OWASP Foundation CycloneDX Maven plugin 2.7.10 1cc7f6a0382f8bb2f758d6a6ea401d1b a4297947a1f2d7d453105db542651614bbd37f38 bd0fdd8f2f2116eee5e715aeac1580f19eb7a10ec2b6f805b53567067658e872 9cde8352a427e10b96cae01348fc7cfe5d4aa9cd0a5e5dd93b414ce3bb7d112993c3b3004e53af52567fbfa16de0704ec59a5556a635ad70571fd124ae389f39 93d7bf5b5c735347edfbfbd66810273ca840f9a322b816d22d44c3d8e8255c09e86570bb23712aeb0cade0f478be5aeb 4467f16e9ca32190a6e49c65339eb28ee5e8c78f4e918fcf95128a4b7648898de56ccb43eacfad0c9391ef8cdb7d629a ed2996c99b483e969221d5e9a40f562ea2ab85442d361d72a90e85266a3ed781 c8e6ea9ddc38edc77e284b3bf541663e84752bdc59ed1935799847a48a14ea2fa531b61008fefcba37d732a56702a11ac112437b9b80d18f4ecc8ef0ecfb32cf The Apache Software Foundation org.apache.logging.log4j log4j-jakarta-web 2.23.1 The Apache Log4j support for Jakarta EE 9+ web servlet containers Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0 pkg:maven/org.apache.logging.log4j/log4j-jakarta-web@2.23.1?type=jar https://logging.apache.org/log4j/2.x/ https://github.com/apache/logging-log4j2/actions https://logging.apache.org/log4j/2.x/download.html https://github.com/apache/logging-log4j2/issues https://lists.apache.org/list.html?log4j-user@logging.apache.org https://github.com/apache/logging-log4j2 https://logging.apache.org/cyclonedx/vdr.xml makeBom compile,provided,runtime,system enabled Eclipse Foundation jakarta.servlet jakarta.servlet-api 5.0.0 Eclipse Enterprise for Java (EE4J) is an open source initiative to create standard APIs, implementations of those APIs, and technology compatibility kits for Java runtimes that enable development, deployment, and management of server-side and cloud-native applications. required b950da93e08cf6d5a2d73dc7a80f9403 2e6b8ccde55522c879434ddec3714683ccae6867 33d3a5bda82c7d2f1b898685faa954f1fc34f7b0ae5c2f6ccc6d051e8a10973b 667578d33b939b606bc38322e5cd8d0be4eacedf86e13f34b6c7c9d8ec6ef719ac7b4d830eba2588a4ea5c924fe3772960e94a99642a039f1781421e7eacb1e6 329e54722e5da97d1c8d049c4dd68b0d8e22f72b299c2dd4db7f1bd3b07de4cf891402904760dca4584e30193741b11b 4b41bfe405d59203409fe3a5a5d11f177eabe7cd0eb7994dfe1f907c67c93a766959f703dfee1ef9925d420d0dadf9a0 b73926ebe8f21e0d3f440f9e7f3a229fae7975b34afeaa5c42d4334cb1d86121 a85b76f03626ad4d02779d812190fb4b44fddf132dda92c0c908a7eb182f202b0f02f54eea500d92b3a5667d5288e03269530b63c7f72504f424d3dbf5f8c48e EPL-2.0 GPL-2.0-with-classpath-exception pkg:maven/jakarta.servlet/jakarta.servlet-api@5.0.0?type=jar https://projects.eclipse.org/projects/ee4j.servlet https://jakarta.oss.sonatype.org/service/local/staging/deploy/maven2/ https://github.com/eclipse-ee4j/servlet-api/issues https://dev.eclipse.org/mhonarc/lists/servlet-dev https://github.com/eclipse-ee4j/servlet-api The Apache