[test][maven-lockfile] add dirty-waters #1

randomicecube · 2025-03-18T17:29:47Z

No description provided.

github-actions · 2025-03-18T18:24:45Z

Software Supply Chain Report of randomicecube/maven-lockfile - `42c33ff`

This report is a gradual report: that is, only the highest severity smell type with issues found within this project is reported.
Gradual reports are enabled by default. You can disable this feature, and get a full report, by using the --gradual-report=false flag.

All available checks were performed.

How to read the results 📖

Dirty-waters has analyzed your project dependencies and found different categories for each of them:

⚠️⚠️⚠️⚠️ : critical severity
⚠️⚠️⚠️ : high severity
⚠️⚠️: medium severity
⚠️: low severity

Total packages in the supply chain: 421

🔧 Packages with inaccessible commit SHA/tag (⚠️⚠️⚠️⚠️): 0

❗ Packages with no source code URL (⚠️⚠️⚠️): 10

⛔ Packages with repo URL that is 404 (⚠️⚠️⚠️): 1

🔓 Packages with invalid code signature (⚠️⚠️⚠️): 0

🔒 Packages without code signature (⚠️⚠️): 35

Fine grained information

🐬 For further information about software supply chain smells in your project, take a look at the following tables.

All packages have accessible tags.

Source code links that could not be found(11)

index	package_name	github_url	github_exists	parent	command
1	`org.sonatype.plexus:plexus-sec-dispatcher@1.3`	No_repo_info_found		`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
2	`org.sonatype.plexus:plexus-cipher@1.4`	No_repo_info_found		`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
3	`commons-beanutils:commons-beanutils@1.7.0`	No_repo_info_found		`org.apache.maven.plugins:maven-artifact-plugin@3.6.0`	`resolve-plugins`
4	`dom4j:dom4j@1.1`	No_repo_info_found		`org.apache.maven.plugins:maven-artifact-plugin@3.6.0`	`resolve-plugins`
5	`oro:oro@2.0.8`	No_repo_info_found		`org.apache.maven.plugins:maven-artifact-plugin@3.6.0`	`resolve-plugins`
6	`nekohtml:xercesMinimal@1.9.6.2`	No_repo_info_found		`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
7	`commons-codec:commons-codec@1.2`	No_repo_info_found		`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
8	`jline:jline@0.9.1`	No_repo_info_found		`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
9	`org.eclipse.core:resources@3.3.0-v20070604`	No_repo_info_found		`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
10	`org.kohsuke:github-api@1.322`	No_repo_info_found		`io.quarkiverse.githubapi:quarkus-github-api@1.322.0`	`tree`
11	`org.iq80.snappy:snappy@0.4`	https://github.com/dain/snapy	False	`org.apache.maven.plugins:maven-jar-plugin@3.4.2`	`resolve-plugins`

Call to Action:

👻What do I do now?

For packages without source code & accessible SHA/release tags:

Why? Missing or inaccessible source code makes it impossible to audit the package for security vulnerabilities or malicious code.

Pull Request to the maintainer of dependency, requesting correct repository metadata and proper versioning/tagging.

For deprecated packages:

Why? Deprecated packages may contain known security issues and are no longer maintained, putting your project at risk.

Confirm the maintainer's deprecation intention
Check for not deprecated versions

For packages without code signature:

Why? Code signatures help verify the authenticity and integrity of the package, ensuring it hasn't been tampered with.

Open an issue in the dependency's repository to request the inclusion of code signature in the CI/CD pipeline.

For packages with invalid code signature:

Why? Invalid signatures could indicate tampering or compromised build processes.

It's recommended to verify the code signature and contact the maintainer to fix the issue.

For packages without provenance:

Why? Without provenance, there's no way to verify that the package was built from the claimed source code, making supply chain attacks possible.

Open an issue in the dependency's repository to request the inclusion of provenance and build attestation in the CI/CD pipeline.

For packages that are aliased:

Why? Aliased packages may hide malicious dependencies under seemingly legitimate names.

