Sunshine - SBOM visualization tool

No. of Components	Vulnerabilities	Main Component	Spec Version	Serial Number	Version	Tool
75	Critical: 0, High: 0, Medium: 0, Low: 0, Information: 0, Max EPSS → 0.0, Vulnerabilities in CISA KEV → 0	Type → application, Group → de.infoteam, Name → profile-assist, Version → 0.0.1-SNAPSHOT, Description → infoteam profile assist, PURL → pkg:maven/de.infoteam/profile-assist@0.0.1-SNAPSHOT?type=jar	1.6	urn:uuid:7f08611a-fc65-3b1d-891f-8dc090811d60	1	Component Type → library, Component Group → org.cyclonedx, Component Name → cyclonedx-maven-plugin, Component Version → 2.9.1

This table visualizes components, their dependencies, vulnerabilities and licenses.
The colors of the elements in columns "Component", "Depends on" and "Dependency of" indicate the vulnerability status of the components:

Dark red: affected by at least one critical severity vulnerability.
Red: affected by at least one high severity vulnerability.
Orange: affected by at least one medium severity vulnerability.
Yellow: affected by at least one low severity vulnerability.
Green: affected by at least one informational severity vulnerability.
Light blue: not directly affected by vulnerabilities but has at least one vulnerable dependency.
Grey: neither the component nor its dependencies are affected by any vulnerabilities.

The colors of the elements in columns "Direct vulnerabilities" and "Transitive vulnerabilities" indicate the severity of the vulnerabilities:

Dark red: critical.
Red: high.
Orange: medium.
Yellow:low.
Green:informational.

The "Depth" column indicates a component's position in the dependency graph:

A "root" value means it is a root component, meaning it resides in the innermost circle of the chart.
An integer value represents the component's depth level within the dependency chain.

Note: since a single component may be a dependency for multiple components in different places in the dependency graph, it may be associated with multiple depths.

Component	Depth	Depends on	Dependency of	Direct vulnerabilities	Transitive vulnerabilities	License

