugin API	High
Vendor	pom	parent-artifactid	maven	Low
Product	file	name	maven-plugin-api	High
Product	jar	package name	apache	Highest
Product	jar	package name	maven	Highest
Product	jar	package name	plugin	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Maven Plugin API	High
Product	Manifest	specification-title	Maven Plugin API	Medium
Product	pom	artifactid	maven-plugin-api	Highest
Product	pom	groupid	org.apache.maven	Highest
Product	pom	name	Maven Plugin API	High
Product	pom	parent-artifactid	maven	Medium
Version	file	version	3.9.9	High
Version	Manifest	Implementation-Version	3.9.9	High
Version	pom	version	3.9.9	Highest

Identifiers

pkg:maven/org.apache.maven/maven-plugin-api@3.9.9 (Confidence:High)

modernizer-maven-annotations-3.1.0.jar

File Path: C:\Users\Jeremy\.m2\repository\org\gaul\modernizer-maven-annotations\3.1.0\modernizer-maven-annotations-3.1.0.jar
MD5: b188aef3e94d39c7e7a8ebb6b740559f
SHA1: 06eeda8c72054cfccf610ae772f606dbd13acf32
SHA256:1b4e8adc970715721846afeb632edd1c9dc9c07dc052b691c0c8d899c9b9f017
Referenced In Project/Scope: smartsprites-maven-plugin:provided
modernizer-maven-annotations-3.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	modernizer-maven-annotations	High
Vendor	jar	package name	gaul	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	modernizer-maven-annotations	Highest
Vendor	pom	artifactid	modernizer-maven-annotations	Low
Vendor	pom	groupid	org.gaul	Highest
Vendor	pom	name	Modernizer Maven Plugin annotations	High
Vendor	pom	parent-artifactid	modernizer-maven-parent	Low
Product	file	name	modernizer-maven-annotations	High
Product	jar	package name	gaul	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	multi-release	true	Low
Product	pom	artifactid	modernizer-maven-annotations	Highest
Product	pom	groupid	org.gaul	Highest
Product	pom	name	Modernizer Maven Plugin annotations	High
Product	pom	parent-artifactid	modernizer-maven-parent	Medium
Version	file	version	3.1.0	High
Version	pom	version	3.1.0	Highest

Identifiers

pkg:maven/org.gaul/modernizer-maven-annotations@3.1.0 (Confidence:High)

org.eclipse.sisu.inject-0.9.0.M3.jar

Description:

JSR330-based container; supports classpath scanning, auto-binding, and dynamic auto-wiring

License:

"Eclipse Public License, Version 2.0";link="https://www.eclipse.org/legal/epl-v20.html"

File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\sisu\org.eclipse.sisu.inject\0.9.0.M3\org.eclipse.sisu.inject-0.9.0.M3.jar
MD5: 643a13084e0ac59cdda06319e1b348ea
SHA1: 3665002ba4d16dfa779ef658a63d0608c4bd898b
SHA256:15335c4dcf082f599fb8eddcfb58d6a7e9a9c97de2883c257089a479b9b24522
Referenced In Project/Scope: smartsprites-maven-plugin:provided
pkg:maven/org.apache.maven/maven-plugin-api@3.9.9

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	org.eclipse.sisu.inject	High
Vendor	jar	package name	dynamic	Highest
Vendor	jar	package name	eclipse	Highest
Vendor	jar	package name	inject	Highest
Vendor	jar	package name	sisu	Highest
Vendor	jar	package name	wiring	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-copyright	Copyright (c) 2010-present Sonatype, Inc. and others	Low
Vendor	Manifest	bundle-developers	mcculls;name="Stuart McCulloch",cstamas;name="Tamas Cservenak",kwin;name="Konrad Windszus"	Low
Vendor	Manifest	bundle-docurl	http://www.eclipse.org/sisu/	Low
Vendor	Manifest	bundle-symbolicname	org.eclipse.sisu.inject;singleton:=true	Medium
Vendor	pom	artifactid	eclipse.sisu.inject	Low
Vendor	pom	artifactid	org.eclipse.sisu.inject	Highest
Vendor	pom	groupid	org.eclipse.sisu	Highest
Vendor	pom	parent-artifactid	sisu-inject	Low
Product	file	name	org.eclipse.sisu.inject	High
Product	jar	package name	dynamic	Highest
Product	jar	package name	eclipse	Highest
Product	jar	package name	inject	Highest
Product	jar	package name	sisu	Highest
Product	jar	package name	sonatype	Highest
Product	jar	package name	wiring	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-copyright	Copyright (c) 2010-present Sonatype, Inc. and others	Low
Product	Manifest	bundle-developers	mcculls;name="Stuart McCulloch",cstamas;name="Tamas Cservenak",kwin;name="Konrad Windszus"	Low
Product	Manifest	bundle-docurl	http://www.eclipse.org/sisu/	Low
Product	Manifest	Bundle-Name	Sisu-Inject (Incubation)	Medium
Product	Manifest	bundle-symbolicname	org.eclipse.sisu.inject;singleton:=true	Medium
Product	pom	artifactid	eclipse.sisu.inject	Highest
Product	pom	artifactid	org.eclipse.sisu.inject	Highest
Product	pom	groupid	org.eclipse.sisu	Highest
Product	pom	parent-artifactid	sisu-inject	Medium
Version	Manifest	Bundle-Version	0.9.0.M3	High
Version	pom	version	0.9.0.M3	Highest

