Application Composition Report 46 63 7 1 17 61

Application Composition Report

Of aai-resources, Build Scanned On Sat Dec 23 2017 at 00:24:42 Using Scanner 2.21.0-01 Report Created On Wed Dec 27 2017 at 22:24:57

Scope of Analysis

395 1 16 61 116 79 COMPONENTS IDENTIFIED POLICY ALERTS SECURITY ALERTS LICENSE ALERTS 98% OF ALL COMPONENTS ARE IDENTIFIED AFFECTING 78 COMPONENTS AFFECTING 46 COMPONENTS

Security Issues

How bad are the vulnerabilities and how many are there?

Critical (7-10) Dependency Depth 46 The summary of security issues demonstrates 1 the breakdown of vulnerabilities based on severity and the threat level it poses to your Severe (4-6) application. 2 The dependency depth highlights quantity and 63 severity and distribution within the 3 application's dependencies. Moderate (1-3) 4

7 5+

License Analysis

What type of licenses and how many of each?

Critical (8-10) Dependency Depth

The summary of license analysis 1 1 demonstrates the number of licenses detected in each category. 2 Severe (4-7) The dependency depth compares quantity by category and the distribution within your application's 3 17 dependencies. 4 Moderate (1-3) 61 5+

No Threat (0) 316 Policy Violations

Threat Policy Name Actions Component Conditions 10 No strong copyleft Warning com.googlecode.java-diff-utils : diffutils : License Threat 1.3.0 Group is 'Strong Copyleft' 7 No use restrictions Warning dom4j : dom4j : 1.6.1 License Threat Group is 'Use Restrictions' org.freemarker : freemarker : 2.3.14 License Threat Group is 'Use Restrictions' org.grails : grails-web : 1.3.7 License Threat Group is 'Use Restrictions' org.json : json : 20090211 License Threat Group is 'Use Restrictions' org.twitter4j : twitter4j-core : 4.0.3 License Threat Group is 'Use Restrictions' xml-apis : xml-apis : 1.0.b2 License Threat Group is 'Use Restrictions' 5 No weak copyleft LGPL Warning bsh : bsh : 1.3.0 License Threat Group is 'Weak Copyleft - LGPL' it.unimi.dsi : fastutil : 6.5.7 License Threat Group is 'Weak Copyleft - LGPL' net.java.dev.jna : jna : 4.0.0 License Threat Group is 'Weak Copyleft - LGPL' org.acplt : oncrpc : 1.0.7 License Threat Group is 'Weak Copyleft - LGPL' org.hibernate : hibernate-validator : License Threat 4.3.0.Final Group is 'Weak Copyleft - LGPL' org.jboss.logging : jboss-logging : License Threat 3.1.0.CR2 Group is 'Weak Copyleft - LGPL' org.xhtmlrenderer : core-renderer : R8 License Threat Group is 'Weak Copyleft - LGPL' 5 No standards body terms Warning jtidy : jtidy : 4aug2000r7-dev License Threat Group is 'Standards Bodies' org.apache.cxf : cxf-core : 3.0.6 License Threat Group is 'Standards Bodies' org.apache.cxf : cxf-rt-ws-policy : 3.0.6 License Threat Group is 'Standards Bodies' xml-apis : xml-apis : 1.0.b2 License Threat Group is 'Standards Bodies' Threat Policy Name Actions Component Conditions 3 No weak copyleft - non-LGPL Warning ch.qos.logback : logback-access : 1.1.7 License Threat Group is 'Weak Copyleft - non-LGPL' ch.qos.logback : logback-classic : 1.1.7 License Threat Group is 'Weak Copyleft - non-LGPL' ch.qos.logback : logback-core : 1.1.7 License Threat Group is 'Weak Copyleft - non-LGPL' com.rabbitmq : amqp-client : 3.6.1 License Threat Group is 'Weak Copyleft - non-LGPL' com.sun.jersey : jersey-client : 1.18 License Threat Group is 'Weak Copyleft - non-LGPL' com.sun.jersey : jersey-core : 1.18 License Threat Group is 'Weak Copyleft - non-LGPL' com.sun.jersey : jersey-json : 1.18 License Threat Group is 'Weak Copyleft - non-LGPL' com.sun.xml.bind : jaxb-core : 2.2.11 License Threat Group is 'Weak Copyleft - non-LGPL' com.sun.xml.bind : jaxb-impl : 2.2.11 License Threat Group is 'Weak Copyleft - non-LGPL' com.sun.xml.bind : jaxb-xjc : 2.2.11 License Threat Group is 'Weak Copyleft - non-LGPL' javax.activation : activation : 1.1 License Threat Group is 'Weak Copyleft - non-LGPL' javax.annotation : javax.annotation-api : License Threat 1.2 Group is 'Weak Copyleft - non-LGPL' javax.mail : mail : 1.4.7 License Threat Group is 'Weak Copyleft - non-LGPL' javax.mail : mailapi : 1.4.3 License Threat Group is 'Weak Copyleft - non-LGPL' javax.persistence : persistence-api : 1.0 License Threat Group is 'Weak Copyleft - non-LGPL' javax.servlet : javax.servlet-api : 3.1.0 License Threat Group is 'Weak Copyleft - non-LGPL' javax.ws.rs : javax.ws.rs-api : 2.0.1 License Threat Group is 'Weak Copyleft - non-LGPL' javax.xml.bind : jaxb-api : 2.2.11 License Threat Group is 'Weak Copyleft - non-LGPL' junit : junit : 4.11 License Threat Group is 'Weak Copyleft - non-LGPL' org.aspectj : aspectjrt : 1.6.8 License Threat Group is 'Weak Copyleft - non-LGPL' Threat Policy Name Actions Component Conditions org.codehaus.groovy : groovy : 2.4.1 License Threat Group is 'Weak Copyleft - non-LGPL' org.codehaus.groovy : groovy : jar : indy : License Threat 2.4.1 Group is 'Weak Copyleft - non-LGPL' org.codehaus.groovy : groovy-all : 2.4.3 License Threat Group is 'Weak Copyleft - non-LGPL' org.codehaus.groovy : groovy-eclipse- License Threat compiler : 2.8.0-01 Group is 'Weak Copyleft - non-LGPL' org.eclipse.jetty.orbit : javax.servlet : License Threat 3.0.0.v201112011016 Group is 'Weak Copyleft - non-LGPL' org.eclipse.persistence : commonj.sdo : License Threat 2.1.1 Group is 'Weak Copyleft - non-LGPL' org.eclipse.persistence : eclipselink : 2.6.2 License Threat Group is 'Weak Copyleft - non-LGPL' org.eclipse.persistence : License Threat javax.persistence : 2.1.1 Group is 'Weak Copyleft - non-LGPL' org.eclipse.persistence : License Threat org.eclipse.persistence.asm : 2.6.2 Group is 'Weak Copyleft - non-LGPL' org.eclipse.persistence : License Threat org.eclipse.persistence.core : 2.6.2 Group is 'Weak Copyleft - non-LGPL' org.eclipse.persistence : License Threat org.eclipse.persistence.moxy : 2.6.2 Group is 'Weak Copyleft - non-LGPL' org.freemarker : freemarker : 2.3.14 License Threat Group is 'Weak Copyleft - non-LGPL' org.glassfish : javax.json : 1.0 License Threat Group is 'Weak Copyleft - non-LGPL' org.glassfish.hk2 : hk2-api : 2.4.0-b31 License Threat Group is 'Weak Copyleft - non-LGPL' org.glassfish.hk2 : hk2-locator : 2.4.0-b31 License Threat Group is 'Weak Copyleft - non-LGPL' org.glassfish.hk2 : hk2-utils : 2.4.0-b31 License Threat Group is 'Weak Copyleft - non-LGPL' org.glassfish.hk2 : osgi-resource-locator : License Threat 1.0.1 Group is 'Weak Copyleft - non-LGPL' org.glassfish.hk2.external : aopalliance- License Threat repackaged : 2.4.0-b31 Group is 'Weak Copyleft - non-LGPL' org.glassfish.hk2.external : javax.inject : License Threat 2.4.0-b31 Group is 'Weak Copyleft - non-LGPL' org.glassfish.jersey.bundles.repackaged : License Threat jersey-guava : 2.22.1 Group is 'Weak Copyleft - non-LGPL' Threat Policy Name Actions Component Conditions org.glassfish.jersey.core : jersey-client : License Threat 2.22.1 Group is 'Weak Copyleft - non-LGPL' org.glassfish.jersey.core : jersey- License Threat common : 2.22.1 Group is 'Weak Copyleft - non-LGPL' org.glassfish.jersey.ext : jersey-entity- License Threat filtering : 2.22.1 Group is 'Weak Copyleft - non-LGPL' org.glassfish.jersey.media : jersey-media- License Threat json-jackson : 2.22.1 Group is 'Weak Copyleft - non-LGPL' org.grails : grails-core : 1.3.7 License Threat Group is 'Weak Copyleft - non-LGPL' org.grails : grails-web : 1.3.7 License Threat Group is 'Weak Copyleft - non-LGPL' org.hamcrest : hamcrest-junit : 2.0.0.0 License Threat Group is 'Weak Copyleft - non-LGPL' org.mozilla : rhino : 1.7R4 License Threat Group is 'Weak Copyleft - non-LGPL' wsdl4j : wsdl4j : 1.6.3 License Threat Group is 'Weak Copyleft - non-LGPL' Threat Policy Name Actions Component Conditions 2 No advertising clause Warning com.att.aft : dme2 : 3.1.200 License Threat Group is 'Advertising Clause' com.att.ajsc : ajsc-core : 2.1.0 License Threat Group is 'Advertising Clause' com.att.ajsc : ajsc-runner : 2.1.0 License Threat Group is 'Advertising Clause' com.att.ajsc : ajsc-war : war : 2.1.0 License Threat Group is 'Advertising Clause' com.att.eelf : eelf-core : 1.0.0 License Threat Group is 'Advertising Clause' com.att.nsa : dmaapClient : 0.2.12 License Threat Group is 'Advertising Clause' com.att.nsa : saClientLibrary : 0.0.1 License Threat Group is 'Advertising Clause' com.att.nsa : saToolkit : 0.0.1 License Threat Group is 'Advertising Clause' com.googlecode.java-diff-utils : diffutils : License Threat 1.3.0 Group is 'Advertising Clause' commons-cli : commons-cli : 1.0 License Threat Group is 'Advertising Clause' commons-el : commons-el : 1.0 License Threat Group is 'Advertising Clause' dom4j : dom4j : 1.6.1 License Threat Group is 'Advertising Clause' opensymphony : sitemesh : 2.4 License Threat Group is 'Advertising Clause' org.codehaus.plexus : plexus-utils : 3.0.8 License Threat Group is 'Advertising Clause' org.freemarker : freemarker : 2.3.14 License Threat Group is 'Advertising Clause' oro : oro : 2.0.8 License Threat Group is 'Advertising Clause' xpp3 : xpp3 : 1.1.4c License Threat Group is 'Advertising Clause' Security Issues

Threat Level Problem Code Component Status 8 CVE-2017-7525 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2017-7525 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2017-7525 com.fasterxml.jackson.core : jackson-databind : 2.1.4 Open

CVE-2017-7525 com.fasterxml.jackson.core : jackson-databind : 2.2.3 Open

CVE-2017-7525 org.codehaus.jackson : jackson-mapper-asl : 1.9.13 Open

7 CVE-2017-5929 ch.qos.logback : logback-access : 1.1.7 Open

CVE-2017-5929 ch.qos.logback : logback-classic : 1.1.7 Open

CVE-2013-2186 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2014-0050 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2014-0114 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2015-3253 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2016-1000 com.att.ajsc : ajsc-runner : 2.1.0 Open 031 CVE-2016-3092 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2017-5929 com.att.ajsc : ajsc-runner : 2.1.0 Open

sonatype-2007- com.att.ajsc : ajsc-runner : 2.1.0 Open 0004 sonatype-2016- com.att.ajsc : ajsc-runner : 2.1.0 Open 0398 sonatype-2017- com.att.ajsc : ajsc-runner : 2.1.0 Open 0355 sonatype-2017- com.att.ajsc : ajsc-runner : 2.1.0 Open 0359 CVE-2013-2186 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2014-0050 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2014-0114 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2015-3253 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2016-1000 com.att.ajsc : ajsc-war : war : 2.1.0 Open 031 CVE-2016-3092 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2017-5929 com.att.ajsc : ajsc-war : war : 2.1.0 Open

sonatype-2007- com.att.ajsc : ajsc-war : war : 2.1.0 Open 0004 sonatype-2016- com.att.ajsc : ajsc-war : war : 2.1.0 Open 0398 sonatype-2017- com.att.ajsc : ajsc-war : war : 2.1.0 Open 0355 sonatype-2017- com.att.ajsc : ajsc-war : war : 2.1.0 Open 0359 sonatype-2017- com.fasterxml.jackson.core : jackson-core : 2.4.3 Open 0355 Threat Level Problem Code Component Status CVE-2014-0114 commons-beanutils : commons-beanutils : 1.7.0 Open