Software Foundation org.apache.logging.log4j log4j-api 2.23.1 The Apache Log4j API required f2781441b566a824230d447ebd363173 58290683e2744d4b446e5eb0964aa69971179296 2d4098e44de6f45cda73ee06e1ea68f0ded81e4643b1df4a6b8d25e6a8b33a1b 4084e561de7017c25ba8618017f41eb04e5d70bdac965702a90113270b8ba97ce5aa4b8f51518e8b99d409d0a05e3fa7a9ef14e4235b144ee7036a6c6ce0c07c 81a0bfa062360e478420f3814e9fcdbb5703baaf9a917a1d5231d843f95276cda2d6e87cf117f8fe6518a25861bb3b31 f00c1f9676389d88ee98be01c5ea23b7b194b42ec1f893dc995c2daecbffef104a531c80a043f5aa6d8dbc77f5464e0c 36b54cef9b4723d93a4ddb9f3df75977bc3cf604a8acc3edc0bcf606108d6712 5016f9a6c126bda46a41da04e73400e01702d540fc845087c935a166417fd8755ddf7e0d2dc6b0d2a151f21930dc81aaf4b6fed468eb951f992b3d7c86a76332 Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0 pkg:maven/org.apache.logging.log4j/log4j-api@2.23.1?type=jar https://logging.apache.org/log4j/2.x/log4j/log4j-api/ https://github.com/apache/logging-log4j2/actions https://logging.apache.org/logging-parent/latest/#distribution https://github.com/apache/logging-log4j2/issues https://lists.apache.org/list.html?log4j-user@logging.apache.org https://github.com/apache/logging-log4j2 https://logging.apache.org/cyclonedx/vdr.xml The Apache Software Foundation org.apache.logging.log4j log4j-core 2.23.1 The Apache Log4j Implementation required 7392baea1324a2c70715c1c14af11682 bb94b35ae386cccd99c1da7e76c1d6611ec9ab9e f7fffc0da66525462c02dff8577ac36bc83a688e31c0cc14152a075217f4c233 433ee902713c3e678c214da17afdf76606b6211a23064a45d81ca914f0ccb777d946de6a45a8be481153bcb8b97cb5636cbe8c3a7165023f6f84c73099d9bc01 60a0b67c1b6dbaae2d42eae54f5df6ddbd3a8a0b0cc7737cc6a5d420b4f932fccac7e19dc844a20dc9fd10983bd3ae3a 663a2bcca3625bb570a0f1188d0b2195cde2661844721e07f0636099f5a009d85f43db0b5315ce425d2dc6480a3fbfcb 13524d1f7780fa5d5217b8a6011d7023e4b36a88e9172daab3cdbbaed7b06c40 b38ff3639ab354854cfaa54700c8616b5ed8fc76ebf9d5241a64403e416e07b3c2b4a4690f81f3a9827633affebc03e62d57543d667aac30e5453b07c08f9973 Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0 pkg:maven/org.apache.logging.log4j/log4j-core@2.23.1?type=jar https://logging.apache.org/log4j/2.x/log4j/log4j-core/ https://github.com/apache/logging-log4j2/actions https://logging.apache.org/logging-parent/latest/#distribution https://github.com/apache/logging-log4j2/issues https://lists.apache.org/list.html?log4j-user@logging.apache.org https://github.com/apache/logging-log4j2 https://logging.apache.org/cyclonedx/vdr.xml Bndtools biz.aQute.bnd biz.aQute.bnd.annotation 7.0.0 bnd Annotations Library required 0339bd011cf13131841417c0de7452f5 8ad279ebf0d04ea89c5ce4d934189d0d16bb6d50 a0090390963dd2092f8abb6d76092bab1696494d2e31b127f5b1b2bf29c08638 