Percentage of undetected dependencies in the CVE reports - Cloud - 8.0

Talend Software Development Life Cycle Best Practices Guide

Talend Big Data
Talend Big Data Platform
Talend Cloud
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Talend Administration Center
Talend Artifact Repository
Talend Cloud Management Console
Talend CommandLine
Talend JobServer
Talend Remote Engine
Talend Studio
Administration and Monitoring
Design and Development
Last publication date

The list of fixed Common Vulnerabilities and Exposures (CVEs), that you can generate while building, can only detect the official Maven dependencies with specific groupIds, artifacts, and versions (GAVs).

Refer to the official Maven documentation for more details.

Therefore, the component dependencies with the Talend-specific groupIds org.talend.libraries, that are not part of the official Maven dependencies, are not reported in the generated CVE list.

The following table details the percentage of Talend dependencies in relation to the total Maven and Talend component dependencies per release.
Version Percentage of undetected Talend component dependencies
7.3.1 35%
7.3.1 latest 21%
8.0.1 10%
8.0.1 R2022-03 8%
8.0.1 R2022-07 8%
8.0.1 R2023-03 6%

For example, this means that in version 7.3.1, the mvn<your_version>:detectCVE command does not detect 35% of all the component dependencies, against 6% for version R2023-03.