The list of fixed Common Vulnerabilities and Exposures (CVEs), that you can generate while building, can only detect the official Maven dependencies with specific groupIds, artifacts and versions (GAVs).
Refer to the official Maven documentation for more details.
Therefore, the component dependencies with the Talend-specific
org.talend.libraries, that are not part of the official Maven
dependencies, are not reported in the generated CVE list.
|Version||Percentage of undetected Talend component dependencies|
For example, this means that in version 7.3.1, the
org.talend.ci:builder-maven-plugin:8.0.X:detectCVE command does not detect 35%
of all the component dependencies, against 8% for version 8.