Asset identifier: Java Component in search.maven.org
Asset type: SOURCE_CODE
Availability requirement: high
Confidentiality requirement: high
Eligible for bounty:
Eligible for submissions: true
Instruction: Use this asset for any component found using the [Central Search](https://search.maven.org) or the [OSS Index Search](https://ossindex.sonatpe.org) for maven components
Integrity requirements: high
Max severity: critical
Asset identifier: Java component NOT in search.maven.org
Asset type: SOURCE_CODE
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Use this asset for an open source Java component that could not be found in [search.maven.org](search.maven.org). Our security research team will verify it's a valid open source component available in a public repository. If it is a valid component, we will accept and if it is not a valid component we will let you know.
Integrity requirements:
Max severity: critical
Asset identifier: Suspected Java Component
Asset type: DOWNLOADABLE_EXECUTABLES
Availability requirement:
Confidentiality requirement:
Eligible for bounty:
Eligible for submissions: true
Instruction: Use this if you have a vulnerability that could not be mapped back to a open source project. It was something found in an open source Java application, framework or component from penetration testing or other non source code deterministic testing methodology.
**Note: Only use this if you have a vulnerability but can't identify the vulnerable project**