CVE-2014-0114 commons-beanutils : commons-beanutils : 1.9.2 Open

CVE-2013-2186 commons-fileupload : commons-fileupload : 1.2.1 Open

CVE-2014-0050 commons-fileupload : commons-fileupload : 1.2.1 Open

CVE-2016-1000 commons-fileupload : commons-fileupload : 1.2.1 Open 031 CVE-2016-3092 commons-fileupload : commons-fileupload : 1.2.1 Open

sonatype-2007- commons-httpclient : commons-httpclient : 3.1 Open 0004 CVE-2016-4970 io.netty : netty-all : 4.0.28.Final Open

CVE-2015-3208 org.apache.activemq : activemq-broker : 5.14.4 Open

sonatype-2017- org.apache.httpcomponents : httpclient : 4.3.6 Open 0359 sonatype-2017- org.apache.httpcomponents : httpclient : 4.5.2 Open 0359 CVE-2015-3253 org.codehaus.groovy : groovy : 2.4.1 Open

CVE-2015-3253 org.codehaus.groovy : groovy : jar : indy : 2.4.1 Open

CVE-2015-3253 org.codehaus.groovy : groovy-all : 2.4.3 Open

sonatype-2016- org.codehaus.plexus : plexus-utils : 3.0.8 Open 0398 sonatype-2012- org.freemarker : freemarker : 2.3.14 Open 0007 6 CVE-2016-2510 bsh : bsh : 1.3.0 Open

CVE-2016-2510 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2016-4977 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2016-2510 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2016-4977 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2016-5393 org.apache.hadoop : hadoop-common : 2.5.1 Open

sonatype-2008- org.apache.hadoop : hadoop-mapreduce-client-core : 2.5.1 Open 0019 CVE-2017-7536 org.hibernate : hibernate-validator : 4.3.0.Final Open

CVE-2016-4977 org.springframework.security.oauth : spring-security-oauth2 : Open 1.0.5.RELEASE

5 CVE-2012-1833 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2012-2098 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2012-5783 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2016-5007 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2016-9878 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2016-9879 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2017-5643 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2017-9735 com.att.ajsc : ajsc-runner : 2.1.0 Open Threat Level Problem Code Component Status sonatype-2015- com.att.ajsc : ajsc-runner : 2.1.0 Open 0090 sonatype-2016- com.att.ajsc : ajsc-runner : 2.1.0 Open 0397 CVE-2012-1833 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2012-2098 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2012-5783 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2016-5007 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2016-9878 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2016-9879 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2017-5643 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2017-9735 com.att.ajsc : ajsc-war : war : 2.1.0 Open

sonatype-2015- com.att.ajsc : ajsc-war : war : 2.1.0 Open 0090 sonatype-2016- com.att.ajsc : ajsc-war : war : 2.1.0 Open 0397 sonatype-2016- com.fasterxml.jackson.core : jackson-core : 2.4.3 Open 0397 sonatype-2015- com.googlecode.libphonenumber : libphonenumber : 6.2 Open 0090 CVE-2012-5783 commons-httpclient : commons-httpclient : 3.1 Open

CVE-2014-0193 io.netty : netty : 3.6.2.Final Open

CVE-2014-0363 jivesoftware : smack : 3.0.4 Open

CVE-2014-0364 jivesoftware : smack : 3.0.4 Open

CVE-2012-2098 org.apache.ant : ant : 1.7.1 Open

CVE-2017-5643 org.apache.camel : camel-core : 2.15.5 Open

CVE-2014-3627 org.apache.hadoop : hadoop-yarn-common : 2.5.1 Open

CVE-2017-5637 org.apache.zookeeper : zookeeper : 3.4.6 Open

CVE-2017-9735 org.eclipse.jetty : jetty-util : 9.2.9.v20150224 Open

sonatype-2012- org.freemarker : freemarker : 2.3.14 Open 0006 CVE-2012-1833 org.grails : grails-web : 1.3.7 Open

CVE-2014-3558 org.hibernate : hibernate-validator : 4.3.0.Final Open

CVE-2015-0886 org.mindrot : jbcrypt : 0.3m Open

CVE-2016-9878 org.springframework : spring-webmvc : 4.2.5.RELEASE Open

CVE-2016-5007 org.springframework.security : spring-security-config : 4.0.4.RELEASE Open

CVE-2016-9879 org.springframework.security : spring-security-web : 4.0.4.RELEASE Open

4 CVE-2012-6153 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2016-5725 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2016-6812 com.att.ajsc : ajsc-runner : 2.1.0 Open Threat Level Problem Code Component Status CVE-2017-1262 com.att.ajsc : ajsc-runner : 2.1.0 Open 4 CVE-2012-6153 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2016-5725 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2016-6812 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2017-1262 com.att.ajsc : ajsc-war : war : 2.1.0 Open 4 CVE-2016-5725 com.jcraft : jsch : 0.1.27 Open

CVE-2016-5725 com.jcraft : jsch : 0.1.42 Open

CVE-2012-6153 commons-httpclient : commons-httpclient : 3.1 Open

CVE-2017-1262 org.apache.cxf : cxf-core : 3.0.6 Open 4 CVE-2017-1262 org.apache.cxf : cxf-rt-frontend-jaxrs : 3.0.6 Open 4 CVE-2016-6812 org.apache.cxf : cxf-rt-transports-http : 3.0.6 Open

CVE-2014-3566 org.apache.hadoop : hadoop-common : 2.5.1 Open

CVE-2017-3161 org.apache.hadoop : hadoop-common : 2.5.1 Open

3 CVE-2013-0248 com.att.ajsc : ajsc-runner : 2.1.0 Open

CVE-2013-0248 com.att.ajsc : ajsc-war : war : 2.1.0 Open

CVE-2013-0248 commons-fileupload : commons-fileupload : 1.2.1 Open

2 CVE-2016-1002 com.att.ajsc : ajsc-runner : 2.1.0 Open 7 CVE-2016-1002 com.att.ajsc : ajsc-war : war : 2.1.0 Open 7 CVE-2015-7559 org.apache.activemq : activemq-client : 5.14.4 Open

CVE-2016-1002 org.igniterealtime.smack : smack-tcp : 4.0.7 Open 7 License Analysis

License Threat Component Status Apache-1.1, Apache-2.0, com.googlecode.java-diff-utils : diffutils : 1.3.0 Selected GPL-3.0 Apache-1.1, Sun-IP dom4j : dom4j : 1.6.1 Selected

Apache-1.1, CDDL-1.1, org.freemarker : freemarker : 2.3.14 Selected Sun-Restricted Apache-2.0, CDDL-1.1, org.grails : grails-web : 1.3.7 Overridden JSON, Sun-IP JSON org.json : json : 20090211 Selected

Apache-2.0, JSON org.twitter4j : twitter4j-core : 4.0.3 Selected

Apache-2.0, Public xml-apis : xml-apis : 1.0.b2 Selected Domain, Sun-IP, W3C Apache-2.0, W3C, WS- org.apache.cxf : cxf-core : 3.0.6 Selected Addressing-200403, WS- Addressing-200408 Apache-2.0, OASIS, org.apache.cxf : cxf-rt-ws-policy : 3.0.6 Selected W3C, WS- Addressing-200408 LGPL-2.1 bsh : bsh : 1.3.0 Overridden

Apache-2.0, HPND, it.unimi.dsi : fastutil : 6.5.7 Overridden LGPL-2.1 Public Domain, W3C, Zlib jtidy : jtidy : 4aug2000r7-dev Overridden

Apache-2.0, LGPL-2.1 net.java.dev.jna : jna : 4.0.0 Selected

LGPL-3.0 org.acplt : oncrpc : 1.0.7 Selected

Not Declared, No Source org.codehaus.plexus : plexus-i18n : 1.0-beta-7 Confirmed License Apache-2.0, LGPL-2.1, org.hibernate : hibernate-validator : 4.3.0.Final Overridden Public Domain LGPL-2.1 org.jboss.logging : jboss-logging : 3.1.0.CR2 Selected

LGPL-2.1 org.xhtmlrenderer : core-renderer : R8 Selected

EPL-1.0 ch.qos.logback : logback-access : 1.1.7 Selected

EPL-1.0 ch.qos.logback : logback-classic : 1.1.7 Selected

EPL-1.0 ch.qos.logback : logback-core : 1.1.7 Selected

Apache-2.0, MPL-1.1, com.rabbitmq : amqp-client : 3.6.1 Selected Public Domain CDDL-1.1 com.sun.jersey : jersey-client : 1.18 Selected

Apache-2.0, CDDL-1.0, com.sun.jersey : jersey-core : 1.18 Selected CDDL-1.1 CDDL-1.1 com.sun.jersey : jersey-json : 1.18 Selected

CDDL-1.1 com.sun.xml.bind : jaxb-core : 2.2.11 Selected

CDDL-1.1 com.sun.xml.bind : jaxb-impl : 2.2.11 Selected

Apache-2.0, BSD-3- com.sun.xml.bind : jaxb-xjc : 2.2.11 Selected Clause, CDDL-1.1, MIT CDDL-1.0 javax.activation : activation : 1.1 Selected License Threat Component Status CDDL-1.1 javax.annotation : javax.annotation-api : 1.2 Selected

CDDL-1.1 javax.mail : mail : 1.4.7 Selected

CDDL-1.0 javax.mail : mailapi : 1.4.3 Selected

CDDL-1.0 javax.persistence : persistence-api : 1.0 Selected

Apache-2.0, CDDL-1.0, javax.servlet : javax.servlet-api : 3.1.0 Selected CDDL-1.1 Apache-2.0, CDDL-1.1 javax.ws.rs : javax.ws.rs-api : 2.0.1 Selected

CDDL-1.1 javax.xml.bind : jaxb-api : 2.2.11 Selected

CPL-1.0 junit : junit : 4.11 Selected

EPL-1.0 org.aspectj : aspectjrt : 1.6.8 Selected

Apache-2.0, CPL-1.0, org.codehaus.groovy : groovy : 2.4.1 Selected Public Domain Apache-2.0, CPL-1.0, org.codehaus.groovy : groovy : jar : indy : 2.4.1 Selected Public Domain Apache-2.0, BSD-3- org.codehaus.groovy : groovy-all : 2.4.3 Selected Clause, CPL-1.0, Public Domain Apache-2.0, EPL-1.0 org.codehaus.groovy : groovy-eclipse-compiler : 2.8.0-01 Selected

Apache-2.0, CDDL-1.1, org.eclipse.jetty.orbit : javax.servlet : 3.0.0.v201112011016 Selected EPL-1.0 BSD-3-Clause, EPL-1.0 org.eclipse.persistence : commonj.sdo : 2.1.1 Selected

BSD-3-Clause, EPL-1.0 org.eclipse.persistence : eclipselink : 2.6.2 Selected

BSD-3-Clause, EPL-1.0 org.eclipse.persistence : javax.persistence : 2.1.1 Selected

BSD-3-Clause, EPL-1.0 org.eclipse.persistence : org.eclipse.persistence.asm : 2.6.2 Selected

BSD-3-Clause, EPL-1.0 org.eclipse.persistence : org.eclipse.persistence.core : 2.6.2 Selected

BSD-3-Clause, EPL-1.0 org.eclipse.persistence : org.eclipse.persistence.moxy : 2.6.2 Selected

CDDL-1.1 org.glassfish : javax.json : 1.0 Selected

CDDL-1.1 org.glassfish.hk2 : hk2-api : 2.4.0-b31 Selected

CDDL-1.1 org.glassfish.hk2 : hk2-locator : 2.4.0-b31 Selected

CDDL-1.1 org.glassfish.hk2 : hk2-utils : 2.4.0-b31 Selected

CDDL-1.1 org.glassfish.hk2 : osgi-resource-locator : 1.0.1 Selected

CDDL-1.1 org.glassfish.hk2.external : aopalliance-repackaged : 2.4.0-b31 Selected

Apache-2.0, CDDL-1.1 org.glassfish.hk2.external : javax.inject : 2.4.0-b31 Selected

Apache-2.0, CC0-1.0, org.glassfish.jersey.bundles.repackaged : jersey-guava : 2.22.1 Overridden CDDL-1.1, Public Domain CDDL-1.1 org.glassfish.jersey.core : jersey-client : 2.22.1 Selected

CDDL-1.1 org.glassfish.jersey.core : jersey-common : 2.22.1 Selected

CDDL-1.1 org.glassfish.jersey.ext : jersey-entity-filtering : 2.22.1 Selected

CDDL-1.1 org.glassfish.jersey.media : jersey-media-json-jackson : 2.22.1 Selected

Apache-2.0, CDDL-1.1 org.grails : grails-core : 1.3.7 Overridden License Threat Component Status EPL-1.0 org.hamcrest : hamcrest-junit : 2.0.0.0 Selected