Check the aliased package and its repository to verify the alias is not malicious.

Notes

Other info:

Source code repo is not hosted on GitHub: 86

This could be due, for example, to the package being hosted on a different platform.

This does not mean that the source code URL is invalid.

However, for non-GitHub repositories, not all checks can currently be performed.

index	package_name	github_url	parent	command
1	`javax.inject:javax.inject@1`	http://code.google.com/p/atinject/source/checkout	`io.smallrye.beanbag:smallrye-beanbag-maven@1.5.2`	`tree`
2	`org.apache.xbean:xbean-reflect@3.7`	http://svn.apache.org/viewvc/geronimo/xbean/tags/xbean-3.7/xbean-reflect	`org.apache.maven.plugins:maven-artifact-plugin@3.6.0`	`resolve-plugins`
3	`com.google.collections:google-collections@1.0`	http://code.google.com/p/google-collections/source/browse/	`org.apache.maven.plugins:maven-artifact-plugin@3.6.0`	`resolve-plugins`
4	`org.eclipse.aether:aether-spi@0.9.0.M2`	http://git.eclipse.org/c/aether/aether-core.git/tree/aether-spi/	`org.apache.maven.plugins:maven-artifact-plugin@3.6.0`	`resolve-plugins`
5	`org.eclipse.aether:aether-impl@0.9.0.M2`	http://git.eclipse.org/c/aether/aether-core.git/tree/aether-impl/	`org.apache.maven.plugins:maven-artifact-plugin@3.6.0`	`resolve-plugins`
6	`org.eclipse.aether:aether-api@0.9.0.M2`	http://git.eclipse.org/c/aether/aether-core.git/tree/aether-api/	`org.apache.maven.plugins:maven-artifact-plugin@3.6.0`	`resolve-plugins`
7	`org.eclipse.aether:aether-util@0.9.0.M2`	http://git.eclipse.org/c/aether/aether-core.git/tree/aether-util/	`org.apache.maven.plugins:maven-artifact-plugin@3.6.0`	`resolve-plugins`
8	`org.codehaus.plexus:plexus-component-annotations@1.5.5`	http://fisheye.codehaus.org/browse/plexus/plexus-containers/tags/plexus-containers-1.5.5/plexus-component-annotations	`org.apache.maven.plugins:maven-artifact-plugin@3.6.0`	`resolve-plugins`
9	`commons-logging:commons-logging@1.2`	http://svn.apache.org/repos/asf/commons/proper/logging/trunk	`org.apache.maven.plugins:maven-site-plugin@3.21.0`	`resolve-plugins`
10	`org.codehaus.plexus:plexus-i18n@1.0-beta-10`	http://fisheye.codehaus.org/browse/plexus/plexus-components/tags/plexus-i18n-1.0-beta-10	`org.apache.maven.plugins:maven-site-plugin@3.21.0`	`resolve-plugins`
11	`org.apache.velocity:velocity@1.7`	http://svn.apache.org/viewvc/velocity/engine/trunk	`org.apache.maven.plugins:maven-artifact-plugin@3.6.0`	`resolve-plugins`
12	`commons-lang:commons-lang@2.4`	http://svn.apache.org/viewvc/commons/proper/lang/trunk	`org.apache.maven.plugins:maven-artifact-plugin@3.6.0`	`resolve-plugins`
13	`org.apache.velocity:velocity-tools@2.0`	http://svn.apache.org/repos/asf/velocity/tools/trunk	`org.apache.maven.plugins:maven-artifact-plugin@3.6.0`	`resolve-plugins`
14	`commons-digester:commons-digester@1.8`	http://svn.apache.org/repos/asf/jakarta/commons/proper/digester/trunk	`org.apache.maven.plugins:maven-artifact-plugin@3.6.0`	`resolve-plugins`
15	`commons-chain:commons-chain@1.1`	http://svn.apache.org/viewcvs.cgi	`org.apache.maven.plugins:maven-artifact-plugin@3.6.0`	`resolve-plugins`
16	`commons-collections:commons-collections@3.2.2`	http://svn.apache.org/viewvc/commons/proper/collections/trunk	`org.apache.maven.plugins:maven-site-plugin@3.21.0`	`resolve-plugins`
17	`org.tukaani:xz@1.9`	https://git.tukaani.org/?p=xz-java.git	`org.apache.maven.plugins:maven-site-plugin@3.21.0`	`resolve-plugins`
18	`org.eclipse.jgit:org.eclipse.jgit@6.10.0.202406032230-r`	https://git.eclipse.org/r/plugins/gitiles/jgit/jgit/org.eclipse.jgit	`com.diffplug.spotless:spotless-maven-plugin@2.44.2`	`resolve-plugins`
19	`org.sonatype.plexus:plexus-build-api@0.0.7`	http://svn.sonatype.org/spice/tags/plexus-build-api-0.0.7	`org.apache.maven.plugins:maven-resources-plugin@3.3.1`	`resolve-plugins`
