Tools / Deepfence ThreatMapper / Dependencies

Dependency Analysis

Deepfence ThreatMapper

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV

60% Freshness

3546 Dependencies

1200 Outdated

0 Stale

25.9 Avg Behind

Dependency List

Latest release v2.5.8

All 3545 Outdated 1434 Has CVE 105 GPL 7

Dependency	Type	Current	Latest	Behind	CVE	License
node-forge npm	Transitive	1.3.1	1.4.0	3 behind	7 high	BSD-3-Clause OR GPL-2.0 OR (BSD-3-Clause AND GPL-2.0)
chardet pypi	Direct	4.0.0	—	—	—	LGPL-2.1-or-later
github.com/github/go-spdx/v2 golang	Transitive	v2.3.5	—	—	—	Apache-2.0 AND GPL-2.0-only AND GPL-2.0-only WITH Bison-exception-2.2 AND GPL-2.0-or-later AND MIT
github.com/spdx/tools-golang golang	Direct	v0.5.5	—	—	—	(Apache-2.0 OR GPL-2.0-or-later) AND CC-BY-4.0
github.com/weaveworks/common golang	Transitive	v0.0.0-20200310113808-2708ba4e60a4	—	—	—	Apache-2.0 AND LGPL-2.0-or-later AND LGPL-3.0-only
github.com/weaveworks/common golang	Direct	v0.0.0-20230728070032-dd9e68f319d5	—	—	—	Apache-2.0 AND LGPL-2.0-or-later AND LGPL-3.0-only
psycopg2 pypi	Direct	2.9.3	—	—	—	GPL-3.0-or-later

License Breakdown

MIT 2471

Apache-2.0 324

Unknown 161

BSD-3-Clause 144

ISC 124

BSD-3-Clause AND LicenseRef-scancode-google-patent-license-golang 72

BSD-2-Clause 68

MPL-2.0 23

Apache-2.0 AND BSD-3-Clause 22

CC0-1.0 AND MIT 13

Apache-2.0 AND BSD-3-Clause AND MIT 11

Apache-2.0 AND MIT 10

BSD-2-Clause AND BSD-3-Clause 8

BSD-3-Clause AND MIT 7

BlueOak-1.0.0 7

CC0-1.0 5

Unlicense 5

0BSD 4

Apache-2.0 AND LicenseRef-scancode-unknown-license-reference 4

CC-BY-4.0 4

LicenseRef-scancode-public-domain AND Unlicense 4

Apache-2.0 AND BSD-2-Clause 3

Apache-2.0 AND CC-BY-SA-4.0 3

ISC AND MIT 3

Apache-2.0 AND Apache-2.0 WITH LLVM-exception AND LicenseRef-scancode-generic-cla AND LicenseRef-scancode-unknown-license-reference AND MIT 2

Apache-2.0 AND CC-BY-4.0 2

Apache-2.0 AND LGPL-2.0-or-later AND LGPL-3.0-only 2

Apache-2.0 AND LicenseRef-scancode-dco-1.1 AND MIT 2

BSD-2-Clause AND BSD-2-Clause-Views 2

CC-BY-4.0 AND MIT 2

Python-2.0 2

(Apache-2.0 OR GPL-2.0-or-later) AND CC-BY-4.0 1

0BSD AND ISC AND MIT 1

0BSD AND LicenseRef-scancode-public-domain 1

Apache-2.0 AND BSD-2-Clause AND BlueOak-1.0.0 AND CC0-1.0 AND ISC AND MIT 1

Apache-2.0 AND BSD-3-Clause AND ISC AND MIT 1

Apache-2.0 AND CC-BY-4.0 AND EPL-2.0 1

Apache-2.0 AND CC-BY-4.0 AND MIT 1

Apache-2.0 AND GPL-2.0-only AND GPL-2.0-only WITH Bison-exception-2.2 AND GPL-2.0-or-later AND MIT 1

Apache-2.0 AND LicenseRef-scancode-dco-1.1 1

Apache-2.0 OR BSD-2-Clause OR MIT OR (Apache-2.0 AND BSD-2-Clause) OR (Apache-2.0 AND MIT) OR (BSD-2-Clause AND MIT) 1

BSD-2-Clause AND Unlicense 1

BSD-3-Clause AND CC-BY-4.0 1

BSD-3-Clause AND LicenseRef-scancode-public-domain AND LicenseRef-scancode-unknown-license-reference 1

BSD-3-Clause AND MPL-2.0 1

BSD-3-Clause OR GPL-2.0 OR (BSD-3-Clause AND GPL-2.0) 1

BSD-3-Clause-Modification 1

CC-BY-3.0 AND MIT 1

CC0-1.0 OR MIT OR (CC0-1.0 AND MIT) 1

FTL AND MIT 1

GPL-3.0-or-later 1

LGPL-2.1-or-later 1

LicenseRef-scancode-dco-1.1 AND LicenseRef-scancode-generic-cla AND MIT 1

LicenseRef-scancode-free-unknown AND MIT 1

LicenseRef-scancode-warranty-disclaimer AND MIT 1

MIT AND Python-2.0 1

MIT AND WTFPL 1

MIT OR (CC0-1.0 AND MIT) 1

MIT OR WTFPL OR (MIT AND WTFPL) 1

MIT-0 1

PSF-2.0 1

Zlib 1

CVE Severity

critical 7

high 50

medium 38

low 5

unknown 5