Identifiers

pkg:maven/org.eclipse.sisu/org.eclipse.sisu.inject@0.9.0.M3 (Confidence:High)

org.eclipse.sisu.plexus-0.9.0.M3.jar

Description:

Plexus-JSR330 adapter; adds Plexus support to the Sisu-Inject container

License:

"Eclipse Public License, Version 2.0";link="https://www.eclipse.org/legal/epl-v20.html"

File Path: C:\Users\Jeremy\.m2\repository\org\eclipse\sisu\org.eclipse.sisu.plexus\0.9.0.M3\org.eclipse.sisu.plexus-0.9.0.M3.jar
MD5: 964e7bc9837b270566f18b87af65f5d7
SHA1: b493c7abcc6e04fa0a6a20d489a3db0395c76f70
SHA256:c99674d3773e26154885661711f0b6d63aa5008f5cc99227a236756d4ad9de5e
Referenced In Project/Scope: smartsprites-maven-plugin:provided
pkg:maven/org.apache.maven/maven-plugin-api@3.9.9

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	org.eclipse.sisu.plexus	High
Vendor	jar	package name	eclipse	Highest
Vendor	jar	package name	plexus	Highest
Vendor	jar	package name	sisu	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-copyright	Copyright (c) 2010-present Sonatype, Inc. and others	Low
Vendor	Manifest	bundle-developers	mcculls;name="Stuart McCulloch",cstamas;name="Tamas Cservenak",kwin;name="Konrad Windszus"	Low
Vendor	Manifest	bundle-docurl	http://www.eclipse.org/sisu/	Low
Vendor	Manifest	bundle-symbolicname	org.eclipse.sisu.plexus;singleton:=true	Medium
Vendor	pom	artifactid	eclipse.sisu.plexus	Low
Vendor	pom	artifactid	org.eclipse.sisu.plexus	Highest
Vendor	pom	groupid	org.eclipse.sisu	Highest
Vendor	pom	parent-artifactid	sisu-inject	Low
Product	file	name	org.eclipse.sisu.plexus	High
Product	jar	package name	eclipse	Highest
Product	jar	package name	plexus	Highest
Product	jar	package name	sisu	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-copyright	Copyright (c) 2010-present Sonatype, Inc. and others	Low
Product	Manifest	bundle-developers	mcculls;name="Stuart McCulloch",cstamas;name="Tamas Cservenak",kwin;name="Konrad Windszus"	Low
Product	Manifest	bundle-docurl	http://www.eclipse.org/sisu/	Low
Product	Manifest	Bundle-Name	Sisu-Plexus (Incubation)	Medium
Product	Manifest	bundle-symbolicname	org.eclipse.sisu.plexus;singleton:=true	Medium
Product	pom	artifactid	eclipse.sisu.plexus	Highest
Product	pom	artifactid	org.eclipse.sisu.plexus	Highest
Product	pom	groupid	org.eclipse.sisu	Highest
Product	pom	parent-artifactid	sisu-inject	Medium
Version	Manifest	Bundle-Version	0.9.0.M3	High
Version	pom	version	0.9.0.M3	Highest

Identifiers

pkg:maven/org.eclipse.sisu/org.eclipse.sisu.plexus@0.9.0.M3 (Confidence:High)

plexus-classworlds-2.8.0.jar

Description:

A class loader framework

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-classworlds\2.8.0\plexus-classworlds-2.8.0.jar
MD5: 92089dee35db6423c2128559238430cb
SHA1: 5d0d8c71b61b38ce127a46702a453f9aa09a4ee2
SHA256:081b40e0eab033cd5ac72d2501bfff4f5fd2a3eef827051111730ea152681c72
Referenced In Project/Scope: smartsprites-maven-plugin:provided
pkg:maven/org.apache.maven/maven-plugin-api@3.9.9

