Spike: Track Maven package relocations as aliases

Problem

Sometimes, packages get relocated. For example, c3p0:c3p0 was moved to com.mchange:c3p0 for newer versions.

Solution

  1. Find a way to track package relocations
  2. Map newer advisories back to older versions, assuming they are vulnerable
  3. Evaluate the quality of the results
Edited by Dinesh Bolkensteyn