@cubejs-backend/jdbc-driver
Cube.js JDBC database driver
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| publish-pattern | dormant-publish | AI (publish-pattern): SLSA provenance attestation confirms CI/CD publish; part of large established monorepo with 535 versions. | ai | |
| dependencies | unvetted-dep:@cubejs-backend/node-java-maven | AI (dependencies): First-party Cube.js package; stable internal dependency across all versions of this monorepo package. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Monorepo sub-package; README linking to main project docs is expected, not a phishing indicator. | ai |
Versions (showing 15 of 15)
| Version | Deps | Published |
|---|---|---|
| 1.6.54 | 4 / 4 | |
| 1.6.53 | 4 / 4 | |
| 1.6.52 | 4 / 4 | |
| 1.6.51 | 4 / 4 | |
| 1.6.50 | 4 / 4 | |
| 1.6.49 | 4 / 4 | |
| 1.6.48 | 4 / 4 | |
| 1.6.44 | 4 / 4 | |
| 1.6.43 | 4 / 4 | |
| 1.5.15 | 5 / 4 | |
| 1.5.5 | 5 / 4 | |
| 1.5.4 | 5 / 4 | |
| 1.5.2 | 5 / 4 | |
| 1.3.14 | 5 / 5 | |
| 1.3.12 | 5 / 5 |
v1.6.54
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.53
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.52
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.51
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.50
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.49
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.48
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.44
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.6.43
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.15
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.5.5
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.4
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.5.2
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.14
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v1.3.12
1 findingPackage was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.