BSD-3-Clause, MPL-2.0 org.mozilla : rhino : 1.7R4 Selected

CPL-1.0 wsdl4j : wsdl4j : 1.6.3 Selected

BSD-4-Clause com.att.aft : dme2 : 3.1.200 Overridden

BSD-4-Clause com.att.ajsc : ajsc-core : 2.1.0 Overridden

BSD-4-Clause com.att.ajsc : ajsc-runner : 2.1.0 Overridden

BSD-4-Clause com.att.ajsc : ajsc-war : war : 2.1.0 Overridden

BSD-4-Clause com.att.eelf : eelf-core : 1.0.0 Overridden

BSD-3-Clause, BSD-4- com.att.nsa : dmaapClient : 0.2.12 Selected Clause BSD-4-Clause com.att.nsa : saClientLibrary : 0.0.1 Overridden

Apache-2.0, BSD-4- com.att.nsa : saToolkit : 0.0.1 Overridden Clause Apache-1.1 commons-cli : commons-cli : 1.0 Selected

Apache-1.1, Apache-2.0 commons-el : commons-el : 1.0 Selected

Apache-1.1 opensymphony : sitemesh : 2.4 Selected

Apache-1.1, Apache-2.0, org.codehaus.plexus : plexus-utils : 3.0.8 Overridden BSD-2-Clause, BSD-3- Clause, Public Domain, XPP-1.1.1, XPP-1.2 Apache-1.1 oro : oro : 2.0.8 Selected

Apache-1.1, Public xpp3 : xpp3 : 1.1.4c Selected Domain, XPP-1.1.1, XPP-1.2 Public Domain aopalliance : aopalliance : 1.0 Selected

BSD-3-Clause asm : asm : 3.3.1 Selected

Public Domain backport-util-concurrent : backport-util-concurrent : 3.1 Selected

Apache-2.0, BSD-3- cglib : cglib-nodep : 2.2 Selected Clause BSD classworlds : classworlds : 1.1 Overridden

Apache-2.0 com.addthis.metrics : reporter-config : 2.1.0 Selected

Apache-2.0 com.att.camel : att-camel-dme2-servlet : 2.15.5 Selected

Apache-2.0 com.bazaarvoice.jolt : jolt-complete : 0.0.24 Selected

Apache-2.0 com.bazaarvoice.jolt : jolt-core : 0.0.24 Selected

Apache-2.0 com.bazaarvoice.jolt : json-utils : 0.0.24 Selected

Apache-2.0 com.beust : jcommander : 1.48 Selected

MIT, Public Domain com.boundary : high-scale-lib : 1.0.6 Selected

Apache-2.0 com.carrotsearch : hppc : 0.7.1 Selected

Apache-2.0 com.carrotsearch : junit-benchmarks : 0.7.0 Selected

Apache-2.0 com.carrotsearch.randomizedtesting : randomizedtesting-runner : 2.0.8 Selected License Threat Component Status Apache-2.0 com.clearspring.analytics : stream : 2.5.2 Selected

Apache-2.0, CC0-1.0 com.codahale.metrics : metrics-core : 3.0.1 Overridden

Apache-2.0 com.codahale.metrics : metrics-ganglia : 3.0.1 Selected

Apache-2.0 com.codahale.metrics : metrics-graphite : 3.0.1 Selected

MIT com.eaio.uuid : uuid : 3.2 Selected

Apache-2.0 com.fasterxml.jackson.core : jackson-annotations : 2.1.4 Selected

Apache-2.0 com.fasterxml.jackson.core : jackson-annotations : 2.2.3 Selected

Apache-2.0 com.fasterxml.jackson.core : jackson-core : 2.4.3 Selected

Apache-2.0 com.fasterxml.jackson.core : jackson-databind : 2.1.4 Selected

Apache-2.0 com.fasterxml.jackson.core : jackson-databind : 2.2.3 Selected

Apache-2.0 com.fasterxml.jackson.dataformat : jackson-dataformat-yaml : 2.1.4 Selected

Apache-2.0 com.fasterxml.jackson.jaxrs : jackson-jaxrs-base : 2.5.4 Selected

Apache-2.0 com.fasterxml.jackson.jaxrs : jackson-jaxrs-json-provider : 2.1.4 Selected

Apache-2.0 com.fasterxml.jackson.module : jackson-module-jaxb-annotations : 2.1.4 Selected

Apache-2.0 com.github.fge : btf : 1.2 Selected

Apache-2.0 com.github.fge : jackson-coreutils : 1.6 Selected

Apache-2.0 com.github.fge : jackson-coreutils : 1.8 Selected

Apache-2.0 com.github.fge : json-patch : 1.9 Selected

Apache-2.0 com.github.fge : json-schema-core : 1.2.5 Selected

Apache-2.0 com.github.fge : json-schema-validator : 2.2.6 Selected

Apache-2.0 com.github.fge : msg-simple : 1.1 Selected

Apache-2.0 com.github.fge : uri-template : 0.9 Selected

Apache-2.0 com.github.jbellis : jamm : 0.3.0 Selected

Apache-2.0 com.github.stephenc.findbugs : findbugs-annotations : 1.3.9-1 Selected

Public Domain com.github.stephenc.high-scale-lib : high-scale-lib : 1.1.4 Selected

Apache-2.0 com.google.code.findbugs : jsr305 : 3.0.0 Selected

Apache-2.0 com.google.code.gson : gson : 2.7 Selected

Apache-2.0, CC0-1.0, com.google.guava : guava : 16.0 Overridden Public Domain Apache-2.0, CC0-1.0, com.google.guava : guava : 16.0.1 Overridden Public Domain BSD-3-Clause com.google.protobuf : protobuf-java : 2.5.0 Selected

Apache-2.0, CC-BY-2.5 com.googlecode.concurrentlinkedhashmap : concurrentlinkedhashmap- Selected lru : 1.0_jdk5

Apache-2.0, CC-BY-2.5 com.googlecode.concurrentlinkedhashmap : concurrentlinkedhashmap- Selected lru : 1.3

Apache-2.0 com.googlecode.json-simple : json-simple : 1.1.1 Selected

Apache-2.0 com.googlecode.libphonenumber : libphonenumber : 6.2 Confirmed License Threat Component Status Apache-2.0 com.jayway.jsonpath : json-path : 2.2.0 Selected

BSD-3-Clause com.jcabi : jcabi-log : 0.14 Selected

BSD-3-Clause com.jcabi : jcabi-manifests : 1.1 Selected

BSD-3-Clause com.jcraft : jsch : 0.1.27 Confirmed

BSD-3-Clause com.jcraft : jsch : 0.1.42 Selected

Apache-2.0 com.lmax : disruptor : 3.0.1 Selected

Apache-2.0 com.netflix.astyanax : astyanax-cassandra : 3.8.0 Selected

Apache-2.0 com.netflix.astyanax : astyanax-core : 3.8.0 Selected

Apache-2.0 com.netflix.astyanax : astyanax-recipes : 3.8.0 Selected

Apache-2.0 com.netflix.astyanax : astyanax-thrift : 3.8.0 Selected

Apache-2.0 com.ning : compress-lzf : 0.8.4 Selected

Apache-2.0 com.opencsv : opencsv : 3.1 Selected

Apache-2.0 com.spatial4j : spatial4j : 0.4.1 Selected

Apache-2.0 com.thinkaurelius.thrift : thrift-server : 0.3.7 Selected

Apache-2.0 com.thinkaurelius.titan : titan-cassandra : 1.0.0 Selected

Apache-2.0 com.thinkaurelius.titan : titan-core : 1.0.0 Selected

Apache-2.0 com.thinkaurelius.titan : titan-hbase : 1.0.0 Confirmed

BSD-3-Clause com.thoughtworks.paranamer : paranamer : 2.3 Selected

Apache-2.0, CC0-1.0 com.yammer.metrics : metrics-core : 2.2.0 Overridden

Apache-2.0 commons-beanutils : commons-beanutils : 1.7.0 Selected

Apache-2.0 commons-beanutils : commons-beanutils : 1.9.2 Selected

Apache-2.0 commons-cli : commons-cli : 1.3 Selected

Apache-2.0 commons-codec : commons-codec : 1.10 Selected

Apache-2.0 commons-codec : commons-codec : 1.7 Selected

Apache-2.0 commons-collections : commons-collections : 3.2.2 Selected

Apache-2.0 commons-configuration : commons-configuration : 1.9 Selected

Apache-2.0 commons-dbcp : commons-dbcp : 1.4 Selected

Apache-2.0 commons-digester : commons-digester : 1.6 Selected

Apache-2.0 commons-fileupload : commons-fileupload : 1.2.1 Confirmed

Apache-2.0 commons-httpclient : commons-httpclient : 3.1 Selected

Apache-2.0 commons-lang : commons-lang : 2.4 Selected

Apache-2.0 commons-lang : commons-lang : 2.6 Selected

Apache-2.0 commons-logging : commons-logging : 1.1.1 Selected

Apache-2.0 commons-net : commons-net : 3.1 Selected

Apache-2.0 commons-pool : commons-pool : 1.5.7 Selected

Apache-2.0 commons-pool : commons-pool : 1.6 Selected License Threat Component Status Apache-2.0 commons-validator : commons-validator : 1.3.1 Confirmed

MIT info.ganglia.gmetric4j : gmetric4j : 1.0.3 Selected

Apache-2.0, BSD-3- io.netty : netty : 3.6.2.Final Selected Clause, MIT Apache-2.0, BSD-3- io.netty : netty-all : 4.0.28.Final Selected Clause, MIT Apache-2.0 javax.inject : javax.inject : 1 Selected

Apache-2.0 javax.validation : validation-api : 1.1.0.Final Selected

Apache-2.0 jivesoftware : smack : 3.0.4 Selected

BSD-2-Clause jline : jline : 1.0 Selected

Apache-2.0 joda-time : joda-time : 2.3 Selected

Apache-2.0 log4j : apache-log4j-extras : 1.2.17 Selected

Apache-2.0 log4j : log4j : 1.2.16 Selected

CC-BY-2.5 net.jcip : jcip-annotations : 1.0 Selected

Apache-2.0 net.jpountz.lz4 : lz4 : 1.2.0 Selected

Apache-2.0 net.minidev : accessors-smart : 1.1 Selected

Apache-2.0 net.minidev : json-smart : 2.2.1 Selected

Apache-2.0 net.oauth.core : oauth : 20100527 Selected

Apache-2.0 net.oauth.core : oauth-provider : 20100527 Selected

MIT net.sf.jopt-simple : jopt-simple : 4.6 Selected

Apache-2.0 net.sf.supercsv : super-csv : 2.1.0 Selected

BSD-3-Clause org.antlr : ST4 : 4.0.8 Selected

BSD-3-Clause org.antlr : antlr : 3.5.2 Selected

BSD-3-Clause org.antlr : antlr-runtime : 3.5.2 Selected

Apache-2.0 org.apache.activemq : activemq-broker : 5.14.4 Selected

Apache-2.0 org.apache.activemq : activemq-client : 5.14.4 Selected

Apache-2.0 org.apache.activemq : activemq-openwire-legacy : 5.14.4 Selected

Apache-2.0 org.apache.ant : ant : 1.7.1 Selected

Apache-2.0 org.apache.ant : ant-launcher : 1.7.1 Selected

Apache-2.0 org.apache.avro : avro : 1.7.4 Selected

Apache-2.0 org.apache.camel : apt : 2.15.5 Selected

Apache-2.0 org.apache.camel : camel-core : 2.15.5 Selected

Apache-2.0 org.apache.camel : camel-cxf : 2.15.5 Confirmed

Apache-2.0 org.apache.camel : camel-cxf-transport : 2.15.5 Confirmed

Apache-2.0 org.apache.camel : camel-groovy : 2.15.5 Confirmed

Apache-2.0 org.apache.camel : camel-http : 2.15.5 Selected

Apache-2.0 org.apache.camel : camel-http4 : 2.15.5 Selected License Threat Component Status Apache-2.0 org.apache.camel : camel-jms : 2.15.5 Selected

Apache-2.0 org.apache.camel : camel-mail : 2.15.5 Selected

Apache-2.0 org.apache.camel : camel-package-maven-plugin : 2.15.5 Confirmed

Apache-2.0 org.apache.camel : camel-quartz : 2.15.5 Confirmed

Apache-2.0 org.apache.camel : camel-restlet : 2.15.5 Selected

Apache-2.0 org.apache.camel : camel-script : 2.15.5 Confirmed

Apache-2.0 org.apache.camel : camel-servlet : 2.15.5 Selected

Apache-2.0, BSD-3- org.apache.camel : camel-smpp : 2.15.5 Selected Clause Apache-2.0 org.apache.camel : camel-spring : 2.15.5 Selected

Apache-2.0 org.apache.camel : camel-twitter : 2.15.5 Confirmed

Apache-2.0 org.apache.camel : camel-velocity : 2.15.5 Selected

Apache-2.0 org.apache.camel : camel-xmpp : 2.15.5 Selected

Apache-2.0 org.apache.camel : spi-annotations : 2.15.5 Selected

Apache-2.0 org.apache.cassandra : cassandra-all : 2.1.9 Selected

Apache-2.0 org.apache.cassandra : cassandra-thrift : 2.1.9 Selected

Apache-2.0 org.apache.commons : commons-compress : 1.10 Selected

Apache-2.0 org.apache.commons : commons-lang3 : 3.3.1 Selected

Apache-2.0, BSD-3- org.apache.commons : commons-math3 : 3.2 Selected Clause Apache-2.0 org.apache.cxf : cxf-rt-bindings-soap : 3.0.6 Selected