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	plexus-classworlds	High
Vendor	jar	package name	classworlds	Highest
Vendor	jar	package name	codehaus	Highest
Vendor	jar	package name	plexus	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	bundle-docurl	https://codehaus-plexus.github.io/	Low
Vendor	Manifest	bundle-symbolicname	org.codehaus.plexus.classworlds	Medium
Vendor	pom	artifactid	plexus-classworlds	Highest
Vendor	pom	artifactid	plexus-classworlds	Low
Vendor	pom	groupid	org.codehaus.plexus	Highest
Vendor	pom	name	Plexus Classworlds	High
Vendor	pom	parent-artifactid	plexus	Low
Vendor	pom	url	https://codehaus-plexus.github.io/plexus-classworlds/	Highest
Product	file	name	plexus-classworlds	High
Product	jar	package name	classworlds	Highest
Product	jar	package name	codehaus	Highest
Product	jar	package name	plexus	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	bundle-docurl	https://codehaus-plexus.github.io/	Low
Product	Manifest	Bundle-Name	Plexus Classworlds	Medium
Product	Manifest	bundle-symbolicname	org.codehaus.plexus.classworlds	Medium
Product	pom	artifactid	plexus-classworlds	Highest
Product	pom	groupid	org.codehaus.plexus	Highest
Product	pom	name	Plexus Classworlds	High
Product	pom	parent-artifactid	plexus	Medium
Product	pom	url	https://codehaus-plexus.github.io/plexus-classworlds/	Medium
Version	file	version	2.8.0	High
Version	Manifest	Bundle-Version	2.8.0	High
Version	pom	parent-version	2.8.0	Low
Version	pom	version	2.8.0	Highest

Identifiers

pkg:maven/org.codehaus.plexus/plexus-classworlds@2.8.0 (Confidence:High)

plexus-component-annotations-2.1.0.jar

Description:

    Plexus Component "Java 5" Annotations, to describe plexus components properties in java sources with
    standard annotations instead of javadoc annotations.

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-component-annotations\2.1.0\plexus-component-annotations-2.1.0.jar
MD5: 141fd7a2ae613cb17d25ecd54b43eb3f
SHA1: 2f2147a6cc6a119a1b51a96f31d45c557f6244b9
SHA256:bde3617ce9b5bcf9584126046080043af6a4b3baea40a3b153f02e7bbc32acac
Referenced In Project/Scope: smartsprites-maven-plugin:provided
plexus-component-annotations-2.1.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/org.apache.maven/maven-plugin-api@3.9.9

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	plexus-component-annotations	High
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	codehaus	Highest
Vendor	jar	package name	codehaus	Low
Vendor	jar	package name	component	Highest
Vendor	jar	package name	component	Low
Vendor	jar	package name	plexus	Highest
Vendor	jar	package name	plexus	Low
Vendor	pom	artifactid	plexus-component-annotations	Highest
Vendor	pom	artifactid	plexus-component-annotations	Low
Vendor	pom	groupid	org.codehaus.plexus	Highest
Vendor	pom	name	Plexus :: Component Annotations	High
Vendor	pom	parent-artifactid	plexus-containers	Low
Product	file	name	plexus-component-annotations	High
Product	jar	package name	annotations	Highest
Product	jar	package name	annotations	Low
Product	jar	package name	codehaus	Highest
Product	jar	package name	component	Highest
Product	jar	package name	component	Low
Product	jar	package name	plexus	Highest
Product	jar	package name	plexus	Low
Product	pom	artifactid	plexus-component-annotations	Highest
Product	pom	groupid	org.codehaus.plexus	Highest
Product	pom	name	Plexus :: Component Annotations	High
Product	pom	parent-artifactid	plexus-containers	Medium
Version	file	version	2.1.0	High
Version	pom	version	2.1.0	Highest

Identifiers

pkg:maven/org.codehaus.plexus/plexus-component-annotations@2.1.0 (Confidence:High)

plexus-utils-4.0.2.jar

Description:

A collection of various utility classes to ease working with strings, files, command lines and
    more.

License:

Apache License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-utils\4.0.2\plexus-utils-4.0.2.jar
MD5: 4cfdd73e436702d319d551a44fcea500
SHA1: 9526a9548b302572f23337fcc217fb4cc713b9c3
SHA256:8957274e75fe2c278b1428dd16a0daeee1dd38152cb6eff816177ac28fccb697
Referenced In Project/Scope: smartsprites-maven-plugin:compile
pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	plexus-utils	High
Vendor	jar	package name	codehaus	Highest
Vendor	jar	package name	org	Highest
Vendor	jar	package name	plexus	Highest
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	Implementation-Vendor	Codehaus Plexus	High
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	specification-vendor	Codehaus Plexus	Low
Vendor	pom	artifactid	plexus-utils	Highest
Vendor	pom	artifactid	plexus-utils	Low
Vendor	pom	developer email	1983-01-06@gmx.net	Low
Vendor	pom	developer email	agudian@apache.org	Low
Vendor	pom	developer email	andy@handyande.co.uk	Low
Vendor	pom	developer email	apache@kav.dk	Low
Vendor	pom	developer email	belingueres@gmail.com	Low
Vendor	pom	developer email	brett@codehaus.org	Low
Vendor	pom	developer email	bwalding@codehaus.org	Low
Vendor	pom	developer email	carlos@codehaus.org	Low
Vendor	pom	developer email	dan@envoisolutions.com	Low
Vendor	pom	developer email	evenisse@codehaus.org	Low
Vendor	pom	developer email	gnodet@apache.org	Low
Vendor	pom	developer email	hboutemy@apache.org	Low
Vendor	pom	developer email	james@jamestaylor.org	Low
Vendor	pom	developer email	jason@maven.org	Low
Vendor	pom	developer email	jdcasey@codehaus.org	Low
Vendor	pom	developer email	joakim@erdfelt.com	Low
Vendor	pom	developer email	kenney@codehaus.org	Low
Vendor	pom	developer email	khmarbaise@apache.org	Low
Vendor	pom	developer email	krosenvold@apache.org	Low
Vendor	pom	developer email	kwin@apache.org	Low
Vendor	pom	developer email	mhw@kremvax.net	Low
Vendor	pom	developer email	mmaczka@interia.pl	Low
Vendor	pom	developer email	olamy@codehaus.org	Low
Vendor	pom	developer email	olegy@codehaus.org	Low
Vendor	pom	developer email	rahul.thakur.xdev@gmail.com	Low
Vendor	pom	developer email	sjaranowski@apache.org	Low
Vendor	pom	developer email	slachiewicz@apache.org	Low
Vendor	pom	developer email	trygvis@codehaus.org	Low
Vendor	pom	developer email	vsiveton@codehaus.org	Low
Vendor	pom	developer id	agudian	Medium
Vendor	pom	developer id	belingueres	Medium
Vendor	pom	developer id	brett	Medium
Vendor	pom	developer id	bwalding	Medium
Vendor	pom	developer id	carlos	Medium
Vendor	pom	developer id	dandiep	Medium
Vendor	pom	developer id	evenisse	Medium
Vendor	pom	developer id	gnodet	Medium
Vendor	pom	developer id	handyande	Medium
Vendor	pom	developer id	hboutemy	Medium
Vendor	pom	developer id	jdcasey	Medium
Vendor	pom	developer id	joakime	Medium
Vendor	pom	developer id	jtaylor	Medium
Vendor	pom	developer id	jvanzyl	Medium
Vendor	pom	developer id	kasper	Medium
Vendor	pom	developer id	kaz	Medium
Vendor	pom	developer id	kenney	Medium
Vendor	pom	developer id	khmarbaise	Medium
Vendor	pom	developer id	krosenvold	Medium
Vendor	pom	developer id	kwin	Medium
Vendor	pom	developer id	mhw	Medium
Vendor	pom	developer id	michael-o	Medium
Vendor	pom	developer id	michal	Medium
Vendor	pom	developer id	olamy	Medium
Vendor	pom	developer id	oleg	Medium
Vendor	pom	developer id	rahul	Medium
Vendor	pom	developer id	sjaranowski	Medium
Vendor	pom	developer id	slachiewicz	Medium
Vendor	pom	developer id	trygvis	Medium
Vendor	pom	developer id	vsiveton	Medium
Vendor	pom	developer name	Andreas Gudian	Medium
Vendor	pom	developer name	Andrew Williams	Medium
Vendor	pom	developer name	Ben Walding	Medium
Vendor	pom	developer name	Brett Porter	Medium
Vendor	pom	developer name	Carlos Sanchez	Medium
Vendor	pom	developer name	Dan Diephouse	Medium
Vendor	pom	developer name	Emmanuel Venisse	Medium
Vendor	pom	developer name	Gabriel Belingueres	Medium
Vendor	pom	developer name	Guillaume Nodet	Medium
Vendor	pom	developer name	Hervé Boutemy	Medium
Vendor	pom	developer name	James Taylor	Medium
Vendor	pom	developer name	Jason van Zyl	Medium
Vendor	pom	developer name	Joakim Erdfelt	Medium
Vendor	pom	developer name	John Casey	Medium
Vendor	pom	developer name	Karl Heinz Marbaise	Medium
Vendor	pom	developer name	Kasper Nielsen	Medium
Vendor	pom	developer name	Kenney Westerhof	Medium
Vendor	pom	developer name	Konrad Windszus	Medium
Vendor	pom	developer name	Kristian Rosenvold	Medium
Vendor	pom	developer name	Mark Wilkinson	Medium
Vendor	pom	developer name	Michael Osipov	Medium
Vendor	pom	developer name	Michal Maczka	Medium
Vendor	pom	developer name	Oleg Gusakov	Medium
Vendor	pom	developer name	Olivier Lamy	Medium
Vendor	pom	developer name	Pete Kazmier	Medium
Vendor	pom	developer name	Rahul Thakur	Medium
Vendor	pom	developer name	Slawomir Jaranowski	Medium
Vendor	pom	developer name	Sylwester Lachiewicz	Medium
Vendor	pom	developer name	Trygve Laugstøl	Medium
Vendor	pom	developer name	Vincent Siveton	Medium
Vendor	pom	developer org	ASF	Medium
Vendor	pom	developer org	Envoi solutions	Medium
Vendor	pom	developer org	Walding Consulting Services	Medium
Vendor	pom	groupid	org.codehaus.plexus	Highest
Vendor	pom	name	Plexus Common Utilities	High
Vendor	pom	organization name	Codehaus Plexus	High