20	`org.yaml:snakeyaml@2.2`	https://bitbucket.org/snakeyaml/snakeyaml/src	`org.cyclonedx:cyclonedx-maven-plugin@2.9.1`	`resolve-plugins`
21	`org.ow2.asm:asm@9.7`	https://gitlab.ow2.org/asm/asm/	`org.apache.maven.plugins:maven-failsafe-plugin@3.5.2`	`resolve-plugins`
22	`org.apache.ant:ant@1.10.15`	https://gitbox.apache.org/repos/asf/ant.git/ant	`org.codehaus.gmavenplus:gmavenplus-plugin@4.1.1`	`resolve-plugins`
23	`org.apache.ant:ant-launcher@1.10.15`	https://gitbox.apache.org/repos/asf/ant.git/ant-launcher	`org.codehaus.gmavenplus:gmavenplus-plugin@4.1.1`	`resolve-plugins`
24	`org.apache.ivy:ivy@2.5.2`	https://svn.apache.org/repos/asf/ant/ivy/core/trunk	`org.codehaus.gmavenplus:gmavenplus-plugin@4.1.1`	`resolve-plugins`
25	`commons-beanutils:commons-beanutils@1.9.4`	http://svn.apache.org/viewvc/commons/proper/beanutils/tags/BEANUTILS_1_9_3_RC3	`org.apache.maven.plugins:maven-site-plugin@3.21.0`	`resolve-plugins`
26	`org.apache.commons:commons-digester3@3.2`	http://svn.apache.org/viewvc/commons/proper/digester/tags/DIGESTER3_3_2_RC2	`org.apache.maven.plugins:maven-site-plugin@3.21.0`	`resolve-plugins`
27	`javax.servlet:javax.servlet-api@3.1.0`	http://java.net/projects/glassfish/sources/svn/show/tags/javax.servlet-api-3.1.0	`org.apache.maven.plugins:maven-site-plugin@3.21.0`	`resolve-plugins`
28	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	http://svn.apache.org/viewvc/maven/plugins/tags/maven-eclipse-plugin-2.10	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
29	`org.apache.maven:maven-project@2.2.1`	http://svn.apache.org/viewvc/maven/maven-2/tags/maven-2.2.1/maven-project	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
30	`org.apache.maven:maven-profile@2.2.1`	http://svn.apache.org/viewvc/maven/maven-2/tags/maven-2.2.1/maven-profile	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
31	`org.apache.maven:maven-plugin-registry@2.2.1`	http://svn.apache.org/viewvc/maven/maven-2/tags/maven-2.2.1/maven-plugin-registry	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
32	`org.codehaus.plexus:plexus-interpolation@1.11`	http://fisheye.codehaus.org/browse/plexus/plexus-components/tags/plexus-interpolation-1.11	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
33	`org.codehaus.plexus:plexus-container-default@1.0-alpha-9-stable-1`	scm:svn:svn://svn.codehaus.org/plexus/scm/trunk/plexus-containers/plexus-container-default/	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
34	`junit:junit@3.8.1`	http://junit.cvs.sourceforge.net/junit/	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
35	`org.apache.maven:maven-plugin-api@2.2.1`	http://svn.apache.org/viewvc/maven/maven-2/tags/maven-2.2.1/maven-plugin-api	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
36	`org.apache.maven:maven-model@2.2.1`	http://svn.apache.org/viewvc/maven/maven-2/tags/maven-2.2.1/maven-model	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
37	`org.apache.maven:maven-artifact-manager@2.2.1`	http://svn.apache.org/viewvc/maven/maven-2/tags/maven-2.2.1/maven-artifact-manager	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
38	`org.apache.maven:maven-repository-metadata@2.2.1`	http://svn.apache.org/viewvc/maven/maven-2/tags/maven-2.2.1/maven-repository-metadata	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
39	`backport-util-concurrent:backport-util-concurrent@3.1`	svn://dcl.mathcs.emory.edu/software/harness2/trunk/util/backport-util-concurrent/	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
40	`org.apache.maven:maven-artifact@2.2.1`	http://svn.apache.org/viewvc/maven/maven-2/tags/maven-2.2.1/maven-artifact	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
41	`org.apache.maven:maven-core@2.2.1`	http://svn.apache.org/viewvc/maven/maven-2/tags/maven-2.2.1/maven-core	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
