Dependency Analysis
Checkov
Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.
80%
Freshness
315
Dependencies
41
Outdated
0
Stale
2.9
Avg Behind
Dependency List
Latest release 3.2.526
| Dependency | Type | Current | Latest | Behind | CVE | License |
|---|---|---|---|---|---|---|
|
django
pypi
|
Direct | 1.2 | — | — | 44 critical | BSD-2-Clause AND BSD-3-Clause |
|
golang.org/x/crypto
golang
|
Direct | 0.0.0-20200622213623-75b288015ac9 | — | — | 10 critical | BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang |
|
google.golang.org/grpc
golang
|
Direct | 1.22.0 | — | — | 3 critical | Apache-2.0 |
|
lodash
npm
|
Direct | 3.1.0 | — | — | 5 critical | MIT |
|
log4net
nuget
|
Direct | 2.0.9 | — | — | 2 critical | Apache-2.0 |
|
urllib3
pypi
|
Direct | 1.26.20 | 2.7.0 | 9 behind | 4 high | MIT |
|
gitpython
pypi
|
Direct | 3.1.46 | 3.1.50 | 4 behind | 4 high | BSD-3-Clause |
|
orjson
pypi
|
Direct | 3.11.5 | 3.11.9 | 4 behind | 1 high | Apache-2.0 AND MIT |
|
flask
pypi
|
Direct | 0.6 | — | — | 4 high | BSD-2-Clause AND BSD-3-Clause |
|
fresh
npm
|
Transitive | 0.1.0 | — | — | 1 high | MIT |
|
github.com/dgrijalva/jwt-go
golang
|
Direct | 3.2.0+incompatible | — | — | 1 high | MIT |
|
github.com/prometheus/client_golang
golang
|
Direct | 1.0.0 | — | — | 1 high | Apache-2.0 |
|
github.com/sirupsen/logrus
golang
|
Direct | 1.4.2 | — | — | 1 high | MIT |
|
github.com/tidwall/gjson
golang
|
Direct | 1.7.4 | — | — | 1 high | MIT |
|
golang.org/x/net
golang
|
Direct | 0.0.0-20210415231046-e915ea6b2b7d | — | — | 16 high | Unknown |
|
golang.org/x/oauth2
golang
|
Direct | 0.0.0-20190604053449-0f29369cfe45 | — | — | 1 high | BSD-3-Clause |
|
mime
npm
|
Transitive | 1.2.6 | — | — | 1 high | MIT |
|
qs
npm
|
Transitive | 0.5.1 | — | — | 5 high | MIT |
|
pytest
pypi
|
Direct | 7.4.4 | 9.0.3 | 24 behind | 1 medium | MIT |
|
filelock
pypi
|
Direct | 3.19.1 | 3.29.1 | 20 behind | 2 medium | Unlicense |
|
requests
pypi
|
Direct | 2.26.0 | 2.34.2 | 20 behind | 3 medium | Apache-2.0 |
|
requests
pypi
|
Direct | 2.32.5 | 2.34.2 | 6 behind | 1 medium | Apache-2.0 |
|
connect
npm
|
Transitive | 2.6.0 | — | — | 3 medium | MIT |
|
DSInternals.Common
nuget
|
Direct | 4.7.0 | — | — | 1 medium | MIT |
|
express
npm
|
Direct | 3.0.0 | — | — | 4 medium | MIT |
|
golang.org/x/sys
golang
|
Direct | 0.0.0-20210415045647-66c3f260301c | — | — | 1 medium | Unknown |
|
gopkg.in/square/go-jose.v2
golang
|
Direct | 2.3.1 | — | — | 1 medium | Apache-2.0 |
|
jQuery
nuget
|
Direct | 3.0.0 | — | — | 2 medium | MIT |
|
k8s.io/apimachinery
golang
|
Direct | 0.18.6 | — | — | 1 medium | Apache-2.0 |
|
send
npm
|
Transitive | 0.1.0 | — | — | 3 medium | MIT |
|
TinyMCE
nuget
|
Direct | 6.3.0 | — | — | 8 medium | LicenseRef-scancode-unknown |
|
cookie
npm
|
Transitive | 0.0.4 | — | — | 1 low | MIT |
|
EnumStringValues
nuget
|
Direct | 4.0.0 | — | — | 1 low | MIT |
License Breakdown
MIT
105
Unknown
92
Apache-2.0
50
BSD-3-Clause
16
BSD-2-Clause AND BSD-3-Clause
11
Apache-2.0 AND MIT
5
BSD-2-Clause
5
BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang
3
MPL-2.0
3
BSD-2-Clause AND MIT AND Python-2.0 AND Python-2.0.1
2
BSD-3-Clause AND MIT
2
MIT AND MPL-2.0
2
MIT AND Python-2.0
2
Unlicense
2
0BSD AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND PSF-2.0 AND Python-2.0
1
Apache-2.0 AND BSD-2-Clause
1
Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference
1
Apache-2.0 AND GPL-1.0-or-later AND LicenseRef-scancode-other-copyleft AND PSF-2.0 AND Python-2.0
1
Apache-2.0 AND MIT AND MPL-2.0
1
BSD-2-Clause AND BSD-3-Clause AND GPL-1.0-or-later
1
BSD-2-Clause-FreeBSD AND BSD-2-Clause-Views
1
BSD-2-Clause-Views
1
CNRI-Python AND Apache-2.0
1
LicenseRef-scancode-unknown
1
MIT AND HPND-Markus-Kuhn
1
MIT-0
1
PSF-2.0
1
PSF-2.0 AND Python-2.0
1
Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD
1
CVE Severity
critical
5
high
13
medium
13
low
2
unknown
0