Vendor	pom	organization url	https://codehaus-plexus.github.io/	Medium
Vendor	pom	parent-artifactid	plexus	Low
Vendor	pom	url	https://codehaus-plexus.github.io/plexus-utils/	Highest
Product	file	name	plexus-utils	High
Product	jar	package name	codehaus	Highest
Product	jar	package name	org	Highest
Product	jar	package name	plexus	Highest
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	Implementation-Title	Plexus Common Utilities	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	Plexus Common Utilities	Medium
Product	pom	artifactid	plexus-utils	Highest
Product	pom	developer email	1983-01-06@gmx.net	Low
Product	pom	developer email	agudian@apache.org	Low
Product	pom	developer email	andy@handyande.co.uk	Low
Product	pom	developer email	apache@kav.dk	Low
Product	pom	developer email	belingueres@gmail.com	Low
Product	pom	developer email	brett@codehaus.org	Low
Product	pom	developer email	bwalding@codehaus.org	Low
Product	pom	developer email	carlos@codehaus.org	Low
Product	pom	developer email	dan@envoisolutions.com	Low
Product	pom	developer email	evenisse@codehaus.org	Low
Product	pom	developer email	gnodet@apache.org	Low
Product	pom	developer email	hboutemy@apache.org	Low
Product	pom	developer email	james@jamestaylor.org	Low
Product	pom	developer email	jason@maven.org	Low
Product	pom	developer email	jdcasey@codehaus.org	Low
Product	pom	developer email	joakim@erdfelt.com	Low
Product	pom	developer email	kenney@codehaus.org	Low
Product	pom	developer email	khmarbaise@apache.org	Low
Product	pom	developer email	krosenvold@apache.org	Low
Product	pom	developer email	kwin@apache.org	Low
Product	pom	developer email	mhw@kremvax.net	Low
Product	pom	developer email	mmaczka@interia.pl	Low
Product	pom	developer email	olamy@codehaus.org	Low
Product	pom	developer email	olegy@codehaus.org	Low
Product	pom	developer email	rahul.thakur.xdev@gmail.com	Low
Product	pom	developer email	sjaranowski@apache.org	Low
Product	pom	developer email	slachiewicz@apache.org	Low
Product	pom	developer email	trygvis@codehaus.org	Low
Product	pom	developer email	vsiveton@codehaus.org	Low
Product	pom	developer id	agudian	Low
Product	pom	developer id	belingueres	Low
Product	pom	developer id	brett	Low
Product	pom	developer id	bwalding	Low
Product	pom	developer id	carlos	Low
Product	pom	developer id	dandiep	Low
Product	pom	developer id	evenisse	Low
Product	pom	developer id	gnodet	Low
Product	pom	developer id	handyande	Low
Product	pom	developer id	hboutemy	Low
Product	pom	developer id	jdcasey	Low
Product	pom	developer id	joakime	Low
Product	pom	developer id	jtaylor	Low
Product	pom	developer id	jvanzyl	Low
Product	pom	developer id	kasper	Low
Product	pom	developer id	kaz	Low
Product	pom	developer id	kenney	Low
Product	pom	developer id	khmarbaise	Low
Product	pom	developer id	krosenvold	Low
Product	pom	developer id	kwin	Low
Product	pom	developer id	mhw	Low
Product	pom	developer id	michael-o	Low
Product	pom	developer id	michal	Low
Product	pom	developer id	olamy	Low
Product	pom	developer id	oleg	Low
Product	pom	developer id	rahul	Low
Product	pom	developer id	sjaranowski	Low
Product	pom	developer id	slachiewicz	Low
Product	pom	developer id	trygvis	Low
Product	pom	developer id	vsiveton	Low
Product	pom	developer name	Andreas Gudian	Low
Product	pom	developer name	Andrew Williams	Low
Product	pom	developer name	Ben Walding	Low
Product	pom	developer name	Brett Porter	Low
Product	pom	developer name	Carlos Sanchez	Low
Product	pom	developer name	Dan Diephouse	Low
Product	pom	developer name	Emmanuel Venisse	Low
Product	pom	developer name	Gabriel Belingueres	Low
Product	pom	developer name	Guillaume Nodet	Low
Product	pom	developer name	Hervé Boutemy	Low
Product	pom	developer name	James Taylor	Low
Product	pom	developer name	Jason van Zyl	Low
Product	pom	developer name	Joakim Erdfelt	Low
Product	pom	developer name	John Casey	Low
Product	pom	developer name	Karl Heinz Marbaise	Low
Product	pom	developer name	Kasper Nielsen	Low
Product	pom	developer name	Kenney Westerhof	Low
Product	pom	developer name	Konrad Windszus	Low
Product	pom	developer name	Kristian Rosenvold	Low
Product	pom	developer name	Mark Wilkinson	Low
Product	pom	developer name	Michael Osipov	Low
Product	pom	developer name	Michal Maczka	Low
Product	pom	developer name	Oleg Gusakov	Low
Product	pom	developer name	Olivier Lamy	Low
Product	pom	developer name	Pete Kazmier	Low
Product	pom	developer name	Rahul Thakur	Low
Product	pom	developer name	Slawomir Jaranowski	Low
Product	pom	developer name	Sylwester Lachiewicz	Low
Product	pom	developer name	Trygve Laugstøl	Low
Product	pom	developer name	Vincent Siveton	Low
Product	pom	developer org	ASF	Low
Product	pom	developer org	Envoi solutions	Low
Product	pom	developer org	Walding Consulting Services	Low
Product	pom	groupid	org.codehaus.plexus	Highest
Product	pom	name	Plexus Common Utilities	High
Product	pom	organization name	Codehaus Plexus	Low
Product	pom	organization url	https://codehaus-plexus.github.io/	Low
Product	pom	parent-artifactid	plexus	Medium
Product	pom	url	https://codehaus-plexus.github.io/plexus-utils/	Medium
Version	file	version	4.0.2	High
Version	Manifest	Implementation-Version	4.0.2	High
Version	pom	parent-version	4.0.2	Low
Version	pom	version	4.0.2	Highest