Apache-2.0 org.apache.cxf : cxf-rt-bindings-xml : 3.0.6 Selected

Apache-2.0 org.apache.cxf : cxf-rt-databinding-jaxb : 3.0.6 Selected

Apache-2.0 org.apache.cxf : cxf-rt-features-clustering : 3.0.6 Confirmed

Apache-2.0 org.apache.cxf : cxf-rt-frontend-jaxrs : 3.0.6 Selected

Apache-2.0 org.apache.cxf : cxf-rt-frontend-jaxws : 3.0.6 Selected

Apache-2.0 org.apache.cxf : cxf-rt-frontend-simple : 3.0.6 Selected

Apache-2.0 org.apache.cxf : cxf-rt-rs-client : 3.0.6 Selected

Apache-2.0 org.apache.cxf : cxf-rt-rs-security-oauth : 3.0.6 Selected

Apache-2.0 org.apache.cxf : cxf-rt-transports-http : 3.0.6 Selected

Apache-2.0 org.apache.cxf : cxf-rt-ws-addr : 3.0.6 Selected

Apache-2.0 org.apache.cxf : cxf-rt-wsdl : 3.0.6 Confirmed

Apache-2.0 org.apache.directory.api : api-asn1-api : 1.0.0-M20 Selected

Apache-2.0 org.apache.directory.api : api-util : 1.0.0-M20 Selected

Apache-2.0 org.apache.directory.server : apacheds-i18n : 2.0.0-M15 Selected

Apache-2.0 org.apache.directory.server : apacheds-kerberos-codec : 2.0.0-M15 Selected

Apache-2.0 org.apache.geronimo.specs : geronimo-j2ee-management_1.1_spec : Selected 1.0.1 License Threat Component Status Apache-2.0 org.apache.geronimo.specs : geronimo-jms_1.1_spec : 1.1.1 Selected

Apache-2.0 org.apache.geronimo.specs : geronimo-servlet_3.0_spec : 1.0 Confirmed

Apache-2.0 org.apache.hadoop : hadoop-annotations : 2.5.1 Selected

Apache-2.0 org.apache.hadoop : hadoop-auth : 2.5.1 Selected

Apache-2.0, BSD-3- org.apache.hadoop : hadoop-common : 2.5.1 Selected Clause Apache-2.0 org.apache.hadoop : hadoop-mapreduce-client-core : 2.5.1 Selected

Apache-2.0 org.apache.hadoop : hadoop-yarn-api : 2.5.1 Selected

Apache-2.0 org.apache.hadoop : hadoop-yarn-common : 2.5.1 Selected

Apache-2.0 org.apache.hbase : hbase-annotations : 1.0.2 Selected

Apache-2.0 org.apache.hbase : hbase-client : 1.0.2 Selected

Apache-2.0 org.apache.hbase : hbase-common : 1.0.2 Selected

Apache-2.0 org.apache.hbase : hbase-protocol : 1.0.2 Selected

Apache-2.0 org.apache.htrace : htrace-core : 3.1.0-incubating Selected

Apache-2.0 org.apache.httpcomponents : httpclient : 4.3.6 Selected

Apache-2.0 org.apache.httpcomponents : httpclient : 4.5.2 Selected

Apache-2.0 org.apache.httpcomponents : httpclient-cache : 4.5 Selected

Apache-2.0 org.apache.httpcomponents : httpcore : 4.3.1 Selected

Apache-2.0 org.apache.httpcomponents : httpcore : 4.4 Confirmed

Apache-2.0 org.apache.httpcomponents : httpmime : 4.3 Selected

Apache-2.0 org.apache.httpcomponents : httpmime : 4.5.2 Selected

Apache-2.0 org.apache.ivy : ivy : 2.3.0 Selected

Apache-2.0 org.apache.james : apache-mime4j-core : 0.7.2 Selected

Apache-2.0 org.apache.maven : maven-artifact : 2.0.9 Selected

Apache-2.0 org.apache.maven : maven-artifact-manager : 2.0.6 Confirmed

Apache-2.0 org.apache.maven : maven-core : 2.0.6 Selected

Apache-2.0 org.apache.maven : maven-error-diagnostics : 2.0.6 Selected

Apache-2.0 org.apache.maven : maven-model : 2.0.6 Selected

Apache-2.0 org.apache.maven : maven-monitor : 2.0.6 Selected

Apache-2.0 org.apache.maven : maven-plugin-api : 2.0.6 Selected

Apache-2.0 org.apache.maven : maven-plugin-descriptor : 2.0.6 Selected

Apache-2.0 org.apache.maven : maven-plugin-parameter-documenter : 2.0.6 Selected

Apache-2.0 org.apache.maven : maven-plugin-registry : 2.0.6 Confirmed

Apache-2.0 org.apache.maven : maven-profile : 2.0.6 Confirmed

Apache-2.0 org.apache.maven : maven-project : 2.0.6 Confirmed

Apache-2.0 org.apache.maven : maven-repository-metadata : 2.0.6 Selected License Threat Component Status Apache-2.0 org.apache.maven : maven-settings : 2.0.6 Selected

Apache-2.0 org.apache.maven : maven-toolchain : 1.0 Selected

Apache-2.0 org.apache.maven.doxia : doxia-core : 1.0 Confirmed

Apache-2.0 org.apache.maven.doxia : doxia-decoration-model : 1.0 Confirmed

Apache-2.0 org.apache.maven.doxia : doxia-module-apt : 1.0 Confirmed

Apache-2.0 org.apache.maven.doxia : doxia-module-fml : 1.0 Confirmed

Apache-2.0 org.apache.maven.doxia : doxia-module-xdoc : 1.0 Selected

Apache-2.0 org.apache.maven.doxia : doxia-module-xhtml : 1.0 Selected

Apache-2.0 org.apache.maven.doxia : doxia-sink-api : 1.0-alpha-7 Selected

Apache-2.0 org.apache.maven.doxia : doxia-site-renderer : 1.0 Confirmed

Apache-2.0 org.apache.maven.plugins : maven-compiler-plugin : 3.0 Selected

Apache-2.0 org.apache.maven.reporting : maven-reporting-api : 2.0.6 Selected

Apache-2.0 org.apache.maven.reporting : maven-reporting-impl : 2.0.5 Selected

Apache-2.0 org.apache.maven.shared : maven-doxia-tools : 1.0.2 Selected

Apache-2.0 org.apache.maven.shared : maven-shared-incremental : 1.0 Confirmed

Apache-2.0 org.apache.maven.shared : maven-shared-utils : 0.1 Selected

Apache-2.0 org.apache.maven.wagon : wagon-file : 1.0-beta-2 Selected

Apache-2.0 org.apache.maven.wagon : wagon-http-lightweight : 1.0-beta-2 Confirmed

Apache-2.0 org.apache.maven.wagon : wagon-http-shared : 1.0-beta-2 Selected

Apache-2.0 org.apache.maven.wagon : wagon-provider-api : 1.0-beta-2 Selected

Apache-2.0 org.apache.maven.wagon : wagon-ssh : 1.0-beta-2 Selected

Apache-2.0 org.apache.maven.wagon : wagon-ssh-common : 1.0-beta-2 Confirmed

Apache-2.0 org.apache.maven.wagon : wagon-ssh-external : 1.0-beta-2 Selected

Apache-2.0 org.apache.neethi : neethi : 3.0.3 Confirmed

Apache-2.0 org.apache.servicemix.bundles : Selected org.apache.servicemix.bundles.commons-csv : 1.0-r706900_3

Apache-2.0 org.apache.thrift : libthrift : 0.9.2 Selected

Apache-2.0 org.apache.tinkerpop : gremlin-core : 3.0.1-incubating Selected

Apache-2.0 org.apache.tinkerpop : gremlin-driver : 3.0.1-incubating Selected

Apache-2.0 org.apache.tinkerpop : gremlin-groovy : 3.0.1-incubating Selected

Apache-2.0 org.apache.tinkerpop : gremlin-shaded : 3.0.1-incubating Selected

Apache-2.0 org.apache.tinkerpop : tinkergraph-gremlin : 3.0.1-incubating Selected

Apache-2.0 org.apache.velocity : velocity : 1.7 Selected

Apache-2.0 org.apache.ws.xmlschema : xmlschema-core : 2.2.1 Selected

Apache-2.0 org.apache.xbean : xbean-reflect : 3.4 Selected

Apache-2.0 org.apache.xmlbeans : xmlbeans-xmlpublic : 2.6.0 Selected License Threat Component Status Apache-2.0 org.apache.zookeeper : zookeeper : 3.4.6 Selected

Apache-2.0 org.codehaus.groovy : groovy-console : 2.4.1 Selected

Apache-2.0 org.codehaus.groovy : groovy-groovysh : jar : indy : 2.4.1 Selected

Apache-2.0 org.codehaus.groovy : groovy-json : jar : indy : 2.4.1 Selected

Apache-2.0, BSD-3- org.codehaus.groovy : groovy-jsr223 : jar : indy : 2.4.1 Selected Clause Apache-2.0 org.codehaus.groovy : groovy-sql : jar : indy : 2.4.1 Selected

Apache-2.0 org.codehaus.groovy : groovy-swing : 2.4.1 Selected

Apache-2.0 org.codehaus.groovy : groovy-templates : 2.4.1 Selected

Apache-2.0 org.codehaus.groovy : groovy-xml : 2.4.1 Selected

Apache-2.0 org.codehaus.jackson : jackson-core-asl : 1.9.13 Selected

Apache-2.0 org.codehaus.jackson : jackson-jaxrs : 1.9.2 Selected

Apache-2.0 org.codehaus.jackson : jackson-mapper-asl : 1.9.13 Selected

Apache-2.0 org.codehaus.jackson : jackson-xc : 1.9.2 Selected

BSD-3-Clause org.codehaus.janino : commons-compiler : 2.6.1 Confirmed

BSD-3-Clause org.codehaus.janino : commons-compiler : 2.7.8 Confirmed

BSD-3-Clause org.codehaus.janino : janino : 2.6.1 Selected

BSD-3-Clause org.codehaus.janino : janino : 2.7.8 Confirmed

Apache-2.0 org.codehaus.jettison : jettison : 1.1 Selected

Apache-2.0, BSD org.codehaus.plexus : plexus-classworlds : 2.2.2 Overridden

Apache-2.0, MIT org.codehaus.plexus : plexus-compiler-api : 2.2 Selected

Apache-2.0, MIT org.codehaus.plexus : plexus-compiler-javac : 2.0 Selected

Apache-2.0, MIT org.codehaus.plexus : plexus-compiler-manager : 2.0 Selected

Apache-2.0 org.codehaus.plexus : plexus-component-annotations : 1.5.5 Selected

Apache-2.0, MIT org.codehaus.plexus : plexus-container-default : 1.5.4 Selected

MIT org.codehaus.plexus : plexus-interactivity-api : 1.0-alpha-4 Selected

Apache-2.0 org.codehaus.plexus : plexus-velocity : 1.1.7 Selected

BSD-2-Clause org.codehaus.woodstox : stax2-api : 3.1.4 Selected

Apache-2.0 org.codehaus.woodstox : woodstox-core-asl : 4.4.1 Selected

Apache-2.0, MIT org.eclipse.jetty : jetty-util : 9.2.9.v20150224 Selected

Apache-2.0 org.fusesource.hawtbuf : hawtbuf : 1.11 Selected

Apache-2.0 org.grails : grails-bootstrap : 2.3.1 Selected

Apache-2.0 org.grails : grails-docs : 1.3.7 Overridden

Apache-2.0 org.grails : grails-spring : 2.3.1 Selected

BSD-3-Clause org.hamcrest : hamcrest-core : 1.3 Selected

BSD-3-Clause org.hamcrest : java-hamcrest : 2.0.0.0 Selected License Threat Component Status Apache-2.0 org.igniterealtime.smack : smack-core : 4.0.7 Selected

Apache-2.0 org.igniterealtime.smack : smack-extensions : 4.0.7 Confirmed

Apache-2.0 org.igniterealtime.smack : smack-tcp : 4.0.7 Selected

Apache-2.0 org.javassist : javassist : 3.17.1-GA Selected

Apache-2.0 org.javatuples : javatuples : 1.2 Selected

MIT org.jruby.jcodings : jcodings : 1.0.8 Selected

MIT org.jruby.joni : joni : 2.1.2 Selected

Apache-2.0 org.jsmpp : jsmpp : 2.1.1 Selected

ISC org.mindrot : jbcrypt : 0.3m Selected

Apache-2.0, BSD-3- org.mockito : mockito-core : 1.10.19 Selected Clause, MIT Apache-2.0 org.mortbay.jetty : jetty-util : 6.1.26 Selected

