...
| Repository | Group | Impact Analysis | Action | ||||
|---|---|---|---|---|---|---|---|
| policy/common | com.fasterxml.jackson.core | False Positive - we are not using the Jackson code in the manner that exposes the vulnerability. | Request exception | ||||
policy/common | javax.jms | This is a license issue that is brought in due to inclusion of DMaap client. | Request exception | ||||
| policy/common | org.json | This is a license issue that is brought in due to inclusion of Cambria client. | Request exception | ||||
| policy/common | org.checkerframework | This is a license issue that is brought in from google.guava There is an MIT license associated with it. | Request Integration team to upgrade guava or LF to override | ||||
| policy/common | log4j | There is no license for this. This is used extensively for logging and would a large effort to remove its use. | Request exception | ||||
| policy/common | junit | There is no license for this. This is used for satisfying the 50% JUnit test coverage. | Request exception | ||||
policy/drools-applications policy/drools-pdp policy/distribution | com.fasterxml.jackson.core | False Positive - flagged due to inclusion inheritance of policy/common | Request exception | ||||
policy/drools-applications policy/drools-pdp policy/distribution | javax.jms | This is a license issue that is brought in due to inclusion inheritance of DMaap client. | Request exception | ||||
policy/drools-applications policy/drools-pdp policy/distribution | org.json | This is a license issue that is brought in due to inclusion inheritance of Cambria client. | Request exception | ||||
policy/drools-applications | com.att.research.xacml | False positive - MIT license should be acceptable | Request exception or LF to override policy/drools-pdp policy/ drools-applicationsdistribution | org.checkerframework | This is a license issue that is brought in from google.guava | Request Integration team to upgrade guava | |
| policy/drools-applicationsxml-apis | com.att.research.xacml | False positive - Apache 2.0 MIT license should be acceptable | Request LF to select correct license | ||||
| policy/drools-pdpapplications | xml-apiscom.fasterxml.jackson.core | False Positive - flagged due to inclusion of policy/common | Request exception | ||||
policy/drools-pdp | javax.jms | This is a license issue that is brought in due to inclusion of DMaap client. | Request exception | ||||
| positive - Apache 2.0 license should be acceptable | Request LF to select correct license | policy/drools-pdp | org.json | This is a license issue that is brought in due to inclusion of Cambria client. | Request exception | ||
| policy/drools-pdp | dom4j | This is a security/license issue due to Drools v6.5.0.Final Upgrading to 7.x version would not clear this issue and would result in multiple other license exceptions that are not clearable. | Request exception | ||||
| policy/drools-pdp | jsoup | This is a security issue due to Drools v6.5.0.Final Upgrading to 7.x version would not clear this issue and would result in multiple other new license exceptions that are not clearable. | Request exception | ||||
| policy/drools-pdp | ant | This is a security issue due to Drools v6.5.0.Final Upgrading to 7.x version would clear this issue, but would result in multiple other new license exceptions that are not clearable. | Request exception | policy/drools-pdp | org.checkerframework | This is a license issue that is brought in from google.guava | Request Integration team to upgrade guava |
| policy/drools-pdp | jboss.jta | This is a license issue - LGPL. JBoss has a newer set of transaction code which has the same license issue so upgrading is not possible. This feature is unused in ONAP and is disabled. | Request exception | ||||
| policy/drools-pdp | hibernate-core | This is a license issue - LGPL This feature is unused in ONAP and is disabled. | Request exception | ||||
| policy/drools-pdp | hibernate-commons-annotations | This is a license issue - LGPL This feature is unused in ONAP and is disabled. | Request exception | ||||
| policy/drools-pdp | mariadb | False positive - BSD3 license | Request LF to select correct license. NOTE: LF requested ONAP projects to move to mariadb in Amsterdam release. | ||||
| policy/drools-pdp | log4j | Inherited from policy/common | Request exception | ||||
| policy/drools-pdp | junit | Inherited from policy/common | Request exception | ||||
| policy/engine | com.sword-group.bizdock.lib | Flagged due to inclusion of ONAP Portal SDK | Request exception | ||||
| policy/engine | org.apache.tomcat | The declared and effective license are Apache 2.0, the CLM is incorrectly reporting a problem. | Request LF to select correct license. | ||||
| policy/engine | com.fasterxml.jackson.core | False positive The code is not using jackson in the manner described in the vulnerability. There are too many lines to list here. | Request exception | ||||
| policy/engine | org.springframework | Flagged due to inclusion of ONAP Portal SDK | Request exception | ||||
| policy/engine | angular.js angular.min.js | Flagged due to inclusion of ONAP Portal SDK | Request exception | ||||
| policy/engine | moment moment | Flagged due to inclusion of ONAP Portal SDK | Request exception | ||||
| policy/engine | commons-beanutils | Flagged due to inclusion of ONAP Portal SDK | Request exception | ||||
| policy/distribution | com.fasterxml.jackson.core | 2 separate issues: 1) Flagged due to inclusion of ONAP SDC SDK 2) Flagged due to inclusion of policy/common | Request exception | ||||
| policy/distribution | org.springframework | Flagged due to inclusion of ONAP Portal SDK | Request exception | ||||
policy/distribution | javax.jms | This is a license issue that is brought in due to inclusion of DMaap client. | Request exception | ||||
| policy/distribution | org.json | This is a license issue that is brought in due to inclusion of Cambria client. | Request exception | ||||
| org.springframework | Flagged due to inheritance from policy/engine which has dependency on ONAP Portal SDK | Request exception | policy/distribution | org.checkerframework | This is a license issue that is brought in from google.guava | Request Integration team to upgrade guava||
| policy/distribution | org.dspace.xmlui.xml | This is a license issue that is a false positive - it is Apache 2.0 | Request LF to select correct license. |
...