42	`org.apache.maven.wagon:wagon-file@1.0-beta-6`	http://svn.apache.org/viewvc/maven/wagon/tags/wagon-1.0-beta-6/wagon-providers/wagon-file	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
43	`org.apache.maven:maven-plugin-parameter-documenter@2.2.1`	http://svn.apache.org/viewvc/maven/maven-2/tags/maven-2.2.1/maven-plugin-parameter-documenter	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
44	`org.apache.maven.wagon:wagon-http-lightweight@1.0-beta-6`	http://svn.apache.org/viewvc/maven/wagon/tags/wagon-1.0-beta-6/wagon-providers/wagon-http-lightweight	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
45	`org.apache.maven.wagon:wagon-http-shared@1.0-beta-6`	http://svn.apache.org/viewvc/maven/wagon/tags/wagon-1.0-beta-6/wagon-providers/wagon-http-shared	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
46	`nekohtml:nekohtml@1.9.6.2`	http://nekohtml.svn.sourceforge.net/viewvc/nekohtml/	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
47	`org.apache.maven.wagon:wagon-http@1.0-beta-6`	http://svn.apache.org/viewvc/maven/wagon/tags/wagon-1.0-beta-6/wagon-providers/wagon-http	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
48	`org.apache.maven.wagon:wagon-webdav-jackrabbit@1.0-beta-6`	http://svn.apache.org/viewvc/maven/wagon/tags/wagon-1.0-beta-6/wagon-providers/wagon-webdav-jackrabbit	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
49	`org.apache.jackrabbit:jackrabbit-webdav@1.5.0`	http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-webdav	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
50	`org.apache.jackrabbit:jackrabbit-jcr-commons@1.5.0`	http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-jcr-commons	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
51	`commons-httpclient:commons-httpclient@3.0`	http://svn.apache.org/repos/asf/jakarta/commons/proper/${pom.artifactId.substring(8)}/trunk	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
52	`org.slf4j:slf4j-nop@1.5.3`	http://svn.slf4j.org/viewvc/slf4j/trunk/slf4j-nop/	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
53	`org.slf4j:slf4j-jdk14@1.5.6`	http://svn.slf4j.org/viewvc/slf4j/trunk/slf4j-jdk14/	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
54	`org.slf4j:slf4j-api@1.5.6`	http://svn.slf4j.org/viewvc/slf4j/trunk/slf4j-api/	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
55	`org.slf4j:jcl-over-slf4j@1.5.6`	http://svn.slf4j.org/viewvc/slf4j/trunk/jcl-over-slf4j/	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
56	`org.apache.maven.reporting:maven-reporting-api@2.2.1`	http://svn.apache.org/viewvc/maven/maven-2/tags/maven-2.2.1/maven-reporting/maven-reporting-api	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
57	`org.apache.maven.doxia:doxia-sink-api@1.1`	http://svn.apache.org/viewcvs.cgi/maven/doxia/doxia/tags/doxia-1.1/doxia-sink-api	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
58	`org.apache.maven.doxia:doxia-logging-api@1.1`	http://svn.apache.org/viewcvs.cgi/maven/doxia/doxia/tags/doxia-1.1/doxia-logging-api	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
59	`org.apache.maven:maven-error-diagnostics@2.2.1`	http://svn.apache.org/viewvc/maven/maven-2/tags/maven-2.2.1/maven-error-diagnostics	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
60	`commons-cli:commons-cli@1.2`	http://svn.apache.org/viewvc/commons/proper/cli/branches/cli-1.x/	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
61	`org.apache.maven.wagon:wagon-ssh-external@1.0-beta-6`	http://svn.apache.org/viewvc/maven/wagon/tags/wagon-1.0-beta-6/wagon-providers/wagon-ssh-external	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
62	`org.apache.maven.wagon:wagon-ssh-common@1.0-beta-6`	http://svn.apache.org/viewvc/maven/wagon/tags/wagon-1.0-beta-6/wagon-providers/wagon-ssh-common	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