6e96cffe60466e9bd5730c93686a6ae252958be6202ba07d235239f0033b9a1cc53faad327ddaebab9eab30825b881acc6296777851028c7fad5668cbbe99c81 f51cd44911333bf7c2f58bdf7440062c138005c8332be3bf69b0ab0d9d93af4d1e1dde3a4eae5bfae92e835b70e6f561 7e93113ee29b6fbed02fbeac096582476b0b7c04703a54ecf0c3c89cab6fff06bc486d072c78f5a19e2c7da1c603b9d2 e0a35d4ec2afe652ef58a37a9f2491349527e86c7a1b37d13436fdfef77f32b2 62783affe413b5419c08008094a43e63712c65d6e4a0cd345e58e1a7c66dc32a08f2e68852d14641d30da31d665091c19571809145f769480cb0b80e0ad003e9 (Apache-2.0 OR EPL-2.0) https://opensource.org/licenses/Apache-2.0,https://opensource.org/licenses/EPL-2.0 pkg:maven/biz.aQute.bnd/biz.aQute.bnd.annotation@7.0.0?type=jar https://bnd.bndtools.org/ https://github.com/bndtools/bnd OSGi Alliance org.osgi org.osgi.resource 1.0.0 OSGi Companion Code for org.osgi.resource Version 1.0.0. required 7d857a4203e2996fab0cf070133e43df 343c88949132984b3f2d4175a72c40b77dc65619 81fc50f1f1d38a4af28e131907d4afe213249aab05060484edca0e60c4af9b4a 4e798790856f83f50832db80bfab64dfceeff1c509d7dde43e74a9f9192ea7a7d5ea77b9b1e81291fa6ba3dcef5ab8fa791ca8093a72a08d7ca6f6499e13e506 73038c395166552b64b6b5469bd8056584f48d19b5762df2e8bd2770405ed8f6071e397a87d9a7ed39f8c2e0e8ab85b2 e06c8a460b3bf06d6cb22237aeffa6afd2eadd9461096c67b768a14603ad8aaa88f891d03cf0a273a99d86906c1c8eb3 1097cfd20e80ce368fd828a23ad7c32a202cebd92106f6ebb88ba55ca74349ee d7b710e1e0484badb875f326c602c90df6705df48b0f057320919a5255d3ecbddd7053eabc68787480a70aebd7e553e9f51728112e1fa0846c849366b7e8d69b Apache-2.0 pkg:maven/org.osgi/org.osgi.resource@1.0.0?type=jar http://www.osgi.org/ https://osgi.org/git/build.git OSGi Alliance org.osgi org.osgi.service.serviceloader 1.0.0 OSGi Companion Code for org.osgi.service.serviceloader Version 1.0.0. required 4943f0102a6d893c4dd77f369a5f0537 3728ff37909c6a3c1870b3e851342d9f2bd3cc63 8f876ce2a9aa4e95b1f1952950255103e2487425050a654f3285447ba601c154 a7def4cb7a8ed992645faa80a780e0b30bd39c1587b5bcb65fe170d10842d0d880c2849edd50c64807fe0e4b9cc0051337d1b161d0d390465d9e63a762861c49 1e480694b8a541da4cd1e044d3f3ea3cd55152515ac022b80d865b6654242506c2138daabb4e71c30d36b12b9aaf676d 7f076af200ae9c2bd9f235b949aee01a1a758c8aac10fee8b98ec2497197d2029117d5627eb0eabd9b42979eb1baa009 83b1dce69c4c899176eb6e368e434ecb77dfed7c436530b8c5d08b9b6f2430aa 5debde53a7ead231dcd907467d59728f59cae4eb3b967c19808f78890bd97d2f04657cad9c093e88f9818338b0b3b38a57c66400ebcff61fbb26d18e9f7bf8ed Apache-2.0 pkg:maven/org.osgi/org.osgi.service.serviceloader@1.0.0?type=jar http://www.osgi.org/ https://osgi.org/git/build.git Google LLC com.google.errorprone error_prone_annotations 2.24.1 Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time. required 345bbebec9b3c68d2638c0f6809436dc 32b299e45105aa9b0df8279c74dc1edfcf313ff0 