Identifiers

pkg:maven/org.codehaus.plexus/plexus-utils@4.0.2 (Confidence:High)
cpe:2.3:a:codehaus-plexus:plexus-utils:4.0.2:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:utils_project:utils:4.0.2:*:*:*:*:*:*:* (Confidence:Highest)

plexus-xml-3.0.2.jar

Description:

A collection of various utility classes to ease working with XML in Maven 3.

File Path: C:\Users\Jeremy\.m2\repository\org\codehaus\plexus\plexus-xml\3.0.2\plexus-xml-3.0.2.jar
MD5: e2feab7a114ac4a144632670734db7e4
SHA1: 70c207ae478a5011a14dcefe56f4bbda16e3bc87
SHA256:6a49fe0c49a06b5bcd6073ff16580fcb0dd87c50295e97a9fa9f95619b69921c
Referenced In Project/Scope: smartsprites-maven-plugin:compile
plexus-xml-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	plexus-xml	High
Vendor	jar	package name	codehaus	Highest
Vendor	jar	package name	plexus	Highest
Vendor	jar	package name	xml	Highest
Vendor	Manifest	build-jdk-spec	24	Low
Vendor	Manifest	Implementation-Vendor	Codehaus Plexus	High
Vendor	Manifest	specification-vendor	Codehaus Plexus	Low
Vendor	pom	artifactid	plexus-xml	Highest
Vendor	pom	artifactid	plexus-xml	Low
Vendor	pom	groupid	org.codehaus.plexus	Highest
Vendor	pom	name	Plexus XML Utilities	High
Vendor	pom	parent-artifactid	plexus	Low
Vendor	pom	url	https://codehaus-plexus.github.io/plexus-xml/	Highest
Product	file	name	plexus-xml	High
Product	jar	package name	codehaus	Highest
Product	jar	package name	plexus	Highest
Product	jar	package name	xml	Highest
Product	Manifest	build-jdk-spec	24	Low
Product	Manifest	Implementation-Title	Plexus XML Utilities	High
Product	Manifest	specification-title	Plexus XML Utilities	Medium
Product	pom	artifactid	plexus-xml	Highest
Product	pom	groupid	org.codehaus.plexus	Highest
Product	pom	name	Plexus XML Utilities	High
Product	pom	parent-artifactid	plexus	Medium
Product	pom	url	https://codehaus-plexus.github.io/plexus-xml/	Medium
Version	file	version	3.0.2	High
Version	Manifest	Implementation-Version	3.0.2	High
Version	pom	parent-version	3.0.2	Low
Version	pom	version	3.0.2	Highest

Identifiers

pkg:maven/org.codehaus.plexus/plexus-xml@3.0.2 (Confidence:High)

smartsprites-0.4.0.jar

Description:

CSS Sprites Generator Done Right. SmartSprites maintains CSS sprites in your designs,
    fully automatically. No tedious copying and pasting to your CSS when adding or changing
    sprited images.