63	`org.apache.maven:maven-plugin-descriptor@2.2.1`	http://svn.apache.org/viewvc/maven/maven-2/tags/maven-2.2.1/maven-plugin-descriptor	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
64	`org.codehaus.plexus:plexus-interactivity-api@1.0-alpha-4`	scm:svn:svn://svn.codehaus.org/plexus/scm/trunk/plexus-components/plexus-interactivity/plexus-interactivity-api	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
65	`org.apache.maven:maven-monitor@2.2.1`	http://svn.apache.org/viewvc/maven/maven-2/tags/maven-2.2.1/maven-monitor	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
66	`org.apache.maven.wagon:wagon-ssh@1.0-beta-6`	http://svn.apache.org/viewvc/maven/wagon/tags/wagon-1.0-beta-6/wagon-providers/wagon-ssh	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
67	`com.jcraft:jsch@0.1.38`	http://www.jcraft.com/jsch/	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
68	`classworlds:classworlds@1.1`	http://cvs.classworlds.codehaus.org/	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
69	`org.apache.maven:maven-settings@2.2.1`	http://svn.apache.org/viewvc/maven/maven-2/tags/maven-2.2.1/maven-settings	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
70	`org.apache.maven.wagon:wagon-provider-api@2.1`	http://svn.apache.org/viewvc/maven/wagon/tags/wagon-2.1/wagon-provider-api	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
71	`commons-io:commons-io@2.2`	http://svn.apache.org/viewvc/commons/proper/io/trunk	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
72	`org.apache.commons:commons-compress@1.8.1`	http://svn.apache.org/repos/asf/commons/proper/compress/tags/COMPRESS-1.8.1	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
73	`org.codehaus.plexus:plexus-interactivity-jline@1.0-alpha-5`	scm:svn:svn://svn.codehaus.org/plexus/scm/trunk/plexus-components/plexus-interactivity/plexus-interactivity-jline/	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
74	`org.apache.maven:maven-archiver@2.5`	http://svn.apache.org/viewvc/maven/shared/tags/maven-archiver-2.5	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
75	`org.codehaus.plexus:plexus-resources@1.0-alpha-7`	http://fisheye.codehaus.org/browse/plexus/plexus-components/tags/plexus-resources-1.0-alpha-7	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
76	`biz.aQute:bndlib@0.0.145`	http://www.aQute.biz/Code/Bnd	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
77	`org.apache.maven.shared:maven-osgi@0.2.0`	http://svn.apache.org/viewcvs.cgi/maven/shared/tags/maven-osgi-0.2.0	`org.apache.maven.plugins:maven-eclipse-plugin@2.10`	`resolve-plugins`
78	`aopalliance:aopalliance@1.0`	http://aopalliance.sourceforge.net	`com.google.inject:guice@5.1.0`	`tree`
79	`org.ow2.asm:asm-util@9.7.1`	https://gitlab.ow2.org/asm/asm/	`io.quarkus.gizmo:gizmo@1.8.0`	`tree`
80	`org.ow2.asm:asm-analysis@9.7.1`	https://gitlab.ow2.org/asm/asm/	`org.ow2.asm:asm-util@9.7.1`	`tree`
81	`org.ow2.asm:asm@9.7.1`	https://gitlab.ow2.org/asm/asm/	`io.quarkus:quarkus-core-deployment@3.17.7`	`tree`
82	`org.ow2.asm:asm-commons@9.7.1`	https://gitlab.ow2.org/asm/asm/	`io.quarkus:quarkus-core-deployment@3.17.7`	`tree`
83	`org.ow2.asm:asm-tree@9.7.1`	https://gitlab.ow2.org/asm/asm/	`org.ow2.asm:asm-commons@9.7.1`	`tree`
84	`org.yaml:snakeyaml@2.3`	https://bitbucket.org/snakeyaml/snakeyaml/src	`com.fasterxml.jackson.dataformat:jackson-dataformat-yaml@2.18.2`	`tree`
85	`org.apache.maven.shared:maven-shared-incremental@1.1`	http://svn.apache.org/viewvc/maven/shared/tags/maven-shared-incremental-1.1	`org.apache.maven.plugins:maven-compiler-plugin@3.13.0`	`resolve-plugins`
86	`org.ow2.asm:asm@9.6`	https://gitlab.ow2.org/asm/asm/	`org.apache.maven.plugins:maven-compiler-plugin@3.13.0`	`resolve-plugins`

