To further improve fine granular VersionEye Security Alerts for reliable Open Source usage
has the VersionEye team integrated National Vulnerability Database (NVD) as source #8 for potential security vulnerabilities which complements other data sources like i.e. VictimsDB which may not always include aproporiate warnings like for this examples:
- on the Spring Framework:
https://www.versioneye.com/java/org.springframework.data:spring-data-jpa/1.10.2.RELEASE - or this one Vaadin Framework:
https://www.versioneye.com/java/com.vaadin:vaadin/6.4.8
NVD integration is based on mapping between Common Platform Enumeration (CPE) Dictionary and Maven which will be further improved using the OWASP framework and becoming available – like VersionEye itself – under Open Source License.
VersionEye provides following automatic Services for Open Source & Enterprise Software Developers
1. Version Control
2. License Control
3. Security Alerts