GCP dependencies have CVEs that are remediated in later versions
corey-cole opened this issue · 0 comments
corey-cole commented
(SBOM generated via CycloneDX)
osv-scanner --sbom=build/reports/bom.json --format markdown
Scanned /Users/bcorecol/workspace/riot/build/reports/bom.json as CycloneDX SBOM and found 161 packages
| OSV URL | CVSS | Ecosystem | Package | Version | Source |
|---|---|---|---|---|---|
| https://osv.dev/GHSA-hw42-3568-wj87 | 7.3 | Maven | com.google.oauth-client:google-oauth-client | 1.31.2 | build/reports/bom.json |
| https://osv.dev/GHSA-4gg5-vx3j-xwc7 | 7.5 | Maven | com.google.protobuf:protobuf-java | 3.14.0 | build/reports/bom.json |
| https://osv.dev/GHSA-77rm-9x9h-xj3g | 7.5 | Maven | com.google.protobuf:protobuf-java | 3.14.0 | build/reports/bom.json |
| https://osv.dev/GHSA-g5ww-5jh7-63cx | 7.5 | Maven | com.google.protobuf:protobuf-java | 3.14.0 | build/reports/bom.json |
| https://osv.dev/GHSA-h4h5-3hr4-j3g2 | 5.7 | Maven | com.google.protobuf:protobuf-java | 3.14.0 | build/reports/bom.json |
| https://osv.dev/GHSA-wrvw-hg22-4m67 | 7.5 | Maven | com.google.protobuf:protobuf-java | 3.14.0 | build/reports/bom.json |
| https://osv.dev/GHSA-5mg8-w23w-74h3 | 3.3 | Maven | com.google.guava:guava | 30.0-android | build/reports/bom.json |
| https://osv.dev/GHSA-7g45-4rm6-3mm3 | 5.5 | Maven | com.google.guava:guava | 30.0-android | build/reports/bom.json |