profile-assist 0.0.1-SNAPSHOT	root	jspecify 1.0.0, commonmark 0.27.0, spring-ai-starter-model-openai 1.0.1, spring-boot-devtools 3.5.10, lombok 1.18.42, spring-boot-starter-web 3.5.10	-	-	-	-
spring-boot-devtools 3.5.10	1	spring-boot 3.5.10, spring-boot-autoconfigure 3.5.10	profile-assist 0.0.1-SNAPSHOT	-	-	Apache-2.0
spring-boot 3.5.10	2, 3, 4, 5, 6	spring-core 6.2.15, spring-context 6.2.15	spring-boot-devtools 3.5.10, spring-boot-starter 3.5.10, spring-boot-autoconfigure 3.5.10	-	-	Apache-2.0
spring-context 6.2.15	3, 4, 5, 6, 7, 8	spring-aop 6.2.15, spring-expression 6.2.15, spring-core 6.2.15, spring-beans 6.2.15, micrometer-observation 1.15.8	spring-webmvc 6.2.15, spring-context-support 6.2.15, spring-ai-client-chat 1.0.1, spring-ai-commons 1.0.1, spring-boot 3.5.10	-	-	Apache-2.0
spring-boot-autoconfigure 3.5.10	2, 3, 4, 5	spring-boot 3.5.10	spring-boot-devtools 3.5.10, spring-boot-starter 3.5.10	-	-	Apache-2.0
spring-boot-starter-web 3.5.10	1	spring-webmvc 6.2.15, spring-boot-starter 3.5.10, spring-web 6.2.15, spring-boot-starter-json 3.5.10, spring-boot-starter-tomcat 3.5.10	profile-assist 0.0.1-SNAPSHOT	-	-	Apache-2.0
spring-boot-starter 3.5.10	2, 3, 4	spring-core 6.2.15, spring-boot-starter-logging 3.5.10, jakarta.annotation-api 2.1.1, snakeyaml 2.4, spring-boot 3.5.10, spring-boot-autoconfigure 3.5.10	spring-ai-starter-model-openai 1.0.1, spring-ai-autoconfigure-model-chat-observation 1.0.1, spring-ai-autoconfigure-model-tool 1.0.1, spring-boot-starter-json 3.5.10, spring-ai-autoconfigure-model-image-observation 1.0.1, spring-ai-autoconfigure-retry 1.0.1, spring-ai-autoconfigure-model-chat-memory 1.0.1, spring-ai-autoconfigure-model-embedding-observation 1.0.1, spring-ai-autoconfigure-model-chat-client 1.0.1, spring-boot-starter-web 3.5.10	-	-	Apache-2.0
spring-boot-starter-logging 3.5.10	3, 4, 5	logback-classic 1.5.25, jul-to-slf4j 2.0.17, log4j-to-slf4j 2.24.3	spring-boot-starter 3.5.10	-	-	Apache-2.0
logback-classic 1.5.25	4, 5, 6	logback-core 1.5.25, slf4j-api 2.0.17	spring-boot-starter-logging 3.5.10	-	-	EPL-1.0, GNU Lesser General Public License
logback-core 1.5.25	5, 6, 7	-	logback-classic 1.5.25	-	-	EPL-1.0, GNU Lesser General Public License
log4j-to-slf4j 2.24.3	4, 5, 6	slf4j-api 2.0.17, log4j-api 2.24.3	spring-boot-starter-logging 3.5.10	-	-	Apache-2.0
log4j-api 2.24.3	5, 6, 7	-	log4j-to-slf4j 2.24.3	-	-	Apache-2.0
jul-to-slf4j 2.0.17	4, 5, 6	slf4j-api 2.0.17	spring-boot-starter-logging 3.5.10	-	-	MIT
jakarta.annotation-api 2.1.1	3, 4, 5	-	spring-boot-starter-tomcat 3.5.10, spring-boot-starter 3.5.10	-	-	EPL-2.0, GPL-2.0-with-classpath-exception
snakeyaml 2.4	3, 4, 5	-	spring-boot-starter 3.5.10	-	-	Apache-2.0
spring-boot-starter-json 3.5.10	2	jackson-datatype-jdk8 2.19.4, spring-boot-starter 3.5.10, jackson-databind 2.19.4, spring-web 6.2.15, jackson-datatype-jsr310 2.19.4, jackson-module-parameter-names 2.19.4	spring-boot-starter-web 3.5.10	-	-	Apache-2.0
jackson-databind 2.19.4	3, 4, 5, 6, 7, 8, 9	jackson-core 2.19.4, jackson-annotations 2.19.4	jackson-datatype-jdk8 2.19.4, spring-boot-starter-json 3.5.10, jsonschema-generator 4.37.0, jackson-datatype-jsr310 2.19.4, jackson-module-jsonSchema 2.19.4, spring-ai-commons 1.0.1, spring-ai-model 1.0.1, jackson-module-parameter-names 2.19.4	-	-	Apache-2.0