Apache-2.0 org.objenesis : objenesis : 2.1 Selected

BSD-3-Clause org.ow2.asm : asm : 5.0.3 Selected

Apache-2.0 org.quartz-scheduler : quartz : 1.8.6 Selected

WTFPL org.reflections : reflections : 0.9.9-RC1 Selected

Apache-2.0 org.restlet.jee : org.restlet : 2.2.1 Overridden

Apache-2.0 org.restlet.jee : org.restlet.ext.httpclient : 2.2.3 Overridden

Apache-2.0 org.restlet.jee : org.restlet.ext.servlet : 2.2.1 Overridden

Apache-2.0 org.restlet.jee : org.restlet.ext.spring : 2.2.1 Overridden

Apache-2.0, MIT org.slf4j : jcl-over-slf4j : 1.7.21 Selected

MIT org.slf4j : jul-to-slf4j : 1.7.21 Selected

Apache-2.0, MIT org.slf4j : log4j-over-slf4j : 1.7.21 Selected

MIT org.slf4j : slf4j-api : 1.7.21 Selected

MIT org.slf4j : slf4j-log4j12 : 1.7.12 Selected

Apache-2.0 org.springframework : spring-aop : 4.2.5.RELEASE Selected

Apache-2.0 org.springframework : spring-aspects : 3.0.5.RELEASE Selected

Apache-2.0 org.springframework : spring-beans : 4.2.5.RELEASE Selected

Apache-2.0 org.springframework : spring-context : 4.2.5.RELEASE Selected

Apache-2.0 org.springframework : spring-context-support : 4.2.5.RELEASE Selected

Apache-2.0, BSD-3- org.springframework : spring-core : 4.2.5.RELEASE Selected Clause Apache-2.0 org.springframework : spring-expression : 4.2.5.RELEASE Selected

Apache-2.0 org.springframework : spring-instrument : 3.0.5.RELEASE Selected

Apache-2.0 org.springframework : spring-jdbc : 4.2.5.RELEASE Selected

Apache-2.0 org.springframework : spring-jms : 4.1.6.RELEASE Selected

Apache-2.0 org.springframework : spring-jmx : 2.0.8 Selected License Threat Component Status Apache-2.0 org.springframework : spring-messaging : 4.1.6.RELEASE Selected

Apache-2.0 org.springframework : spring-orm : 4.2.5.RELEASE Selected

Apache-2.0 org.springframework : spring-oxm : 4.2.5.RELEASE Selected

Apache-2.0 org.springframework : spring-test : 4.2.5.RELEASE Selected

Apache-2.0 org.springframework : spring-tx : 4.2.5.RELEASE Selected

Apache-2.0 org.springframework : spring-web : 4.2.5.RELEASE Selected

Apache-2.0 org.springframework : spring-webmvc : 4.2.5.RELEASE Confirmed

Apache-2.0 org.springframework : spring-webmvc-portlet : 4.2.5.RELEASE Confirmed

Apache-2.0 org.springframework.security : spring-security-config : 4.0.4.RELEASE Confirmed

Apache-2.0, ISC org.springframework.security : spring-security-core : 4.0.4.RELEASE Selected

Apache-2.0 org.springframework.security : spring-security-web : 4.0.4.RELEASE Confirmed

Apache-2.0 org.springframework.security.oauth : spring-security-oauth2 : Selected 1.0.5.RELEASE

Apache-2.0 org.springframework.ws : spring-ws : 1.5.2 Selected

Apache-2.0 org.twitter4j : twitter4j-stream : 4.0.3 Selected

Apache-2.0 org.xerial.snappy : snappy-java : 1.0.5-M3 Selected

Apache-2.0 org.yaml : snakeyaml : 1.15 Selected

Apache-2.0 radeox : radeox : jar : b2 : 1.0 Overridden

Apache-2.0 stax : stax-api : 1.0.1 Selected

Apache-2.0 xml-resolver : xml-resolver : 1.2 Confirmed

BSD-2-Clause xmlenc : xmlenc : 0.52 Selected

Public Domain, XPP-1.2 xpp3 : xpp3_min : 1.1.3.4.O Overridden Components

Component / Declared and Observed License Match State Age / Security Summary Policy Violations aopalliance : aopalliance : 1.0 exact 12 years 0 0 0 0 Public Domain NA asm : asm : 3.3.1 exact 7 years 0 0 0 0 BSD-3-Clause NA backport-util-concurrent : backport-util- exact 10 years 0 0 0 0 concurrent : 3.1 Public Domain NA bsh : bsh : 1.3.0 exact 12 years 0 1 0 0 LGPL-2.1 6 cglib : cglib-nodep : 2.2 exact 9 years 0 0 0 0 Apache-2.0, BSD-3-Clause NA ch.qos.logback : logback-access : 1.1.7 exact 1 year 0 0 1 0 EPL-1.0 7 ch.qos.logback : logback-classic : 1.1.7 exact 1 year 0 0 1 0 EPL-1.0 7 ch.qos.logback : logback-core : 1.1.7 exact 1 year 0 0 1 0 EPL-1.0 NA classworlds : classworlds : 1.1 exact 12 years 0 0 0 0 BSD NA com.addthis.metrics : reporter-config : 2.1.0 exact 4 years 0 0 0 0 Apache-2.0 NA com.att.aft : dme2 : 3.1.200 exact 1 year 0 0 1 0 BSD-4-Clause NA com.att.ajsc : ajsc-core : 2.1.0 exact 8 months 0 0 1 0 BSD-4-Clause NA com.att.ajsc : ajsc-runner : 2.1.0 exact 8 months 0 0 1 0 BSD-4-Clause 8 within 30 Security Issues com.att.ajsc : ajsc-war : war : 2.1.0 exact 8 months 0 0 1 0 BSD-4-Clause 8 within 30 Security Issues com.att.camel : att-camel-dme2-servlet : 2.15.5 exact 1 year 0 0 0 0 Apache-2.0 NA com.att.eelf : eelf-core : 1.0.0 exact 9 months 0 0 1 0 BSD-4-Clause NA com.att.nsa : dmaapClient : 0.2.12 exact 1 year 0 0 1 0 BSD-3-Clause, BSD-4-Clause NA com.att.nsa : saClientLibrary : 0.0.1 exact 1 year 0 0 1 0 BSD-4-Clause NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations com.att.nsa : saToolkit : 0.0.1 exact 1 year 0 0 1 0 Apache-2.0, BSD-4-Clause NA com.bazaarvoice.jolt : jolt-complete : 0.0.24 exact 1 year 0 0 0 0 Apache-2.0 NA com.bazaarvoice.jolt : jolt-core : 0.0.24 exact 1 year 0 0 0 0 Apache-2.0 NA com.bazaarvoice.jolt : json-utils : 0.0.24 exact 1 year 0 0 0 0 Apache-2.0 NA com.beust : jcommander : 1.48 exact 2 years 0 0 0 0 Apache-2.0 NA com.boundary : high-scale-lib : 1.0.6 exact 3 years 0 0 0 0 MIT, Public Domain NA com.carrotsearch : hppc : 0.7.1 exact 2 years 0 0 0 0 Apache-2.0 NA com.carrotsearch : junit-benchmarks : 0.7.0 exact 4 years 0 0 0 0 Apache-2.0 NA com.carrotsearch.randomizedtesting : exact 5 years 0 0 0 0 randomizedtesting-runner : 2.0.8 Apache-2.0 NA com.clearspring.analytics : stream : 2.5.2 exact 3 years 0 0 0 0 Apache-2.0 NA com.codahale.metrics : metrics-core : 3.0.1 exact 4 years 0 0 0 0 Apache-2.0, CC0-1.0 NA com.codahale.metrics : metrics-ganglia : 3.0.1 exact 4 years 0 0 0 0 Apache-2.0 NA com.codahale.metrics : metrics-graphite : 3.0.1 exact 4 years 0 0 0 0 Apache-2.0 NA com.eaio.uuid : uuid : 3.2 exact 6 years 0 0 0 0 MIT NA com.fasterxml.jackson.core : jackson- exact 4 years 0 0 0 0 annotations : 2.1.4 Apache-2.0 NA com.fasterxml.jackson.core : jackson- exact 4 years 0 0 0 0 annotations : 2.2.3 Apache-2.0 NA com.fasterxml.jackson.core : jackson-core : exact 3 years 0 0 0 0 2.4.3 Apache-2.0 7 within 2 Security Issues com.fasterxml.jackson.core : jackson- exact 4 years 0 0 0 0 databind : 2.1.4 Apache-2.0 8 com.fasterxml.jackson.core : jackson- exact 4 years 0 0 0 0 databind : 2.2.3 Apache-2.0 8 Component / Declared and Observed License Match State Age / Security Summary Policy Violations com.fasterxml.jackson.dataformat : jackson- exact 4 years 0 0 0 0 dataformat-yaml : 2.1.4 Apache-2.0 NA com.fasterxml.jackson.jaxrs : jackson-jaxrs- exact 2 years 0 0 0 0 base : 2.5.4 Apache-2.0 NA com.fasterxml.jackson.jaxrs : jackson-jaxrs- exact 4 years 0 0 0 0 json-provider : 2.1.4 Apache-2.0 NA com.fasterxml.jackson.module : jackson- exact 4 years 0 0 0 0 module-jaxb-annotations : 2.1.4 Apache-2.0 NA com.github.fge : btf : 1.2 exact 3 years 0 0 0 0 Apache-2.0 NA com.github.fge : jackson-coreutils : 1.6 exact 3 years 0 0 0 0 Apache-2.0 NA com.github.fge : jackson-coreutils : 1.8 exact 3 years 0 0 0 0 Apache-2.0 NA com.github.fge : json-patch : 1.9 exact 3 years 0 0 0 0 Apache-2.0 NA com.github.fge : json-schema-core : 1.2.5 exact 3 years 0 0 0 0 Apache-2.0 NA com.github.fge : json-schema-validator : 2.2.6 exact 3 years 0 0 0 0

Apache-2.0 NA com.github.fge : msg-simple : 1.1 exact 3 years 0 0 0 0 Apache-2.0 NA com.github.fge : uri-template : 0.9 exact 3 years 0 0 0 0 Apache-2.0 NA com.github.jbellis : jamm : 0.3.0 exact 3 years 0 0 0 0 Apache-2.0 NA com.github.stephenc.findbugs : findbugs- exact 6 years 0 0 0 0 annotations : 1.3.9-1 Apache-2.0 NA com.github.stephenc.high-scale-lib : high- exact 6 years 0 0 0 0 scale-lib : 1.1.4 Public Domain NA com.google.code.findbugs : jsr305 : 3.0.0 exact 3 years 0 0 0 0 Apache-2.0 NA com.google.code.gson : gson : 2.7 exact 1 year 0 0 0 0 Apache-2.0 NA com.google.guava : guava : 16.0 exact 3 years 0 0 0 0 Apache-2.0, CC0-1.0, Public Domain NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations com.google.guava : guava : 16.0.1 exact 3 years 0 0 0 0 Apache-2.0, CC0-1.0, Public Domain NA com.google.protobuf : protobuf-java : 2.5.0 exact 4 years 0 0 0 0 BSD-3-Clause NA com.googlecode.concurrentlinkedhashmap : exact 7 years 0 0 0 0 concurrentlinkedhashmap-lru : 1.0_jdk5 Apache-2.0, CC-BY-2.5 NA com.googlecode.concurrentlinkedhashmap : exact 5 years 0 0 0 0 concurrentlinkedhashmap-lru : 1.3 Apache-2.0, CC-BY-2.5 NA com.googlecode.java-diff-utils : diffutils : 1.3.0 exact 4 years 1 0 1 0

Apache-1.1, Apache-2.0, GPL-3.0 NA com.googlecode.json-simple : json-simple : exact 5 years 0 0 0 0 1.1.1 Apache-2.0 NA com.googlecode.libphonenumber : exact 3 years 0 0 0 0 libphonenumber : 6.2 Apache-2.0 5 com.jayway.jsonpath : json-path : 2.2.0 exact 1 year 0 0 0 0 Apache-2.0 NA com.jcabi : jcabi-log : 0.14 exact 3 years 0 0 0 0 BSD-3-Clause NA com.jcabi : jcabi-manifests : 1.1 exact 3 years 0 0 0 0 BSD-3-Clause NA com.jcraft : jsch : 0.1.27 exact 11 years 0 0 0 0 BSD-3-Clause 4 com.jcraft : jsch : 0.1.42 exact 8 years 0 0 0 0 BSD-3-Clause 4 com.lmax : disruptor : 3.0.1 exact 4 years 0 0 0 0 Apache-2.0 NA com.netflix.astyanax : astyanax-cassandra : exact 2 years 0 0 0 0 3.8.0 Apache-2.0 NA com.netflix.astyanax : astyanax-core : 3.8.0 exact 2 years 0 0 0 0 Apache-2.0 NA com.netflix.astyanax : astyanax-recipes : 3.8.0 exact 2 years 0 0 0 0