License:

BSD license: https://opensource.org/license/bsd-2-clause

File Path: C:\Users\Jeremy\.m2\repository\com\github\hazendaz\smartsprites\0.4.0\smartsprites-0.4.0.jar
MD5: 12915ac2db896fd33b57e7ccb9a6c2cf
SHA1: f3fb3bdddea42e4c057ecafccfcf97ac44179f17
SHA256:ad78ecccced7096d8782ae0c7f776df1e723550707076659074460454f60485f
Referenced In Project/Scope: smartsprites-maven-plugin:compile
pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	smartsprites	High
Vendor	jar	package name	carrot2	Highest
Vendor	jar	package name	css	Highest
Vendor	jar	package name	labs	Highest
Vendor	jar	package name	smartsprites	Highest
Vendor	Manifest	automatic-module-name	org.carrot2.labs.smartsprites	Medium
Vendor	Manifest	build-jdk-spec	21	Low
Vendor	Manifest	copyright	2025	Low
Vendor	Manifest	git-revision	b41d355ec23bee489ab993578e1a806350cf3eed	Low
Vendor	Manifest	Implementation-Vendor	Carrot Search s.c.	High
Vendor	Manifest	specification-vendor	Carrot Search s.c.	Low
Vendor	pom	artifactid	smartsprites	Highest
Vendor	pom	artifactid	smartsprites	Low
Vendor	pom	developer email	dawid.weiss@carrotsearch.com	Low
Vendor	pom	developer email	stanislaw.osinski@carrotsearch.com	Low
Vendor	pom	developer id	dawid.weiss	Medium
Vendor	pom	developer id	stanislaw.osinski	Medium
Vendor	pom	developer name	Dawid Weiss	Medium
Vendor	pom	developer name	Stanisław Osiński	Medium
Vendor	pom	groupid	com.github.hazendaz	Highest
Vendor	pom	name	smartsprites	High
Vendor	pom	organization name	Carrot Search s.c.	High
Vendor	pom	organization url	https://www.carrotsearch.com/	Medium
Vendor	pom	parent-artifactid	base-parent	Low
Vendor	pom	url	carrotsearch/smartsprites/wiki/Documentation	Highest
Product	file	name	smartsprites	High
Product	jar	package name	carrot2	Highest
Product	jar	package name	css	Highest
Product	jar	package name	labs	Highest
Product	jar	package name	smartsprites	Highest
Product	Manifest	automatic-module-name	org.carrot2.labs.smartsprites	Medium
Product	Manifest	build-jdk-spec	21	Low
Product	Manifest	copyright	2025	Low
Product	Manifest	git-revision	b41d355ec23bee489ab993578e1a806350cf3eed	Low
Product	Manifest	Implementation-Title	smartsprites	High
Product	Manifest	specification-title	smartsprites	Medium
Product	pom	artifactid	smartsprites	Highest
Product	pom	developer email	dawid.weiss@carrotsearch.com	Low
Product	pom	developer email	stanislaw.osinski@carrotsearch.com	Low
Product	pom	developer id	dawid.weiss	Low
Product	pom	developer id	stanislaw.osinski	Low
Product	pom	developer name	Dawid Weiss	Low
Product	pom	developer name	Stanisław Osiński	Low
Product	pom	groupid	com.github.hazendaz	Highest
Product	pom	name	smartsprites	High
Product	pom	organization name	Carrot Search s.c.	Low
Product	pom	organization url	https://www.carrotsearch.com/	Low
Product	pom	parent-artifactid	base-parent	Medium
Product	pom	url	carrotsearch/smartsprites/wiki/Documentation	High
Version	file	version	0.4.0	High
Version	Manifest	Implementation-Version	0.4.0	High
Version	pom	parent-version	0.4.0	Low
Version	pom	version	0.4.0	Highest

Identifiers

pkg:maven/com.github.hazendaz/smartsprites@0.4.0 (Confidence:High)

spotbugs-annotations-4.9.3.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html

File Path: C:\Users\Jeremy\.m2\repository\com\github\spotbugs\spotbugs-annotations\4.9.3\spotbugs-annotations-4.9.3.jar
MD5: 6149845e438bd5a34ebaf81f8bc9e243
SHA1: 4d362bffcfdfd734999e94d7d98fde678aae71cf
SHA256:13532bfe2f45fcd491432221df72d9cd0efb8f987c9245e12befa192c8925ce3
Referenced In Project/Scope: smartsprites-maven-plugin:provided
pkg:maven/com.github.hazendaz.maven/smartsprites-maven-plugin@2.4.0