jackson-annotations 2.19.4	4, 5, 6, 7, 8, 9, 10	-	jackson-module-jsonSchema 2.19.4, jackson-databind 2.19.4, jackson-datatype-jsr310 2.19.4	-	-	Apache-2.0
jackson-core 2.19.4	4, 5, 6, 7, 8, 9, 10	-	jackson-datatype-jdk8 2.19.4, jackson-databind 2.19.4, jsonschema-generator 4.37.0, jackson-datatype-jsr310 2.19.4, jackson-module-jsonSchema 2.19.4, jackson-module-parameter-names 2.19.4	-	-	Apache-2.0
jackson-datatype-jdk8 2.19.4	3	jackson-core 2.19.4, jackson-databind 2.19.4	spring-boot-starter-json 3.5.10	-	-	Apache-2.0
jackson-datatype-jsr310 2.19.4	3, 4, 5, 6	jackson-core 2.19.4, jackson-annotations 2.19.4, jackson-databind 2.19.4	spring-ai-model 1.0.1, spring-boot-starter-json 3.5.10	-	-	Apache-2.0
jackson-module-parameter-names 2.19.4	3	jackson-core 2.19.4, jackson-databind 2.19.4	spring-boot-starter-json 3.5.10	-	-	Apache-2.0
spring-boot-starter-tomcat 3.5.10	2	tomcat-embed-el 10.1.50, jakarta.annotation-api 2.1.1, tomcat-embed-core 10.1.50, tomcat-embed-websocket 10.1.50	spring-boot-starter-web 3.5.10	-	-	Apache-2.0
tomcat-embed-core 10.1.50	3, 4	-	spring-boot-starter-tomcat 3.5.10, tomcat-embed-websocket 10.1.50	-	-	Apache-2.0
tomcat-embed-el 10.1.50	3	-	spring-boot-starter-tomcat 3.5.10	-	-	Apache-2.0
tomcat-embed-websocket 10.1.50	3	tomcat-embed-core 10.1.50	spring-boot-starter-tomcat 3.5.10	-	-	Apache-2.0
spring-web 6.2.15	2, 3, 4, 5	spring-core 6.2.15, spring-beans 6.2.15, micrometer-observation 1.15.8	spring-webmvc 6.2.15, spring-boot-starter-json 3.5.10, spring-ai-retry 1.0.1, spring-webflux 6.2.15, spring-boot-starter-web 3.5.10	-	-	Apache-2.0
spring-beans 6.2.15	3, 4, 5, 6, 7, 8, 9, 10	spring-core 6.2.15	spring-aop 6.2.15, spring-webmvc 6.2.15, spring-web 6.2.15, spring-messaging 6.2.15, spring-context-support 6.2.15, spring-webflux 6.2.15, spring-context 6.2.15	-	-	Apache-2.0
micrometer-observation 1.15.8	3, 4, 5, 6, 7, 8, 9	micrometer-commons 1.15.8	spring-ai-model 1.0.1, micrometer-core 1.15.8, spring-context 6.2.15, spring-web 6.2.15	-	-	Apache-2.0
micrometer-commons 1.15.8	4, 5, 6, 7, 8, 9, 10	-	micrometer-core 1.15.8, micrometer-observation 1.15.8	-	-	Apache-2.0
spring-webmvc 6.2.15	2	spring-aop 6.2.15, spring-expression 6.2.15, spring-web 6.2.15, spring-core 6.2.15, spring-beans 6.2.15, spring-context 6.2.15	spring-boot-starter-web 3.5.10	-	-	Apache-2.0
spring-aop 6.2.15	3, 4, 5, 6, 7, 8, 9	spring-core 6.2.15, spring-beans 6.2.15	spring-webmvc 6.2.15, spring-context 6.2.15	-	-	Apache-2.0
spring-expression 6.2.15	3, 4, 5, 6, 7, 8, 9	spring-core 6.2.15	spring-webmvc 6.2.15, spring-context 6.2.15	-	-	Apache-2.0
spring-ai-starter-model-openai 1.0.1	1	spring-ai-openai 1.0.1, spring-boot-starter 3.5.10, spring-ai-autoconfigure-model-openai 1.0.1, spring-ai-autoconfigure-model-chat-memory 1.0.1, spring-ai-autoconfigure-model-chat-client 1.0.1	profile-assist 0.0.1-SNAPSHOT	-	-	Apache-2.0
spring-ai-autoconfigure-model-openai 1.0.1	2	spring-ai-openai 1.0.1, spring-ai-autoconfigure-model-tool 1.0.1, spring-ai-autoconfigure-model-chat-observation 1.0.1, spring-ai-autoconfigure-model-image-observation 1.0.1, spring-ai-autoconfigure-retry 1.0.1, spring-ai-autoconfigure-model-embedding-observation 1.0.1	spring-ai-starter-model-openai 1.0.1	-	-	Apache-2.0
