Percentage of undetected dependencies in the CVE reports
The list of fixed Common Vulnerabilities and Exposures (CVEs), that you can generate while building, can only detect the official Maven dependencies with specific groupIds, artifacts, and versions (GAVs).
Refer to the official Maven documentation for more details.
The following table details the percentage of undetected Talend component dependencies per release.
| Version | Percentage of undetected Talend component dependencies |
|---|---|
| 7.3.1 | 61% |
| 7.3.1 latest | 43% |
| 8.0.1 | 39% |
| 8.0.1 R2023-03 | 22% |
| 8.0.1 R2023-12 | 2% |
To calculate the percentage of undetected Talend component dependencies, the total number of unique Talend component dependencies (without duplicates) is divided by the total number of unique GAVs (without duplicates).
For example, in the R2023-12 release: Number of unique org.talend.libraries = 93 Number of unique GAVs = 4061 Percentage (93÷4061) = 2%
This means that in the first 8.0.1 version, the mvn org.talend.ci:builder-maven-plugin:<your_version>:detectCVE command does not detect 39% of all the component dependencies, against 2% for version R2023-12.