Skip to main content

Percentage of undetected dependencies in the CVE reports

The list of fixed Common Vulnerabilities and Exposures (CVEs), that you can generate while building, can only detect the official Maven dependencies with specific groupIds, artifacts, and versions (GAVs).

Refer to the official Maven documentation for more details.

The following table details the percentage of undetected Talend component dependencies per release.

Version Percentage of undetected Talend component dependencies
7.3.1 61%
7.3.1 latest 43%
8.0.1 39%
8.0.1 R2023-03 22%
8.0.1 R2023-12 2%

To calculate the percentage of undetected Talend component dependencies, the total number of unique Talend component dependencies (without duplicates) is divided by the total number of unique GAVs (without duplicates).

For example, in the R2023-12 release: Number of unique org.talend.libraries = 93 Number of unique GAVs = 4061 Percentage (93÷4061) = 2%

This means that in the first 8.0.1 version, the mvn org.talend.ci:builder-maven-plugin:<your_version>:detectCVE command does not detect 39% of all the component dependencies, against 2% for version R2023-12.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!