spring-ai-autoconfigure-model-tool 1.0.1	3	spring-ai-model 1.0.1, spring-boot-starter 3.5.10	spring-ai-autoconfigure-model-openai 1.0.1	-	-	Apache-2.0
spring-ai-autoconfigure-retry 1.0.1	3	spring-ai-retry 1.0.1, spring-boot-starter 3.5.10	spring-ai-autoconfigure-model-openai 1.0.1	-	-	Apache-2.0
spring-ai-autoconfigure-model-chat-observation 1.0.1	3	spring-ai-client-chat 1.0.1, spring-boot-starter 3.5.10	spring-ai-autoconfigure-model-openai 1.0.1	-	-	Apache-2.0
spring-ai-autoconfigure-model-embedding-observation 1.0.1	3	spring-ai-model 1.0.1, spring-boot-starter 3.5.10	spring-ai-autoconfigure-model-openai 1.0.1	-	-	Apache-2.0
spring-ai-autoconfigure-model-image-observation 1.0.1	3	spring-ai-model 1.0.1, spring-boot-starter 3.5.10	spring-ai-autoconfigure-model-openai 1.0.1	-	-	Apache-2.0
spring-ai-openai 1.0.1	2, 3	spring-webflux 6.2.15, spring-ai-retry 1.0.1, slf4j-api 2.0.17, spring-context-support 6.2.15, jsonschema-generator 4.37.0, jsonschema-module-jackson 4.37.0, spring-ai-model 1.0.1	spring-ai-autoconfigure-model-openai 1.0.1, spring-ai-starter-model-openai 1.0.1	-	-	Apache-2.0
spring-ai-model 1.0.1	3, 4, 5	spring-messaging 6.2.15, jackson-databind 2.19.4, jsonschema-generator 4.37.0, swagger-annotations-jakarta 2.2.25, reactor-core 3.7.15, jsonschema-module-swagger-2 4.37.0, micrometer-observation 1.15.8, jackson-datatype-jsr310 2.19.4, spring-ai-template-st 1.0.1, spring-ai-commons 1.0.1, jsonschema-module-jackson 4.37.0, antlr4-runtime 4.13.1	spring-ai-openai 1.0.1, spring-ai-autoconfigure-model-tool 1.0.1, spring-ai-autoconfigure-model-image-observation 1.0.1, spring-ai-autoconfigure-model-chat-memory 1.0.1, spring-ai-autoconfigure-model-embedding-observation 1.0.1, spring-ai-client-chat 1.0.1	-	-	Apache-2.0
spring-ai-commons 1.0.1	4, 5, 6, 7	jackson-databind 2.19.4, jtokkit 1.1.0, context-propagation 1.1.3, jackson-module-jsonSchema 2.19.4, micrometer-core 1.15.8, spring-context 6.2.15	spring-ai-template-st 1.0.1, spring-ai-model 1.0.1	-	-	Apache-2.0
micrometer-core 1.15.8	5, 6, 7, 8	micrometer-commons 1.15.8, LatencyUtils 2.0.3, HdrHistogram 2.2.2, micrometer-observation 1.15.8	spring-ai-commons 1.0.1	-	-	Apache-2.0
HdrHistogram 2.2.2	6, 7, 8, 9	-	micrometer-core 1.15.8	-	-	BSD-2-Clause, CC0-1.0
LatencyUtils 2.0.3	6, 7, 8, 9	-	micrometer-core 1.15.8	-	-	CC0-1.0
context-propagation 1.1.3	5, 6, 7, 8	-	spring-ai-commons 1.0.1	-	-	Apache-2.0
spring-ai-template-st 1.0.1	4, 5, 6	spring-ai-commons 1.0.1, ST4 4.3.4, slf4j-api 2.0.17, antlr4-runtime 4.13.1	spring-ai-model 1.0.1	-	-	Apache-2.0
ST4 4.3.4	5, 6, 7	antlr-runtime 3.5.3	spring-ai-template-st 1.0.1	-	-	BSD-4-Clause
antlr-runtime 3.5.3	6, 7, 8	-	ST4 4.3.4	-	-	BSD licence
spring-messaging 6.2.15	4, 5, 6	spring-core 6.2.15, spring-beans 6.2.15	spring-ai-model 1.0.1	-	-	Apache-2.0
reactor-core 3.7.15	4, 5, 6	reactive-streams 1.0.4	spring-ai-client-chat 1.0.1, spring-webflux 6.2.15, spring-ai-model 1.0.1	-	-	Apache-2.0
reactive-streams 1.0.4	5, 6, 7	-	reactor-core 3.7.15	-	-	MIT-0
antlr4-runtime 4.13.1	4, 5, 6, 7	-	spring-ai-template-st 1.0.1, spring-ai-model 1.0.1	-	-	BSD-3-Clause
