...
| Repository | Group | Impact Analysis | Action |
|---|---|---|---|
| policy/common | com.fasterxml.jackson.core | False Positive - we are not using the Jackson code in the manner that exposes the vulnerability. | Request exception or false positive |
policy/common | javax.jms | This is a license issue that is brought in due to inclusion of DMaap client. | Request exception |
| policy/common | org.json | This is a license issue that is brought in due to inclusion of Cambria client. | Request exception |
| policy/common | org.checkerframework | This is a license issue that is brought in from google.guava | Request Integration team to upgrade guava |
| policy/drools-applications | com.fasterxml.jackson.core | False Positive - flagged due to inclusion of policy/common | Request exception |
policy/drools-applications | javax.jms | This is a license issue that is brought in due to inclusion of DMaap client. | Request exception |
| policy/drools-applications | org.json | This is a license issue that is brought in due to inclusion of Cambria client. | Request exception |
| policy/drools-applications | com.att.research.xacml | False positive - MIT license should be acceptable | Request exception |
| policy/drools-applications | org.checkerframework | This is a license issue that is brought in from google.guava | Request Integration team to upgrade guava |
| policy/drools-applications | xml-apis | False positive - Apache 2.0 license should be acceptable | Request LF to select correct license |
| policy/drools-pdp | com.fasterxml.jackson.core | False Positive - flagged due to inclusion of policy/common | Request exception |
policy/drools-pdp | javax.jms | This is a license issue that is brought in due to inclusion of DMaap client. | Request exception |
| policy/drools-pdp | org.json | This is a license issue that is brought in due to inclusion of Cambria client. | Request exception |
| policy/engine | com.sword-group.bizdock.lib | Flagged due to inclusion of ONAP Portal SDK | |
| policy/engine | org.apache.tomcat | The declared and effective license are Apache 2.0, the CLM is incorrectly reporting a problem. | False Positive |
| policy/engine | com.fasterxml.jackson.core | False positive The code is not using jackson in the manner described in the vulnerability. There are too many lines to list here. | Request exception |
| policy/engine | org.springframework | Flagged due to inclusion of ONAP Portal SDK | Request exception |
| policy/engine | angular.js angular.min.js | Flagged due to inclusion of ONAP Portal SDK | Request exception |
| policy/engine | moment moment | Flagged due to inclusion of ONAP Portal SDK | Request exception |
| policy/engine | commons-beanutils | Flagged due to inclusion of ONAP Portal SDK | Request exception |
| policy/distribution | com.fasterxml.jackson.core | 2 separate issues: 1) Flagged due to inclusion of ONAP SDC SDK 2) Flagged due to inclusion of policy/common | Request exception |
policy/distribution | javax.jms | This is a license issue that is brought in due to inclusion of DMaap client. | Request exception |
| policy/distribution | org.json | This is a license issue that is brought in due to inclusion of Cambria client. | Request exception |
| policy/distribution | org.checkerframework | This is a license issue that is brought in from google.guava | Request Integration team to upgrade guava |
Sample of CLM Report