Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MAVEN SBOM results #1416

Open
jssuttles opened this issue Apr 2, 2024 Discussed in #1415 · 1 comment
Open

MAVEN SBOM results #1416

jssuttles opened this issue Apr 2, 2024 Discussed in #1415 · 1 comment

Comments

@jssuttles
Copy link

Discussed in #1415

Originally posted by jssuttles April 2, 2024
Here are bomber (https://github.com/devops-kung-fu/bomber) results generated from an sbom (https://github.com/CycloneDX/cyclonedx-maven-plugin). As you can see, there are supposedly a few critical vulnerabilities. Do these need to be addressed?
image
@jssuttles jssuttles mentioned this issue Apr 9, 2024
Open
@AlexanderSchuetz97
Copy link

most of these dependencies are only found in some modules of dcm4chee. Not saying this shouldnt be addressed, but most users (at least to my knowlege) do not use these modules. I have none of these dependencies in my dependency graph. I however only use the parts of dcm4chee needed to parse .dcm files for metadata and render them into buffered images. These dependencies appear to be mostly from a web/application server. I dont think many people are using the inplementations provided by dcm4chee as is for those purposes.

At least for me this has no priority.

@jssuttles jssuttles mentioned this issue May 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jssuttles @AlexanderSchuetz97