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	spotbugs-annotations	High
Vendor	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Vendor	Manifest	bundle-requiredexecutionenvironment	JavaSE-11	Low
Vendor	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Vendor	pom	artifactid	spotbugs-annotations	Highest
Vendor	pom	artifactid	spotbugs-annotations	Low
Vendor	pom	developer email	andreas.sewe@codetrails.com	Low
Vendor	pom	developer email	dbrosius@mebigfatguy.com	Low
Vendor	pom	developer email	loskutov@gmx.de	Low
Vendor	pom	developer email	skypencil@gmail.com	Low
Vendor	pom	developer id	henrik242	Medium
Vendor	pom	developer id	iloveeclipse	Medium
Vendor	pom	developer id	jsotuyod	Medium
Vendor	pom	developer id	KengoTODA	Medium
Vendor	pom	developer id	mebigfatguy	Medium
Vendor	pom	developer id	sewe	Medium
Vendor	pom	developer id	ThrawnCA	Medium
Vendor	pom	developer name	Andreas Sewe	Medium
Vendor	pom	developer name	Andrey Loskutov	Medium
Vendor	pom	developer name	Dave Brosius	Medium
Vendor	pom	developer name	Juan Martín Sotuyo Dodero	Medium
Vendor	pom	developer name	Kengo TODA	Medium
Vendor	pom	groupid	com.github.spotbugs	Highest
Vendor	pom	name	SpotBugs Annotations	High
Vendor	pom	url	https://spotbugs.github.io/	Highest
Product	file	name	spotbugs-annotations	High
Product	Manifest	automatic-module-name	com.github.spotbugs.annotations	Medium
Product	Manifest	Bundle-Name	spotbugs-annotations	Medium
Product	Manifest	bundle-requiredexecutionenvironment	JavaSE-11	Low
Product	Manifest	bundle-symbolicname	spotbugs-annotations	Medium
Product	pom	artifactid	spotbugs-annotations	Highest
Product	pom	developer email	andreas.sewe@codetrails.com	Low
Product	pom	developer email	dbrosius@mebigfatguy.com	Low
Product	pom	developer email	loskutov@gmx.de	Low
Product	pom	developer email	skypencil@gmail.com	Low
Product	pom	developer id	henrik242	Low
Product	pom	developer id	iloveeclipse	Low
Product	pom	developer id	jsotuyod	Low
Product	pom	developer id	KengoTODA	Low
Product	pom	developer id	mebigfatguy	Low
Product	pom	developer id	sewe	Low
Product	pom	developer id	ThrawnCA	Low
Product	pom	developer name	Andreas Sewe	Low
Product	pom	developer name	Andrey Loskutov	Low
Product	pom	developer name	Dave Brosius	Low
Product	pom	developer name	Juan Martín Sotuyo Dodero	Low
Product	pom	developer name	Kengo TODA	Low
Product	pom	groupid	com.github.spotbugs	Highest
Product	pom	name	SpotBugs Annotations	High
Product	pom	url	https://spotbugs.github.io/	Medium
Version	file	version	4.9.3	High
Version	Manifest	Bundle-Version	4.9.3	High
Version	pom	version	4.9.3	Highest

Identifiers

pkg:maven/com.github.spotbugs/spotbugs-annotations@4.9.3 (Confidence:High)

How to read the report | Suppressing false positives | Getting Help: github issues Sponsor

Project: smartsprites-maven-plugin

com.github.hazendaz.maven:smartsprites-maven-plugin:2.4.0

Summary

Dependencies (vulnerable)

args4j-2.37.jar

Evidence

Identifiers

checker-qual-3.49.2.jar

Evidence

Identifiers

commons-io-2.19.0.jar

Evidence

Identifiers

commons-math3-3.6.1.jar

Evidence

Identifiers

error_prone_annotations-2.37.0.jar

Evidence

Identifiers

failureaccess-1.0.3.jar

Evidence

Identifiers

guava-33.4.8-jre.jar

Evidence

Identifiers

j2objc-annotations-3.0.0.jar

Evidence

Identifiers

jspecify-1.0.0.jar

Evidence

Identifiers

jsr305-3.0.2.jar

Evidence

Identifiers

listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar

Evidence

Identifiers

lombok-1.18.38.jar: mavenEcjBootstrapAgent.jar

Evidence

Identifiers

lombok-1.18.38.jar

Evidence

Identifiers

maven-artifact-3.9.9.jar

Evidence

Identifiers

maven-model-3.9.9.jar

Evidence

Identifiers

maven-plugin-annotations-3.15.1.jar

Evidence

Identifiers

maven-plugin-api-3.9.9.jar

Evidence

Identifiers

modernizer-maven-annotations-3.1.0.jar

Evidence

Identifiers

org.eclipse.sisu.inject-0.9.0.M3.jar

Evidence

Identifiers

org.eclipse.sisu.plexus-0.9.0.M3.jar

Evidence

Identifiers

plexus-classworlds-2.8.0.jar

Evidence

Identifiers

plexus-component-annotations-2.1.0.jar

Evidence

Identifiers

plexus-utils-4.0.2.jar

Evidence

Identifiers

plexus-xml-3.0.2.jar

Evidence

Identifiers

smartsprites-0.4.0.jar

Evidence

Identifiers

How to read the report | Suppressing false positives | Getting Help: github issues

Sponsor