Percentage of undetected dependencies in the CVE reports - Cloud

Percentage of undetected dependencies in the CVE reports - Cloud - 8.0

Talend Software Development Life Cycle Best Practices Guide

Version

Cloud

8.0

Language

English

Product

Talend Big Data

Talend Big Data Platform

Talend Cloud

Talend Data Fabric

Talend Data Integration

Talend Data Management Platform

Talend Data Services Platform

Talend ESB

Talend MDM Platform

Talend Real-Time Big Data Platform

Module

Talend Administration Center

Talend Artifact Repository

Talend Cloud Management Console

Talend CommandLine

Talend JobServer

Talend Remote Engine

Talend Studio

Content

Administration and Monitoring

Deployment

Design and Development

Last publication date

2023-11-06

The list of fixed Common Vulnerabilities and Exposures (CVEs), that you can generate while building, can only detect the official Maven dependencies with specific groupIds, artifacts, and versions (GAVs).

Refer to the official Maven documentation for more details.

Therefore, the component dependencies with the Talend-specific groupIds org.talend.libraries, that are not part of the official Maven dependencies, are not reported in the generated CVE list.

The following table details the percentage of Talend dependencies in relation to the total Maven and Talend component dependencies per release.

Version	Percentage of undetected Talend component dependencies
7.3.1	35%
7.3.1 latest	21%
8.0.1	10%
8.0.1 R2022-03	8%
8.0.1 R2022-07	8%
8.0.1 R2023-03	6%

For example, this means that in version 7.3.1, the mvn org.talend.ci:builder-maven-plugin:<your_version>:detectCVE command does not detect 35% of all the component dependencies, against 6% for version R2023-03.