jsonschema-module-swagger-2 4.37.0	4, 5, 6	slf4j-api 2.0.17	spring-ai-client-chat 1.0.1, spring-ai-model 1.0.1	-	-	Apache-2.0
swagger-annotations-jakarta 2.2.25	4, 5, 6	-	spring-ai-client-chat 1.0.1, spring-ai-model 1.0.1	-	-	Apache-2.0
spring-ai-retry 1.0.1	3, 4	slf4j-api 2.0.17, spring-retry 2.0.12, spring-web 6.2.15	spring-ai-autoconfigure-retry 1.0.1, spring-ai-openai 1.0.1	-	-	Apache-2.0
spring-retry 2.0.12	4, 5	-	spring-ai-retry 1.0.1	-	-	Apache-2.0
jsonschema-generator 4.37.0	3, 4, 5, 6	jackson-core 2.19.4, slf4j-api 2.0.17, classmate 1.7.3, jackson-databind 2.19.4	spring-ai-client-chat 1.0.1, spring-ai-model 1.0.1, spring-ai-openai 1.0.1	-	-	Apache-2.0
classmate 1.7.3	4, 5, 6, 7	-	jsonschema-generator 4.37.0	-	-	Apache-2.0
jsonschema-module-jackson 4.37.0	3, 4, 5, 6	slf4j-api 2.0.17	spring-ai-model 1.0.1, spring-ai-openai 1.0.1	-	-	Apache-2.0
spring-context-support 6.2.15	3, 4	spring-core 6.2.15, spring-beans 6.2.15, spring-context 6.2.15	spring-ai-openai 1.0.1	-	-	Apache-2.0
spring-webflux 6.2.15	3, 4	spring-core 6.2.15, spring-beans 6.2.15, spring-web 6.2.15, reactor-core 3.7.15	spring-ai-openai 1.0.1	-	-	Apache-2.0
slf4j-api 2.0.17	3, 4, 5, 6, 7	-	spring-ai-openai 1.0.1, jsonschema-generator 4.37.0, logback-classic 1.5.25, jsonschema-module-swagger-2 4.37.0, spring-ai-retry 1.0.1, spring-ai-template-st 1.0.1, jsonschema-module-jackson 4.37.0, jul-to-slf4j 2.0.17, log4j-to-slf4j 2.24.3	-	-	MIT
spring-ai-autoconfigure-model-chat-client 1.0.1	2	spring-ai-client-chat 1.0.1, spring-boot-starter 3.5.10	spring-ai-starter-model-openai 1.0.1	-	-	Apache-2.0
spring-ai-client-chat 1.0.1	3, 4	jsonschema-generator 4.37.0, swagger-annotations-jakarta 2.2.25, reactor-core 3.7.15, jsonschema-module-swagger-2 4.37.0, jtokkit 1.1.0, jackson-module-jsonSchema 2.19.4, spring-ai-model 1.0.1, spring-context 6.2.15	spring-ai-autoconfigure-model-chat-client 1.0.1, spring-ai-autoconfigure-model-chat-observation 1.0.1	-	-	Apache-2.0
jackson-module-jsonSchema 2.19.4	4, 5, 6, 7, 8	jackson-core 2.19.4, validation-api 1.1.0.Final, jackson-annotations 2.19.4, jackson-databind 2.19.4	spring-ai-client-chat 1.0.1, spring-ai-commons 1.0.1	-	-	Apache-2.0
validation-api 1.1.0.Final	5, 6, 7, 8, 9	-	jackson-module-jsonSchema 2.19.4	-	-	Apache-2.0
jtokkit 1.1.0	4, 5, 6, 7, 8	-	spring-ai-client-chat 1.0.1, spring-ai-commons 1.0.1	-	-	MIT
spring-ai-autoconfigure-model-chat-memory 1.0.1	2	spring-ai-model 1.0.1, spring-boot-starter 3.5.10	spring-ai-starter-model-openai 1.0.1	-	-	Apache-2.0
lombok 1.18.42	1	-	profile-assist 0.0.1-SNAPSHOT	-	-	MIT
jspecify 1.0.0	1	-	profile-assist 0.0.1-SNAPSHOT	-	-	Apache-2.0
commonmark 0.27.0	1	-	profile-assist 0.0.1-SNAPSHOT	-	-	BSD-2-Clause
spring-core 6.2.15	3, 4, 5, 6, 7, 8, 9, 10, 11	spring-jcl 6.2.15	spring-aop 6.2.15, spring-expression 6.2.15, spring-boot-starter 3.5.10, spring-web 6.2.15, spring-webmvc 6.2.15, spring-messaging 6.2.15, spring-webflux 6.2.15, spring-beans 6.2.15, spring-context-support 6.2.15, spring-boot 3.5.10, spring-context 6.2.15	-	-	Apache-2.0
spring-jcl 6.2.15	4, 5, 6, 7, 8, 9, 10, 11, 12	-	spring-core 6.2.15	-	-	Apache-2.0

Sunshine - SBOM visualization tool

Summary

Components chart

Components table

Vulnerabilities table