Dependency Analysis
GoCD
Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.
80%
Freshness
1314
Dependencies
210
Outdated
0
Stale
5.4
Avg Behind
Dependency List
Latest release 25.4.0
| Dependency | Type | Current | Latest | Behind | CVE | License |
|---|---|---|---|---|---|---|
|
com.h2database:h2
maven
|
Direct | 1.4.200 | — | — | 4 critical | EPL-1.0 OR MPL-2.0 |
|
org.springframework.security:spring-security-core
maven
|
Transitive | 4.2.20.RELEASE | — | — | 3 critical | Apache-2.0 |
|
org.springframework.security:spring-security-web
maven
|
Direct | 4.2.20.RELEASE | — | — | 4 critical | Apache-2.0 |
|
org.springframework:spring-beans
maven
|
Transitive | 4.3.30.RELEASE | — | — | 2 critical | Apache-2.0 AND BSD-3-Clause AND EPL-1.0 AND LicenseRef-scancode-other-copyleft |
|
org.springframework:spring-web
maven
|
Direct | 4.3.30.RELEASE | — | — | 6 critical | Unknown |
|
org.springframework:spring-webmvc
maven
|
Direct | 4.3.30.RELEASE | — | — | 4 critical | Unknown |
|
@babel/plugin-transform-modules-systemjs
npm
|
Transitive | 7.29.0 | 7.29.7 | 8 behind | 1 high | MIT |
|
fast-uri
npm
|
Transitive | 3.1.0 | 3.1.2 | 2 behind | 2 high | BSD-3-Clause |
|
nokogiri
gem
|
Direct | 1.18.10 | — | — | 3 high | MIT |
|
org.eclipse.jetty:jetty-http
maven
|
Transitive | 10.0.26 | — | — | 3 high | Apache-2.0 AND BSD-3-Clause AND CDDL-1.0 AND EPL-2.0 AND LicenseRef-scancode-generic-export-compliance AND LicenseRef-scancode-other-permissive AND LicenseRef-scancode-unknown-license-reference |
|
org.hibernate:hibernate-core
maven
|
Transitive | 3.6.10.Final | — | — | 2 high | LGPL-2.1 |
|
org.springframework:spring-context
maven
|
Direct | 4.3.30.RELEASE | — | — | 3 high | Apache-2.0 AND BSD-3-Clause AND EPL-1.0 AND LicenseRef-scancode-other-copyleft |
|
org.springframework:spring-expression
maven
|
Transitive | 4.3.30.RELEASE | — | — | 4 high | Unknown |
|
org.eclipse.jgit:org.eclipse.jgit
maven
|
Transitive | 6.7.0.202309050840-r | — | — | 1 medium | Unknown |
License Breakdown
MIT
829
Unknown
177
Apache-2.0
84
ISC
59
BSD-3-Clause
29
BSD-2-Clause
20
Apache-2.0 AND BSD-3-Clause AND CDDL-1.0 AND EPL-2.0 AND LicenseRef-scancode-generic-export-compliance AND LicenseRef-scancode-other-permissive AND LicenseRef-scancode-unknown-license-reference
12
BlueOak-1.0.0
9
LicenseRef-scancode-unknown-license-reference AND EPL-2.0
6
BSD-2-Clause OR Ruby OR (BSD-2-Clause AND Ruby)
5
Apache-2.0 AND MIT
4
Apache-2.0 AND BSD-3-Clause AND EPL-1.0 AND LicenseRef-scancode-other-copyleft
3
Apache-2.0 OR (Apache-2.0 AND LGPL-2.1 AND LGPL-2.1-or-later) OR (Apache-2.0 AND LGPL-2.1) OR (Apache-2.0 AND LGPL-2.1-or-later) OR (LGPL-2.1 AND LGPL-2.1-or-later)
3
BSD-2-Clause OR (BSD-2-Clause AND Ruby)
3
CC0-1.0
3
MIT-0
3
(EPL-2.0 AND Ruby) OR (GPL-2.0 AND Ruby) OR (LGPL-2.1 AND Ruby)
2
0BSD
2
Apache-2.0 AND BSD-3-Clause
2
EPL-2.0 AND LGPL-2.1 AND LGPL-2.1-only
2
EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0
2
ISC AND MIT
2
LGPL-2.1
2
LicenseRef-scancode-public-domain AND Unlicense
2
LicenseRef-scancode-unicode AND MIT
2
((EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND GPL-2.0-only) AND LicenseRef-scancode-unknown
1
(Apache-2.0 AND GPL-1.0-or-later AND LGPL-2.1-only AND LGPL-3.0-only) OR (Apache-2.0 AND LGPL-2.1-only AND LGPL-3.0-only)
1
(Artistic-1.0-Perl AND Artistic-2.0 AND GPL-1.0-or-later AND GPL-2.0-only AND GPL-2.0-or-later AND MIT) OR (Artistic-2.0 AND GPL-1.0-or-later AND GPL-2.0-only AND GPL-2.0-or-later AND MIT)
1
(BSD-2-Clause AND BSD-3-Clause AND Ruby) OR (BSD-2-Clause AND BSD-3-Clause)
1
(BSD-2-Clause AND MIT AND Ruby) OR (BSD-2-Clause AND MIT)
1
(EPL-2.0 AND GPL-1.0-or-later AND GPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-3.0) OR (EPL-2.0 AND GPL-1.0-or-later AND GPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only)
1
Apache-1.1 AND Apache-2.0
1
Apache-1.1 AND Apache-2.0 AND BSD-3-Clause AND EPL-2.0 AND GPL-1.0-or-later AND LicenseRef-scancode-generic-export-compliance AND MIT AND SAX-PD AND xpp
1
Apache-2.0 AND BSD-2-Clause
1
Apache-2.0 AND BSD-3-Clause AND MIT
1
Apache-2.0 AND CC-PDDC
1
Apache-2.0 AND FSL-1.1-ALv2
1
Apache-2.0 OR (Apache-2.0 AND EPL-2.0)
1
Apache-2.0 OR EPL-2.0 OR (Apache-2.0 AND EPL-2.0)
1
BSD-2-Clause AND BSD-2-Clause-Views
1
BSD-2-Clause AND BSD-3-Clause
1
BSD-2-Clause OR Ruby
1
BSD-3-Clause AND LicenseRef-scancode-generic-export-compliance
1
BSD-3-Clause AND MIT
1
BSD-3-Clause OR EPL-1.0
1
BSD-3-Clause OR EPL-2.0 OR (BSD-3-Clause AND EPL-2.0) OR (BSD-3-Clause AND GPL-2.0-only WITH Classpath-exception-2.0) OR (EPL-2.0 AND GPL-2.0-only WITH Classpath-exception-2.0)
1
Bitstream-Vera AND MIT AND LicenseRef-scancode-proprietary-license AND LicenseRef-scancode-public-domain AND LicenseRef-scancode-unknown-license-reference
1
CC-BY-3.0
1
CC-BY-3.0 AND MIT
1
CC-BY-4.0
1
CC-BY-4.0 AND MIT AND OFL-1.1
1
CC0-1.0 AND MIT
1
EPL-1.0 AND EPL-2.0
1
EPL-1.0 OR MPL-2.0
1
EPL-2.0 AND BSD-3-Clause AND Apache-1.1 AND EPL-2.0 AND EPL-1.0 AND Apache-1.1 AND Apache-2.0 AND Apache-1.1 AND BSD-2-Clause AND Apache-2.0 AND Apache-1.1 AND BSD-3-Clause AND BSD-3-Clause
1
EPL-2.0 OR (BSD-3-Clause AND EPL-2.0) OR (BSD-3-Clause AND GPL-2.0-only WITH Classpath-exception-2.0) OR (EPL-2.0 AND GPL-2.0-only WITH Classpath-exception-2.0)
1
GPL-3.0-only OR MIT
1
LGPL-2.0-or-later AND LGPL-3.0
1
LGPL-2.1-only
1
LicenseRef-scancode-free-unknown AND MIT
1
LicenseRef-scancode-jdom
1
LicenseRef-scancode-public-domain
1
LicenseRef-scancode-unknown-license-reference AND Apache-1.1
1
LicenseRef-scancode-warranty-disclaimer AND MIT
1
MIT AND BSD-3-Clause
1
MIT AND LicenseRef-scancode-unknown-license-reference AND EPL-2.0
1
MIT AND Ruby
1
MIT AND Zlib
1
MIT OR (GPL-2.0 AND MIT)
1
Plexus
1
Python-2.0
1
CVE Severity
critical
6
high
7
medium
1
low
0
unknown
0