...
Repository | Group | Impact Analysis | Action |
---|---|---|---|
policy/common | com.fasterxml.jackson.core | False Positive - we are not using the Jackson code in the manner that exposes the vulnerability. | Request exception |
policy/common | javax.jms | This is a license issue that is brought in due to inclusion of DMaap client. | Request exception |
policy/common | org.json | This is a license issue that is brought in due to inclusion of Cambria client. | Request exception |
policy/common | org.checkerframework | This is a license issue that is brought in from google.guava There is an MIT license associated with it. | Request Integration team to upgrade guava or LF to override |
policy/common | log4j | There is no license for this. This is used extensively for logging and would a large effort to remove its use. | Request exception |
policy/common | junit | There is no license for this. This is used for satisfying the 50% JUnit test coverage. | Request exception |
policy/drools-applications policy/drools-pdp policy/distribution policy/engine | com.fasterxml.jackson.core | False Positive - flagged due to inheritance of policy/common | Request exception |
policy/drools-applications policy/drools-pdp policy/distribution | javax.jms | This is a license issue that is brought in due to inheritance of DMaap client. | Request exception |
policy/drools-applications policy/drools-pdp policy/distribution | org.json | This is a license issue that is brought in due to inheritance of Cambria client. | Request exception |
policy/drools-applications policy/drools-pdp policy/distribution | org.checkerframework | This is a license issue that is brought in from google.guava | Request Integration team to upgrade guava |
policy/drools-applications | com.att.research.xacml | False positive - MIT license should be acceptable | Request LF to select correct license |
policy/drools-applications | xml-apis | False positive - Apache 2.0 license should be acceptable | Request LF to select correct license |
policy/drools-pdp | com.fasterxml.jackson.core | False Positive - we are not using the Jackson code in the manner that exposes the vulnerability. | Request exception |
policy/drools-pdp | dom4j | This is both a security /and a license issue due to Drools v6.5.0.Final including and using this dependency. Upgrading to 7.x version would not clear this issue and would result in multiple other license exceptions that are not clearable. | Request exception |
policy/drools-pdp | jsoup | This is a security issue due to Drools v6.5.0.Final including this dependency. Upgrading to 7.x version would not clear this issue and would result in multiple other new license exceptions that are not clearable. | Request exception |
policy/drools-pdp | ant | This is a security issue due to Drools v6.5.0.Final including this dependency. Upgrading to 7.x version would clear this issue, but would then consequently result in multiple other new license exceptions that are not clearable. | Request exception |
policy/drools-pdp | jboss.jta | This is a license issue - LGPL. JBoss has a newer set of transaction code which has the same license issue so upgrading is not possible. This feature is unused in ONAP and is disabled. | Request exception |
policy/drools-pdp | hibernate-core | This is a license issue - LGPL This feature is unused in ONAP and is disabled. | Request exception |
policy/drools-pdp | hibernate-commons-annotations | This is a license issue - LGPL This feature is unused in ONAP and is disabled. | Request exception |
policy/drools-pdp | mariadb | False positive - BSD3 license | Request LF to select correct license. NOTE: LF requested ONAP projects to move to mariadb in Amsterdam release. |
policy/drools-pdp | log4j | Inherited Unknown License issue inherited from policy/common | Request exception |
policy/drools-pdp | junit | Inherited Unknown License issue inherited from policy/common | Request exception |
policy/engine | com.fasterxml.jackson.core | False positive The code is not using jackson in the manner described in the vulnerability. | Request exception |
policy/engine | org.springframework | Flagged due to inclusion of ONAP Portal SDK | Request exception |
policy/engine | bouncycastle | Flagged due to inclusion of ONAP Portal SDK | Request exception |
policy/engine | angularjs angular angular.min.js | Flagged due to inclusion of ONAP Portal SDK | Request exception |
policy/engine | moment moment | Flagged due to inclusion of ONAP Portal SDK | Request exception |
policy/engine | xerces | Flagged due to inclusion of ONAP Portal SDK | Request exception |
policy/engine | commons-beanutils | Flagged due to inclusion of ONAP Portal SDK | Request exception |
policy/engine | esapi | Flagged due to inclusion of ONAP Portal SDK | Request exception |
policy/engine | antisamy | Flagged due to inclusion of ONAP Portal SDK | Request exception |
policy/engine | org.apache.wicket | Flagged due to inclusion of ONAP Portal SDK | Request exception |
policy/engine | jquery | Flagged due to inclusion of ONAP Portal SDK | Request exception |
policy/engine | javax.mail | ||
policy/engine | dom4j | ||
policy/engine | jcraft | ||
policy/distribution | org.springframework | Flagged due to inheritance from policy/engine which has dependency on ONAP Portal SDK | Request exception |
policy/distribution | org.dspace.xmlui.xml | This is a license issue that is a false positive - it is Apache 2.0 | Request LF to select correct license. |
...