This dataset comprise 2017 Java projects. It contains information related to their external dependencies and its potential and disclosed security vulnerabilities.
The potential vulnerabilities were detected with the use of the SpotBugs static analyzer tool, while the disclosed ones with the use of OWASP Dependency Check tool.
This dataset was generated during a research effort to correlate software reuse to security vulnerabilities.
The scripts for reproducing the dataset and analyzing it are available on GitHub under this link [https://github.com/AntonisGkortzis/Vulnerabilities-in-Reused-Software].
- open source
- OWASP Dependency Check
- SpotBugs static analyzer