Maven live demo

Demo 1: Your place in the ecosystem


Type the maven library name "<groupId>:<artifactId>:<version>" (ex: "org.springframework.retry:spring-retry:1.0.1.RELEASE"), and press "Evaluate".

You can also add multiple libraries separated by a comma (Total maximum library 3).

Really interested in the details? You can zoom in on the graph by drawing a rectangle (with the left mouse key).

Demo 2: Technical leverage and Security

Technical leverage and Security


Leverage=4 allows visual separation between the libraries exposed to a high number of vulnerabilities vs libraries exposed to a small number of security vulnerabilities.

The libraries on the right are big libraries that are always affected by vulnerabilities just because of their size.

Hence, high technical leverage increases security risk: 4x code = +60% chance of having a vulnerability (libraries with \(\ell_{own} < 100 KLoCs\) own code size smaller 100 KLoCs)