SmartClient and SmartGWT do not currently have official CPE identifiers.
Because our products are commercial libraries and not distributed through public package registries or the NVD, there are no vendor-issued CPEs associated with them.
Most customers generating an SBOM include SmartClient/SmartGWT using a PURL or a custom component identifier (for example: pkg:isomorphic/smartclient@<version> or a Maven-style coordinate for SmartGWT) rather than a CPE.
If industry practice shifts and it becomes valuable for customers, we can evaluate publishing formal CPEs for each version/edition, but at present there is no vulnerability feed that would consume them.
- You need to login (link above) before you can post. If you do not yet have an account, please register.
Leave a comment: