@(depPrefix: String, dep: GroupedDependency, selectorOption: Option[String], showAffectedProjects: Boolean, expandVulnerabilities: Boolean = false, vulnerabilitySearch: Boolean = true)
@if(vulnerabilitySearch){
@vulnerableSoftwareSearches(dep) match {
case Seq() => {}
case Seq((link, description)) => {
Look for vulnerabilities in other versions
}
case options => {
Look for vulnerabilities in other versions
}
}
}
@if(dep.descriptions.size > 1){
Multiple descriptions for this dependency!
}
@for(descriptionParagraphs <- dep.parsedDescriptions){
@for(descriptionParagraphLines <- descriptionParagraphs){
@for(line <- descriptionParagraphLines) {
@line
}
License
@dep.dependencies.map(_._1.license).toSet.toSeq.sorted match {
case Seq("") => {unknown }
case Seq(license) => {@license}
case licenses => {It seems to have multiple licenses detected. Maybe it is a good idea to recheck it manually. Detected licenses: @licenses.mkString(", ")}
}
Evidence
Dependency Check uses so-called evidence for matching of identifiers. When results don't match your expectations, you might find the reason here.
confidence
evidence type
name
source
value
@for(fileName <- dep.fileNames.toIndexedSeq.sorted){
filename @fileName
}
@for(ev <- dep.dependencies.keySet.map(_.evidenceCollected).flatten){
@ev.confidence
@ev.evidenceType
@ev.name
@ev.source
@ev.value
}
@if(showAffectedProjects){
Affected projects (@dep.projects.size)
@for(p <- dep.projects.toIndexedSeq.sorted){
@friendlyProjectName(p)
}
@if(selectorOption.isDefined){
All affected projects (including those that aren't included by the filter)
}
}
Vulnerabilities (@dep.vulnerabilities.size)
@for(vuln <- dep.vulnerabilities.toSeq.sortBy(_.cvssScore.map(-_)); vulnPrefix = s"$depPrefix-vulnerabilities-details-${vuln.name}"){
@vuln.name
}