Apache-2.0 NA com.netflix.astyanax : astyanax-thrift : 3.8.0 exact 2 years 0 0 0 0 Apache-2.0 NA com.ning : compress-lzf : 0.8.4 exact 6 years 0 0 0 0 Apache-2.0 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations com.opencsv : opencsv : 3.1 exact 3 years 0 0 0 0 Apache-2.0 NA com.rabbitmq : amqp-client : 3.6.1 exact 1 year 0 0 1 0 Apache-2.0, MPL-1.1, Public Domain NA com.spatial4j : spatial4j : 0.4.1 exact 3 years 0 0 0 0 Apache-2.0 NA com.sun.jersey : jersey-client : 1.18 exact 4 years 0 0 1 0 CDDL-1.1 NA com.sun.jersey : jersey-core : 1.18 exact 4 years 0 0 1 0 Apache-2.0, CDDL-1.0, CDDL-1.1 NA com.sun.jersey : jersey-json : 1.18 exact 4 years 0 0 1 0 CDDL-1.1 NA com.sun.xml.bind : jaxb-core : 2.2.11 exact 3 years 0 0 1 0 CDDL-1.1 NA com.sun.xml.bind : jaxb-impl : 2.2.11 exact 3 years 0 0 1 0 CDDL-1.1 NA com.sun.xml.bind : jaxb-xjc : 2.2.11 exact 3 years 0 0 1 0 Apache-2.0, BSD-3-Clause, CDDL-1.1, MIT NA com.thinkaurelius.thrift : thrift-server : 0.3.7 exact 3 years 0 0 0 0 Apache-2.0 NA com.thinkaurelius.titan : titan-cassandra : 1.0.0 exact 2 years 0 0 0 0 Apache-2.0 NA com.thinkaurelius.titan : titan-core : 1.0.0 exact 2 years 0 0 0 0 Apache-2.0 NA com.thinkaurelius.titan : titan-hbase : 1.0.0 exact 2 years 0 0 0 0 Apache-2.0 NA com.thoughtworks.paranamer : paranamer : 2.3 exact 7 years 0 0 0 0 BSD-3-Clause NA com.yammer.metrics : metrics-core : 2.2.0 exact 5 years 0 0 0 0 Apache-2.0, CC0-1.0 NA commons-beanutils : commons-beanutils : 1.7.0 exact 12 years 0 0 0 0 Apache-2.0 7 commons-beanutils : commons-beanutils : 1.9.2 exact 3 years 0 0 0 0 Apache-2.0 7 commons-cli : commons-cli : 1.0 exact 12 years 0 0 1 0 Apache-1.1 NA commons-cli : commons-cli : 1.3 exact 2 years 0 0 0 0 Apache-2.0 NA commons-codec : commons-codec : 1.10 exact 3 years 0 0 0 0 Apache-2.0 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations commons-codec : commons-codec : 1.7 exact 5 years 0 0 0 0 Apache-2.0 NA commons-collections : commons-collections : exact 2 years 0 0 0 0 3.2.2 Apache-2.0 NA commons-configuration : commons- exact 5 years 0 0 0 0 configuration : 1.9 Apache-2.0 NA commons-dbcp : commons-dbcp : 1.4 exact 8 years 0 0 0 0 Apache-2.0 NA commons-digester : commons-digester : 1.6 exact 12 years 0 0 0 0 Apache-2.0 NA commons-el : commons-el : 1.0 exact 12 years 0 0 1 0 Apache-1.1, Apache-2.0 NA commons-fileupload : commons-fileupload : exact 10 years 0 0 0 0 1.2.1 Apache-2.0 7 within 5 Security Issues commons-httpclient : commons-httpclient : 3.1 exact 10 years 0 0 0 0 Apache-2.0 7 within 3 Security Issues commons-lang : commons-lang : 2.4 exact 9 years 0 0 0 0 Apache-2.0 NA commons-lang : commons-lang : 2.6 exact 7 years 0 0 0 0 Apache-2.0 NA commons-logging : commons-logging : 1.1.1 exact 10 years 0 0 0 0 Apache-2.0 NA commons-net : commons-net : 3.1 exact 5 years 0 0 0 0 Apache-2.0 NA commons-pool : commons-pool : 1.5.7 exact 6 years 0 0 0 0 Apache-2.0 NA commons-pool : commons-pool : 1.6 exact 6 years 0 0 0 0 Apache-2.0 NA commons-validator : commons-validator : 1.3.1 exact 11 years 0 0 0 0 Apache-2.0 NA dom4j : dom4j : 1.6.1 exact 12 years 0 1 1 0 Apache-1.1, Sun-IP NA info.ganglia.gmetric4j : gmetric4j : 1.0.3 exact 4 years 0 0 0 0 MIT NA io.netty : netty : 3.6.2.Final exact 5 years 0 0 0 0 Apache-2.0, BSD-3-Clause, MIT 5 io.netty : netty-all : 4.0.28.Final exact 2 years 0 0 0 0 Apache-2.0, BSD-3-Clause, MIT 7 Component / Declared and Observed License Match State Age / Security Summary Policy Violations it.unimi.dsi : fastutil : 6.5.7 exact 4 years 0 1 0 0 Apache-2.0, HPND, LGPL-2.1 NA javax.activation : activation : 1.1 exact 11 years 0 0 1 0 CDDL-1.0 NA javax.annotation : javax.annotation-api : 1.2 exact 4 years 0 0 1 0 CDDL-1.1 NA javax.inject : javax.inject : 1 exact 8 years 0 0 0 0 Apache-2.0 NA javax.mail : mail : 1.4.7 exact 4 years 0 0 1 0 CDDL-1.1 NA javax.mail : mailapi : 1.4.3 exact 7 years 0 0 1 0 CDDL-1.0 NA javax.persistence : persistence-api : 1.0 exact 11 years 0 0 1 0 CDDL-1.0 NA javax.servlet : javax.servlet-api : 3.1.0 exact 4 years 0 0 1 0 Apache-2.0, CDDL-1.0, CDDL-1.1 NA javax.validation : validation-api : 1.1.0.Final exact 4 years 0 0 0 0 Apache-2.0 NA javax.ws.rs : javax.ws.rs-api : 2.0.1 exact 3 years 0 0 1 0 Apache-2.0, CDDL-1.1 NA javax.xml.bind : jaxb-api : 2.2.11 exact 4 years 0 0 1 0 CDDL-1.1 NA jivesoftware : smack : 3.0.4 exact 9 years 0 0 0 0 Apache-2.0 5 within 2 Security Issues jline : jline : 1.0 exact 6 years 0 0 0 0 BSD-2-Clause NA joda-time : joda-time : 2.3 exact 4 years 0 0 0 0 Apache-2.0 NA jtidy : jtidy : 4aug2000r7-dev exact 12 years 0 1 0 0 Public Domain, W3C, Zlib NA junit : junit : 4.11 exact 5 years 0 0 1 0 CPL-1.0 NA log4j : apache-log4j-extras : 1.2.17 exact 4 years 0 0 0 0 Apache-2.0 NA log4j : log4j : 1.2.16 exact 7 years 0 0 0 0 Apache-2.0 NA net.java.dev.jna : jna : 4.0.0 exact 4 years 0 1 0 0 Apache-2.0, LGPL-2.1 NA net.jcip : jcip-annotations : 1.0 exact 9 years 0 0 0 0 CC-BY-2.5 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations net.jpountz.lz4 : lz4 : 1.2.0 exact 4 years 0 0 0 0 Apache-2.0 NA net.minidev : accessors-smart : 1.1 exact 2 years 0 0 0 0 Apache-2.0 NA net.minidev : json-smart : 2.2.1 exact 2 years 0 0 0 0 Apache-2.0 NA net.oauth.core : oauth : 20100527 exact 6 years 0 0 0 0 Apache-2.0 NA net.oauth.core : oauth-provider : 20100527 exact 5 years 0 0 0 0 Apache-2.0 NA net.sf.jopt-simple : jopt-simple : 4.6 exact 4 years 0 0 0 0 MIT NA net.sf.supercsv : super-csv : 2.1.0 exact 4 years 0 0 0 0 Apache-2.0 NA opensymphony : sitemesh : 2.4 exact 8 years 0 0 1 0 Apache-1.1 NA org.acplt : oncrpc : 1.0.7 exact 6 years 0 1 0 0 LGPL-3.0 NA org.antlr : ST4 : 4.0.8 exact 3 years 0 0 0 0 BSD-3-Clause NA org.antlr : antlr : 3.5.2 exact 3 years 0 0 0 0 BSD-3-Clause NA org.antlr : antlr-runtime : 3.5.2 exact 3 years 0 0 0 0 BSD-3-Clause NA org.apache.activemq : activemq-broker : 5.14.4 exact 10 months 0 0 0 0 Apache-2.0 7 org.apache.activemq : activemq-client : 5.14.4 exact 10 months 0 0 0 0 Apache-2.0 2 org.apache.activemq : activemq-openwire- exact 10 months 0 0 0 0 legacy : 5.14.4 Apache-2.0 NA org.apache.ant : ant : 1.7.1 exact 9 years 0 0 0 0 Apache-2.0 5 org.apache.ant : ant-launcher : 1.7.1 exact 9 years 0 0 0 0 Apache-2.0 NA org.apache.avro : avro : 1.7.4 exact 4 years 0 0 0 0 Apache-2.0 NA org.apache.camel : apt : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations org.apache.camel : camel-core : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 5 org.apache.camel : camel-cxf : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.camel : camel-cxf-transport : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.camel : camel-groovy : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.camel : camel-http : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.camel : camel-http4 : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.camel : camel-jms : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.camel : camel-mail : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.camel : camel-package-maven- exact 2 years 0 0 0 0 plugin : 2.15.5 Apache-2.0 NA org.apache.camel : camel-quartz : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.camel : camel-restlet : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.camel : camel-script : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.camel : camel-servlet : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.camel : camel-smpp : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0, BSD-3-Clause NA org.apache.camel : camel-spring : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.camel : camel-twitter : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.camel : camel-velocity : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.camel : camel-xmpp : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.camel : spi-annotations : 2.15.5 exact 2 years 0 0 0 0 Apache-2.0 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations org.apache.cassandra : cassandra-all : 2.1.9 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.cassandra : cassandra-thrift : 2.1.9 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.commons : commons-compress : exact 2 years 0 0 0 0 1.10 Apache-2.0 NA org.apache.commons : commons-lang3 : 3.3.1 exact 3 years 0 0 0 0

Apache-2.0 NA org.apache.commons : commons-math3 : 3.2 exact 4 years 0 0 0 0 Apache-2.0, BSD-3-Clause NA org.apache.cxf : cxf-core : 3.0.6 exact 2 years 0 1 0 0 Apache-2.0, W3C, WS-Addressing-200403, WS-Addressing-200408 4 org.apache.cxf : cxf-rt-bindings-soap : 3.0.6 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.cxf : cxf-rt-bindings-xml : 3.0.6 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.cxf : cxf-rt-databinding-jaxb : 3.0.6 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.cxf : cxf-rt-features-clustering : 3.0.6 exact 2 years 0 0 0 0

Apache-2.0 NA org.apache.cxf : cxf-rt-frontend-jaxrs : 3.0.6 exact 2 years 0 0 0 0 Apache-2.0 4 org.apache.cxf : cxf-rt-frontend-jaxws : 3.0.6 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.cxf : cxf-rt-frontend-simple : 3.0.6 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.cxf : cxf-rt-rs-client : 3.0.6 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.cxf : cxf-rt-rs-security-oauth : 3.0.6 exact 2 years 0 0 0 0

Apache-2.0 NA org.apache.cxf : cxf-rt-transports-http : 3.0.6 exact 2 years 0 0 0 0 Apache-2.0 4 org.apache.cxf : cxf-rt-ws-addr : 3.0.6 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.cxf : cxf-rt-ws-policy : 3.0.6 exact 2 years 0 1 0 0 Apache-2.0, OASIS, W3C, WS-Addressing-200408 NA org.apache.cxf : cxf-rt-wsdl : 3.0.6 exact 2 years 0 0 0 0 Apache-2.0 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations org.apache.directory.api : api-asn1-api : 1.0.0- exact 4 years 0 0 0 0 M20 Apache-2.0 NA org.apache.directory.api : api-util : 1.0.0-M20 exact 4 years 0 0 0 0 Apache-2.0 NA org.apache.directory.server : apacheds-i18n : exact 4 years 0 0 0 0 2.0.0-M15 Apache-2.0 NA org.apache.directory.server : apacheds- exact 4 years 0 0 0 0 kerberos-codec : 2.0.0-M15 Apache-2.0 NA org.apache.geronimo.specs : geronimo-j2ee- exact 10 years 0 0 0 0 management_1.1_spec : 1.0.1 Apache-2.0 NA org.apache.geronimo.specs : geronimo- exact 10 years 0 0 0 0 jms_1.1_spec : 1.1.1 Apache-2.0 NA org.apache.geronimo.specs : geronimo- exact 7 years 0 0 0 0 servlet_3.0_spec : 1.0 Apache-2.0 NA org.apache.hadoop : hadoop-annotations : 2.5.1 exact 3 years 0 0 0 0

