Percentage of undetected dependencies in the CVE reports - Cloud - 8.0

Talend Studio User Guide

Version
Cloud
8.0
Language
English
Product
Talend Big Data
Talend Big Data Platform
Talend Cloud
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Real-Time Big Data Platform
Module
Talend Studio
Content
Design and Development
Last publication date
2024-04-16

The list of fixed Common Vulnerabilities and Exposures (CVEs), that you can generate while building, can only detect the official Maven dependencies with specific groupIds, artifacts, and versions (GAVs).

Refer to the official Maven documentation for more details.

The following table details the percentage of undetected Talend component dependencies per release.

Version Percentage of undetected Talend component dependencies
7.3.1 61%
7.3.1 latest 43%
8.0.1 39%
8.0.1 R2022-03 33%
8.0.1 R2022-07 28%
8.0.1 R2023-03 22%
8.0.1 R2023-12 2%

To calculate the percentage of undetected Talend component dependencies, the total number of unique Talend component dependencies (without duplicates) is divided by the total number of unique GAVs (without duplicates).

For example, in the R2023-12 release: Number of unique org.talend.libraries = 93 Number of unique GAVs = 4061 Percentage (93รท4061) = 2%

This means that in version 8.0.1 R2022-03, the mvn org.talend.ci:builder-maven-plugin:<your_version>:detectCVE command does not detect 33% of all the component dependencies, against 2% for version R2023-12.