Details
-
Task
-
Resolution: Fixed
-
Critical
-
6.6.5, 7.2.0, 7.1.3
-
0
Description
Currently the BOMs published by Analytics build process exclude Couchbase jars – this prevents shadowed third-party dependencies from being reported on the BD reports, which can hide security & licensing issues which may manifest in those dependencies.
In addition, Maven does not provide any metadata in the POM which indicates which dependencies are shadowed, so they are not included in the BOM. We need to explicitly map the shadowed (embedded) dependencies into our published BOM.