Apache-2.0 NA org.apache.hadoop : hadoop-auth : 2.5.1 exact 3 years 0 0 0 0 Apache-2.0 NA org.apache.hadoop : hadoop-common : 2.5.1 exact 3 years 0 0 0 0 Apache-2.0, BSD-3-Clause 6 within 3 Security Issues org.apache.hadoop : hadoop-mapreduce-client- exact 3 years 0 0 0 0 core : 2.5.1 Apache-2.0 6 org.apache.hadoop : hadoop-yarn-api : 2.5.1 exact 3 years 0 0 0 0 Apache-2.0 NA org.apache.hadoop : hadoop-yarn-common : exact 3 years 0 0 0 0 2.5.1 Apache-2.0 5 org.apache.hbase : hbase-annotations : 1.0.2 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.hbase : hbase-client : 1.0.2 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.hbase : hbase-common : 1.0.2 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.hbase : hbase-protocol : 1.0.2 exact 2 years 0 0 0 0 Apache-2.0 NA org.apache.htrace : htrace-core : 3.1.0- exact 2 years 0 0 0 0 incubating Apache-2.0 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations org.apache.httpcomponents : httpclient : 4.3.6 exact 3 years 0 0 0 0 Apache-2.0 7 org.apache.httpcomponents : httpclient : 4.5.2 exact 1 year 0 0 0 0 Apache-2.0 7 org.apache.httpcomponents : httpclient-cache : exact 2 years 0 0 0 0 4.5 Apache-2.0 NA org.apache.httpcomponents : httpcore : 4.3.1 exact 4 years 0 0 0 0 Apache-2.0 NA org.apache.httpcomponents : httpcore : 4.4 exact 3 years 0 0 0 0 Apache-2.0 NA org.apache.httpcomponents : httpmime : 4.3 exact 4 years 0 0 0 0 Apache-2.0 NA org.apache.httpcomponents : httpmime : 4.5.2 exact 1 year 0 0 0 0 Apache-2.0 NA org.apache.ivy : ivy : 2.3.0 exact 5 years 0 0 0 0 Apache-2.0 NA org.apache.james : apache-mime4j-core : 0.7.2 exact 6 years 0 0 0 0 Apache-2.0 NA org.apache.maven : maven-artifact : 2.0.9 exact 9 years 0 0 0 0 Apache-2.0 NA org.apache.maven : maven-artifact-manager : exact 10 years 0 0 0 0 2.0.6 Apache-2.0 NA org.apache.maven : maven-core : 2.0.6 exact 10 years 0 0 0 0 Apache-2.0 NA org.apache.maven : maven-error-diagnostics : exact 10 years 0 0 0 0 2.0.6 Apache-2.0 NA org.apache.maven : maven-model : 2.0.6 exact 10 years 0 0 0 0 Apache-2.0 NA org.apache.maven : maven-monitor : 2.0.6 exact 10 years 0 0 0 0 Apache-2.0 NA org.apache.maven : maven-plugin-api : 2.0.6 exact 10 years 0 0 0 0 Apache-2.0 NA org.apache.maven : maven-plugin-descriptor : exact 10 years 0 0 0 0 2.0.6 Apache-2.0 NA org.apache.maven : maven-plugin-parameter- exact 10 years 0 0 0 0 documenter : 2.0.6 Apache-2.0 NA org.apache.maven : maven-plugin-registry : exact 10 years 0 0 0 0 2.0.6 Apache-2.0 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations org.apache.maven : maven-profile : 2.0.6 exact 10 years 0 0 0 0 Apache-2.0 NA org.apache.maven : maven-project : 2.0.6 exact 10 years 0 0 0 0 Apache-2.0 NA org.apache.maven : maven-repository- exact 10 years 0 0 0 0 metadata : 2.0.6 Apache-2.0 NA org.apache.maven : maven-settings : 2.0.6 exact 10 years 0 0 0 0 Apache-2.0 NA org.apache.maven : maven-toolchain : 1.0 exact 9 years 0 0 0 0 Apache-2.0 NA org.apache.maven.doxia : doxia-core : 1.0 exact 8 years 0 0 0 0 Apache-2.0 NA org.apache.maven.doxia : doxia-decoration- exact 8 years 0 0 0 0 model : 1.0 Apache-2.0 NA org.apache.maven.doxia : doxia-module-apt : exact 8 years 0 0 0 0 1.0 Apache-2.0 NA org.apache.maven.doxia : doxia-module-fml : exact 8 years 0 0 0 0 1.0 Apache-2.0 NA org.apache.maven.doxia : doxia-module-xdoc : exact 8 years 0 0 0 0 1.0 Apache-2.0 NA org.apache.maven.doxia : doxia-module- exact 8 years 0 0 0 0 xhtml : 1.0 Apache-2.0 NA org.apache.maven.doxia : doxia-sink-api : 1.0- exact 11 years 0 0 0 0 alpha-7 Apache-2.0 NA org.apache.maven.doxia : doxia-site-renderer : exact 8 years 0 0 0 0 1.0 Apache-2.0 NA org.apache.maven.plugins : maven-compiler- exact 5 years 0 0 0 0 plugin : 3.0 Apache-2.0 NA org.apache.maven.reporting : maven-reporting- exact 10 years 0 0 0 0 api : 2.0.6 Apache-2.0 NA org.apache.maven.reporting : maven-reporting- exact 7 years 0 0 0 0 impl : 2.0.5 Apache-2.0 NA org.apache.maven.shared : maven-doxia- exact 8 years 0 0 0 0 tools : 1.0.2 Apache-2.0 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations org.apache.maven.shared : maven-shared- exact 5 years 0 0 0 0 incremental : 1.0 Apache-2.0 NA org.apache.maven.shared : maven-shared- exact 5 years 0 0 0 0 utils : 0.1 Apache-2.0 NA org.apache.maven.wagon : wagon-file : 1.0- exact 11 years 0 0 0 0 beta-2 Apache-2.0 NA org.apache.maven.wagon : wagon-http- exact 11 years 0 0 0 0 lightweight : 1.0-beta-2 Apache-2.0 NA org.apache.maven.wagon : wagon-http- exact 11 years 0 0 0 0 shared : 1.0-beta-2 Apache-2.0 NA org.apache.maven.wagon : wagon-provider- exact 11 years 0 0 0 0 api : 1.0-beta-2 Apache-2.0 NA org.apache.maven.wagon : wagon-ssh : 1.0- exact 11 years 0 0 0 0 beta-2 Apache-2.0 NA org.apache.maven.wagon : wagon-ssh- exact 11 years 0 0 0 0 common : 1.0-beta-2 Apache-2.0 NA org.apache.maven.wagon : wagon-ssh- exact 11 years 0 0 0 0 external : 1.0-beta-2 Apache-2.0 NA org.apache.neethi : neethi : 3.0.3 exact 3 years 0 0 0 0 Apache-2.0 NA org.apache.servicemix.bundles : exact 7 years 0 0 0 0 org.apache.servicemix.bundles.commons-csv : 1.0-r706900_3 Apache-2.0 NA org.apache.thrift : libthrift : 0.9.2 exact 3 years 0 0 0 0 Apache-2.0 NA org.apache.tinkerpop : gremlin-core : 3.0.1- exact 2 years 0 0 0 0 incubating Apache-2.0 NA org.apache.tinkerpop : gremlin-driver : 3.0.1- exact 2 years 0 0 0 0 incubating Apache-2.0 NA org.apache.tinkerpop : gremlin-groovy : 3.0.1- exact 2 years 0 0 0 0 incubating Apache-2.0 NA org.apache.tinkerpop : gremlin-shaded : 3.0.1- exact 2 years 0 0 0 0 incubating Apache-2.0 NA org.apache.tinkerpop : tinkergraph-gremlin : exact 2 years 0 0 0 0 3.0.1-incubating Apache-2.0 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations org.apache.velocity : velocity : 1.7 exact 7 years 0 0 0 0 Apache-2.0 NA org.apache.ws.xmlschema : xmlschema-core : exact 2 years 0 0 0 0 2.2.1 Apache-2.0 NA org.apache.xbean : xbean-reflect : 3.4 exact 9 years 0 0 0 0 Apache-2.0 NA org.apache.xmlbeans : xmlbeans-xmlpublic : exact 5 years 0 0 0 0 2.6.0 Apache-2.0 NA org.apache.zookeeper : zookeeper : 3.4.6 exact 3 years 0 0 0 0 Apache-2.0 5 org.aspectj : aspectjrt : 1.6.8 exact 8 years 0 0 1 0 EPL-1.0 NA org.codehaus.groovy : groovy : 2.4.1 exact 2 years 0 0 1 0 Apache-2.0, CPL-1.0, Public Domain 7 org.codehaus.groovy : groovy : jar : indy : 2.4.1 exact 2 years 0 0 1 0

Apache-2.0, CPL-1.0, Public Domain 7 org.codehaus.groovy : groovy-all : 2.4.3 exact 2 years 0 0 1 0 Apache-2.0, BSD-3-Clause, CPL-1.0, Public Domain 7 org.codehaus.groovy : groovy-console : 2.4.1 exact 2 years 0 0 0 0 Apache-2.0 NA org.codehaus.groovy : groovy-eclipse- exact 4 years 0 0 1 0 compiler : 2.8.0-01 Apache-2.0, EPL-1.0 NA org.codehaus.groovy : groovy-groovysh : jar : exact 2 years 0 0 0 0 indy : 2.4.1 Apache-2.0 NA org.codehaus.groovy : groovy-json : jar : indy : exact 2 years 0 0 0 0 2.4.1 Apache-2.0 NA org.codehaus.groovy : groovy-jsr223 : jar : exact 2 years 0 0 0 0 indy : 2.4.1 Apache-2.0, BSD-3-Clause NA org.codehaus.groovy : groovy-sql : jar : indy : exact 2 years 0 0 0 0 2.4.1 Apache-2.0 NA org.codehaus.groovy : groovy-swing : 2.4.1 exact 2 years 0 0 0 0 Apache-2.0 NA org.codehaus.groovy : groovy-templates : 2.4.1 exact 2 years 0 0 0 0