19fe2f7155d20ea093168527999da98108103ee546d1e8b726bc4b27c31a3c30 75a8d055b90fc2be2198d8502299b5e4f08a81d87b15334a788a719e155f006b23c3648a4574be831de932db212593a2b004584948c394adb8272ed7d5844c94 b474fabb3ed301583358187787cb89161d4ea3a5e46d66aaf4317bfa74cba0063f53872c30fbc130af505537ac72f9c3 5d5456af3f5d809c6e1fbe13b6b65c71b442dcff66e087bf1be3958e582c7565135cf61f7b3bff55cee6d27a74365d01 39119e15f4769fdd5b018c1c9cae88c78e9454e05666731e8a703f47ed903693 d25c633ed33e217d71076ecf76040c13e3d8dfcc9eda1a2300a718a8699317de0b87680bfa5e499bf8c51f133408ab24c93e47393aa8c4300e92db0d683b48d6 Apache-2.0 pkg:maven/com.google.errorprone/error_prone_annotations@2.24.1?type=jar https://errorprone.info/error_prone_annotations https://github.com/google/error-prone/error_prone_annotations Eclipse Foundation org.osgi osgi.annotation 8.1.0 OSGi Annotation Release 8, Annotations for use in compiling bundles required 3bcfab9c55a2bcc158aa4953084021b6 59d42736bcc0af2144ba5c1a12ff7c08ea4b7e12 68afeb86a5322675d4dfe3df5863c7d8a37b34c18e3a8e41553f1ab3ac15d78f a190fa888fd22c2c31455d672b3e50ca79fa9f02269b9d45f6e6fc189dc8f90d20663e290f151a851e010b52ce87e62dc5079253c3e59caa72f11ea6248ffb26 581c88a48fc7df5edae29712f943ef780fb0f32b4eee10dfcaa879f122f19fd1645b961b38bc0a97dd894d89952fdb68 ab4fab76440671def19eb0ca3370d8f0f8a915df4ec92e5aa2b9e12a4b97aa49301c51ccd28a2d2718beec6fe8105bc6 6849ce4a9cad5dbf2dce1ad817442821a633f8ae10ab1ccde69ac46d26127a46 3c3ce68b5ae1ea157f78d72a210cc152375fd8819a7c85ed5c718fbe387ffb522715e1b0dfa5094caed1e8bbe4b8fcc6d2aadd1cd3851f4c0fffebda5acaebba Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0 pkg:maven/org.osgi/osgi.annotation@8.1.0?type=jar https://docs.osgi.org/ https://github.com/osgi/osgi Eclipse Foundation org.osgi org.osgi.annotation.bundle 2.0.0 OSGi Companion Code for org.osgi.annotation.bundle Version 2.0.0 required 19115314a0ce4cfb711a811dcc0be0a3 f5c2cd6e670c3c5d440d3003efd5ef2ead5c68eb b9c9546ec5be3ebc2e85ba4919150ad76d64594805282fc895133a47d264a7ae f16b8983240ba3c08d6bc78e2eae92e89eb528f32a705961d90b463def0a5ed1ba08cc3d0be38b5dcfb946c6f759df772e122fb769e58e8c20aa79a489a1fd21 88217b7d3a2d9a0a3f005162b95d68ba2bd29629688b2c32e93e4587d89fe6bd468f5c62ef422ebf2b609d402e62ff56 c7ee64dd3e235d900d01d8629b82245303d34a006e1edcd2571ef736d9c6256dcb718be326ad4909cb6d2cea26118ea9 9adcacb036caf30d17a13fcd5952a35e011678b1dbfabafdff73dba065ace8a3 76bec6bb2cdbc8da043760a7aedd51203c8d70b740c9b8de0ba6b0cf9ad991a58059566e7f62dee30606f32d267b2596d5bd5e885c73e336ae7fff6cf7f970db Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0 pkg:maven/org.osgi/org.osgi.annotation.bundle@2.0.0?type=jar https://docs.osgi.org/ https://github.com/osgi/osgi Eclipse Foundation org.osgi org.osgi.annotation.versioning 