Report created by dirty-waters.

Report created on 2025-05-11 22:27:57

Tool version: 6065c48e
Project Name: randomicecube/maven-lockfile
Project Version: 42c33ff
Package Manager: maven

…res; just checking signatures

…y param

use action v1.11.20

767c222

randomicecube added 19 commits March 18, 2025 22:05

ignoring cache one more time

565a563

debug

ddb4a57

bump to 1.11.21; will have logs of what's happening with code signatu…

5d5a4b0

…res; just checking signatures

try without temurin

ff36ff4

bump to 1.11.22; hopefully better logs

4a5a6f9

bump to 12e9897595a7044747907bf9fa6adcf5776792ad; raw output

40c1933

bump to 73e8356b1e3f00c7151de78724b79a223611e3d3; encod output

3ced536

bump to 35b68a3209547959b054006159d08371b2d46e10; ansi escape colors

09bdd01

bump to 1.11.23

c89f054

bump to 1.11.24

6f0ce90

test relative config path fix

fc28890

use new dw version w/ hardcoded URLs support, add fail on min severit…

9e00db0

…y param

try to avoid critical smells, see if param works

c374b78

forgot to add updated workflow

75347d6

add remaining to-ignore packages

1b70bd5

fix: bug for parsing report warning signs

57b0775

fix: condition for restoring cache

af84047

fix: syntax in if

deaef21

fix: "true" -> true

8e78b43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[test][maven-lockfile] add dirty-waters #1

[test][maven-lockfile] add dirty-waters #1

Uh oh!

Uh oh!

Uh oh!

Uh oh!

[test][maven-lockfile] add dirty-waters #1

Are you sure you want to change the base?

[test][maven-lockfile] add dirty-waters #1

Uh oh!

Conversation

Uh oh!

Uh oh!

Software Supply Chain Report of randomicecube/maven-lockfile - 42c33ff

Total packages in the supply chain: 421

Fine grained information

Call to Action:

Notes

Uh oh!

Uh oh!

Software Supply Chain Report of randomicecube/maven-lockfile - `42c33ff`