Apache-2.0 NA org.codehaus.groovy : groovy-xml : 2.4.1 exact 2 years 0 0 0 0 Apache-2.0 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations org.codehaus.jackson : jackson-core-asl : exact 4 years 0 0 0 0 1.9.13 Apache-2.0 NA org.codehaus.jackson : jackson-jaxrs : 1.9.2 exact 6 years 0 0 0 0 Apache-2.0 NA org.codehaus.jackson : jackson-mapper-asl : exact 4 years 0 0 0 0 1.9.13 Apache-2.0 8 org.codehaus.jackson : jackson-xc : 1.9.2 exact 6 years 0 0 0 0 Apache-2.0 NA org.codehaus.janino : commons-compiler : exact 6 years 0 0 0 0 2.6.1 BSD-3-Clause NA org.codehaus.janino : commons-compiler : exact 2 years 0 0 0 0 2.7.8 BSD-3-Clause NA org.codehaus.janino : janino : 2.6.1 exact 6 years 0 0 0 0 BSD-3-Clause NA org.codehaus.janino : janino : 2.7.8 exact 2 years 0 0 0 0 BSD-3-Clause NA org.codehaus.jettison : jettison : 1.1 exact 8 years 0 0 0 0 Apache-2.0 NA org.codehaus.plexus : plexus-classworlds : exact 8 years 0 0 0 0 2.2.2 Apache-2.0, BSD NA org.codehaus.plexus : plexus-compiler-api : 2.2 exact 4 years 0 0 0 0 Apache-2.0, MIT NA org.codehaus.plexus : plexus-compiler-javac : exact 5 years 0 0 0 0 2.0 Apache-2.0, MIT NA org.codehaus.plexus : plexus-compiler- exact 5 years 0 0 0 0 manager : 2.0 Apache-2.0, MIT NA org.codehaus.plexus : plexus-component- exact 7 years 0 0 0 0 annotations : 1.5.5 Apache-2.0 NA org.codehaus.plexus : plexus-container- exact 8 years 0 0 0 0 default : 1.5.4 Apache-2.0, MIT NA org.codehaus.plexus : plexus-i18n : 1.0-beta-7 exact 10 years 0 0 0 0 Not Declared; No Source License NA org.codehaus.plexus : plexus-interactivity-api : exact 12 years 0 0 0 0 1.0-alpha-4 MIT NA org.codehaus.plexus : plexus-utils : 3.0.8 exact 5 years 0 0 1 0 Apache-1.1, Apache-2.0, BSD-2-Clause, BSD-3-Clause, Public 7 Domain, XPP-1.1.1, XPP-1.2 Component / Declared and Observed License Match State Age / Security Summary Policy Violations org.codehaus.plexus : plexus-velocity : 1.1.7 exact 10 years 0 0 0 0 Apache-2.0 NA org.codehaus.woodstox : stax2-api : 3.1.4 exact 3 years 0 0 0 0 BSD-2-Clause NA org.codehaus.woodstox : woodstox-core-asl : exact 3 years 0 0 0 0 4.4.1 Apache-2.0 NA org.eclipse.jetty : jetty-util : 9.2.9.v20150224 exact 2 years 0 0 0 0 Apache-2.0, MIT 5 org.eclipse.jetty.orbit : javax.servlet : exact 6 years 0 0 1 0 3.0.0.v201112011016 Apache-2.0, CDDL-1.1, EPL-1.0 NA org.eclipse.persistence : commonj.sdo : 2.1.1 exact 4 years 0 0 1 0 BSD-3-Clause, EPL-1.0 NA org.eclipse.persistence : eclipselink : 2.6.2 exact 2 years 0 0 1 0 BSD-3-Clause, EPL-1.0 NA org.eclipse.persistence : javax.persistence : exact 2 years 0 0 1 0 2.1.1 BSD-3-Clause, EPL-1.0 NA org.eclipse.persistence : exact 2 years 0 0 1 0 org.eclipse.persistence.asm : 2.6.2 BSD-3-Clause, EPL-1.0 NA org.eclipse.persistence : exact 2 years 0 0 1 0 org.eclipse.persistence.core : 2.6.2 BSD-3-Clause, EPL-1.0 NA org.eclipse.persistence : exact 2 years 0 0 1 0 org.eclipse.persistence.moxy : 2.6.2 BSD-3-Clause, EPL-1.0 NA org.freemarker : freemarker : 2.3.14 exact 9 years 0 1 2 0 Apache-1.1, CDDL-1.1, Sun-Restricted 7 within 2 Security Issues org.fusesource.hawtbuf : hawtbuf : 1.11 exact 3 years 0 0 0 0 Apache-2.0 NA org.glassfish : javax.json : 1.0 exact 4 years 0 0 1 0 CDDL-1.1 NA org.glassfish.hk2 : hk2-api : 2.4.0-b31 exact 2 years 0 0 1 0 CDDL-1.1 NA org.glassfish.hk2 : hk2-locator : 2.4.0-b31 exact 2 years 0 0 1 0 CDDL-1.1 NA org.glassfish.hk2 : hk2-utils : 2.4.0-b31 exact 2 years 0 0 1 0 CDDL-1.1 NA org.glassfish.hk2 : osgi-resource-locator : 1.0.1 exact 7 years 0 0 1 0 CDDL-1.1 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations org.glassfish.hk2.external : aopalliance- exact 2 years 0 0 1 0 repackaged : 2.4.0-b31 CDDL-1.1 NA org.glassfish.hk2.external : javax.inject : 2.4.0- exact 2 years 0 0 1 0 b31 Apache-2.0, CDDL-1.1 NA org.glassfish.jersey.bundles.repackaged : exact 2 years 0 0 1 0 jersey-guava : 2.22.1 Apache-2.0, CC0-1.0, CDDL-1.1, Public Domain NA org.glassfish.jersey.core : jersey-client : 2.22.1 exact 2 years 0 0 1 0 CDDL-1.1 NA org.glassfish.jersey.core : jersey-common : exact 2 years 0 0 1 0 2.22.1 CDDL-1.1 NA org.glassfish.jersey.ext : jersey-entity-filtering : exact 2 years 0 0 1 0 2.22.1 CDDL-1.1 NA org.glassfish.jersey.media : jersey-media-json- exact 2 years 0 0 1 0 jackson : 2.22.1 CDDL-1.1 NA org.grails : grails-bootstrap : 2.3.1 exact 4 years 0 0 0 0 Apache-2.0 NA org.grails : grails-core : 1.3.7 exact 6 years 0 0 1 0 Apache-2.0, CDDL-1.1 NA org.grails : grails-docs : 1.3.7 exact 6 years 0 0 0 0 Apache-2.0 NA org.grails : grails-spring : 2.3.1 exact 4 years 0 0 0 0 Apache-2.0 NA org.grails : grails-web : 1.3.7 exact 6 years 0 1 1 0 Apache-2.0, CDDL-1.1, JSON, Sun-IP 5 org.hamcrest : hamcrest-core : 1.3 exact 5 years 0 0 0 0 BSD-3-Clause NA org.hamcrest : hamcrest-junit : 2.0.0.0 exact 2 years 0 0 1 0 EPL-1.0 NA org.hamcrest : java-hamcrest : 2.0.0.0 exact 2 years 0 0 0 0 BSD-3-Clause NA org.hibernate : hibernate-validator : 4.3.0.Final exact 5 years 0 1 0 0 Apache-2.0, LGPL-2.1, Public Domain 6 within 2 Security Issues org.igniterealtime.smack : smack-core : 4.0.7 exact 2 years 0 0 0 0 Apache-2.0 NA org.igniterealtime.smack : smack-extensions : exact 2 years 0 0 0 0 4.0.7 Apache-2.0 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations org.igniterealtime.smack : smack-tcp : 4.0.7 exact 2 years 0 0 0 0 Apache-2.0 2 org.javassist : javassist : 3.17.1-GA exact 5 years 0 0 0 0 Apache-2.0 NA org.javatuples : javatuples : 1.2 exact 6 years 0 0 0 0 Apache-2.0 NA org.jboss.logging : jboss-logging : 3.1.0.CR2 exact 6 years 0 1 0 0 LGPL-2.1 NA org.jruby.jcodings : jcodings : 1.0.8 exact 5 years 0 0 0 0 MIT NA org.jruby.joni : joni : 2.1.2 exact 3 years 0 0 0 0 MIT NA org.jsmpp : jsmpp : 2.1.1 exact 3 years 0 0 0 0 Apache-2.0 NA org.json : json : 20090211 exact 8 years 0 1 0 0 JSON NA org.mindrot : jbcrypt : 0.3m exact 7 years 0 0 0 0 ISC 5 org.mockito : mockito-core : 1.10.19 exact 3 years 0 0 0 0 Apache-2.0, BSD-3-Clause, MIT NA org.mortbay.jetty : jetty-util : 6.1.26 exact 7 years 0 0 0 0 Apache-2.0 NA org.mozilla : rhino : 1.7R4 exact 5 years 0 0 1 0 BSD-3-Clause, MPL-2.0 NA org.objenesis : objenesis : 2.1 exact 4 years 0 0 0 0 Apache-2.0 NA org.ow2.asm : asm : 5.0.3 exact 3 years 0 0 0 0 BSD-3-Clause NA org.quartz-scheduler : quartz : 1.8.6 exact 6 years 0 0 0 0 Apache-2.0 NA org.reflections : reflections : 0.9.9-RC1 exact 4 years 0 0 0 0 WTFPL NA org.restlet.jee : org.restlet : 2.2.1 exact 3 years 0 0 0 0 Apache-2.0 NA org.restlet.jee : org.restlet.ext.httpclient : 2.2.3 exact 3 years 0 0 0 0 Apache-2.0 NA org.restlet.jee : org.restlet.ext.servlet : 2.2.1 exact 3 years 0 0 0 0 Apache-2.0 NA org.restlet.jee : org.restlet.ext.spring : 2.2.1 exact 3 years 0 0 0 0 Apache-2.0 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations org.slf4j : jcl-over-slf4j : 1.7.21 exact 1 year 0 0 0 0 Apache-2.0, MIT NA org.slf4j : jul-to-slf4j : 1.7.21 exact 1 year 0 0 0 0 MIT NA org.slf4j : log4j-over-slf4j : 1.7.21 exact 1 year 0 0 0 0 Apache-2.0, MIT NA org.slf4j : slf4j-api : 1.7.21 exact 1 year 0 0 0 0 MIT NA org.slf4j : slf4j-log4j12 : 1.7.12 exact 2 years 0 0 0 0 MIT NA org.springframework : spring-aop : exact 1 year 0 0 0 0 4.2.5.RELEASE Apache-2.0 NA org.springframework : spring-aspects : exact 7 years 0 0 0 0 3.0.5.RELEASE Apache-2.0 NA org.springframework : spring-beans : exact 1 year 0 0 0 0 4.2.5.RELEASE Apache-2.0 NA org.springframework : spring-context : exact 1 year 0 0 0 0 4.2.5.RELEASE Apache-2.0 NA org.springframework : spring-context-support : exact 1 year 0 0 0 0 4.2.5.RELEASE Apache-2.0 NA org.springframework : spring-core : exact 1 year 0 0 0 0 4.2.5.RELEASE Apache-2.0, BSD-3-Clause NA org.springframework : spring-expression : exact 1 year 0 0 0 0 4.2.5.RELEASE Apache-2.0 NA org.springframework : spring-instrument : exact 7 years 0 0 0 0 3.0.5.RELEASE Apache-2.0 NA org.springframework : spring-jdbc : exact 1 year 0 0 0 0 4.2.5.RELEASE Apache-2.0 NA org.springframework : spring-jms : exact 2 years 0 0 0 0 4.1.6.RELEASE Apache-2.0 NA org.springframework : spring-jmx : 2.0.8 exact 10 years 0 0 0 0 Apache-2.0 NA org.springframework : spring-messaging : exact 2 years 0 0 0 0 4.1.6.RELEASE Apache-2.0 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations org.springframework : spring-orm : exact 1 year 0 0 0 0 4.2.5.RELEASE Apache-2.0 NA org.springframework : spring-oxm : exact 1 year 0 0 0 0 4.2.5.RELEASE Apache-2.0 NA org.springframework : spring-test : exact 1 year 0 0 0 0 4.2.5.RELEASE Apache-2.0 NA org.springframework : spring-tx : exact 1 year 0 0 0 0 4.2.5.RELEASE Apache-2.0 NA org.springframework : spring-web : exact 1 year 0 0 0 0 4.2.5.RELEASE Apache-2.0 NA org.springframework : spring-webmvc : exact 1 year 0 0 0 0 4.2.5.RELEASE Apache-2.0 5 org.springframework : spring-webmvc-portlet : exact 1 year 0 0 0 0 4.2.5.RELEASE Apache-2.0 NA org.springframework.security : spring-security- exact 1 year 0 0 0 0 config : 4.0.4.RELEASE Apache-2.0 5 org.springframework.security : spring-security- exact 1 year 0 0 0 0 core : 4.0.4.RELEASE Apache-2.0, ISC NA org.springframework.security : spring-security- exact 1 year 0 0 0 0 web : 4.0.4.RELEASE Apache-2.0 5 org.springframework.security.oauth : spring- exact 4 years 0 0 0 0 security-oauth2 : 1.0.5.RELEASE Apache-2.0 6 org.springframework.ws : spring-ws : 1.5.2 exact 9 years 0 0 0 0 Apache-2.0 NA org.twitter4j : twitter4j-core : 4.0.3 exact 2 years 0 1 0 0 Apache-2.0, JSON NA org.twitter4j : twitter4j-stream : 4.0.3 exact 2 years 0 0 0 0 Apache-2.0 NA org.xerial.snappy : snappy-java : 1.0.5-M3 exact 5 years 0 0 0 0 Apache-2.0 NA org.xhtmlrenderer : core-renderer : R8 exact 7 years 0 1 0 0 LGPL-2.1 NA org.yaml : snakeyaml : 1.15 exact 2 years 0 0 0 0 Apache-2.0 NA oro : oro : 2.0.8 exact 12 years 0 0 1 0 Apache-1.1 NA Component / Declared and Observed License Match State Age / Security Summary Policy Violations radeox : radeox : jar : b2 : 1.0 exact 12 years 0 0 0 0 Apache-2.0 NA stax : stax-api : 1.0.1 exact 11 years 0 0 0 0 Apache-2.0 NA wsdl4j : wsdl4j : 1.6.3 exact 4 years 0 0 1 0 CPL-1.0 NA xml-apis : xml-apis : 1.0.b2 exact 12 years 0 2 0 0 Apache-2.0, Public Domain, Sun-IP, W3C NA xml-resolver : xml-resolver : 1.2 exact 11 years 0 0 0 0 Apache-2.0 NA xmlenc : xmlenc : 0.52 exact 11 years 0 0 0 0 BSD-2-Clause NA xpp3 : xpp3 : 1.1.4c exact 10 years 0 0 1 0 Apache-1.1, Public Domain, XPP-1.1.1, XPP-1.2 NA xpp3 : xpp3_min : 1.1.3.4.O exact 12 years 0 0 0 0 Public Domain, XPP-1.2 NA aai-annotations-1.1.1-SNAPSHOT.jar unknown NA 0 0 0 0 aai-core-1.1.1-SNAPSHOT.jar unknown NA 0 0 0 0 aai-resources-runtimeEnvironment.zip unknown NA 0 0 0 0 aai-resources.jar unknown NA 0 0 0 0 aai-schema-1.1.1-20171212.002320-3.jar, aai- unknown NA 0 0 0 0 schema-1.1.1-SNAPSHOT.jar ajsc-aai_v1.zip unknown NA 0 0 0 0 ajsc-aai_v1_props.zip unknown NA 0 0 0 0