1.1.2 OSGi Companion Code for org.osgi.annotation.versioning Version 1.1.2 required a61b3b8d09c85ad296c61e21bf77ec70 dc3cd4ec96c0b3c5459fe00694bd73a816ecf93e f51f235e80df8ffbc30ef1b557b6ea38a696632d675404ec117e952978b8b863 a4c612bec624a168f25f0923d51925bbc914686673eeebd5b2442998b876f05855e2b0a6e6e9aca4a6533ed3156b0d24f94c3e508ee9778e1b2e469be318afa3 68a2046f083a2e77304622a56d07c0e73ba88534af4a87b5428cebf8b638c40ce21bbac089a8b5520ad488c946b633ea 930734f6979650191d51cd8bf1f9ab4548d307950735aa98e2dbda7aecc19b49d01a3b968824f6df2ffafce65e122c60 513392d0e8ddd873d04c5cf4f402a9cfe094413832bb859fe37b70fd0512dd12 3d2bd7d2eb784a9fab4b09c42adb0722363079235340f1915bb82a99f1c5e616ee8f3dc34d2c90b941d2651dcb4f393c7fea3e23b579456a696604148d10f22b Apache-2.0 https://www.apache.org/licenses/LICENSE-2.0 pkg:maven/org.osgi/org.osgi.annotation.versioning@1.1.2?type=jar https://docs.osgi.org/ https://github.com/osgi/osgi com.github.spotbugs spotbugs-annotations 4.8.3 Annotations the SpotBugs tool supports required cd5917b77643c3a7ba5420aea78f940c 05d2dc4ca5b632976371155252499819aea372ed e5d4f60be8e57595766ba7f1d4535dc46aebf98dae05e16372a4d4120d3ebb6b 1a64f6911a94654d440ce4918395af0cbdee79696acbcf727af79134b02e6be17956fffa8f39e05fa9e22e336041443eb31165b338164b48a1c70f947e66d68b 6875428ea8454185df4ac50b6551f9d9ba7d9152083eec2ecc5046aa464767982abfe0733c258f2dfed9fc3f2ad68add 25422667753a299021150558bf094a6bd5a521a0b736d94866f807f3246b11a0574e9e480f85c7a894258979afdaedd4 116a3c20fdd3253ab1cfc1bdc95c8d4eb3c454b3f7d89af1d2b87bde4b890c88 0e9ee42600abe9496fedc2d82cd71e51fd05f26c0094c1710025d3931b79507a3502a9f9e83fddefeb6ed784123c7faa7251bd58368e78cdcc218481cd05045d LGPL-2.1-only pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.3?type=jar https://spotbugs.github.io/ https://github.com/spotbugs/spotbugs/ com.google.code.findbugs jsr305 3.0.2 JSR305 Annotations for Findbugs required dd83accb899363c32b07d7a1b2e4ce40 25ea2e8b0c338a877313bd4672d3fe056ea78f0d 766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7 bb09db62919a50fa5b55906013be6ca4fc7acb2e87455fac5eaf9ede2e41ce8bbafc0e5a385a561264ea4cd71bbbd3ef5a45e02d63277a201d06a0ae1636f804 ca0b169d3eb2d0922dc031133a021f861a043bb3e405a88728215fd6ff00fa52fdc7347842dcc2031472e3726164bdc4 9903fd7505218999f8262efedb3d935d64bcef84aae781064ab5e1b24755466b269517cada562fa140cd1d417ede57a1 223fda9a89a461afaae73b177a2dc20ed4a90f2f8757f5c65f3241b0510f00ff 3996b5af57a5d5c6a0cd62b11773360fb051dd86a2ba968476806a2a5d32049b82d69a24a3c694e8fe4d735be6a28e41000cc500cc2a9fb577e058045855d2d6 Apache-2.0 pkg:maven/com.google.code.findbugs/jsr305@3.0.2?type=jar http://findbugs.sourceforge.net/ https://oss.sonatype.org/service/local/staging/deploy/maven2/ https://code.google.com/p/jsr-305/