Percentage of undetected dependencies in the CVE reports
The list of fixed Common Vulnerabilities and Exposures (CVEs), that you can generate while building, can only detect the official Maven dependencies with specific groupIds, artifacts, and versions (GAVs).
Refer to the official Maven documentation for more details.
The following table details the percentage of undetected Talend component dependencies per release.
| Version | Percentage of undetected Talend component dependencies |
|---|---|
| 7.3.1 | 61% |
| 7.3.1 latest | 43% |
| 8.0.1 | 39% |
| 8.0.1 R2022-03 | 33% |
| 8.0.1 R2022-07 | 28% |
| 8.0.1 R2023-03 | 22% |
| 8.0.1 R2023-12 | 2% |
To calculate the percentage of undetected Talend component dependencies, the total number of unique Talend component dependencies (without duplicates) is divided by the total number of unique GAVs (without duplicates).
For example, in the R2023-12 release: Number of unique org.talend.libraries = 93 Number of unique GAVs = 4061 Percentage (93÷4061) = 2%
This means that in version 8.0.1 R2022-03, the mvn org.talend.ci:builder-maven-plugin:<your_version>:detectCVE command does not detect 33% of all the component dependencies, against 2% for version R2023-12.
Did this page help you?
If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!