I'm trying to get Spring AI approved for use at my dayjob employer, but as it stands, the request is being rejected due to the Black Duck / OpenHub "Security Confidence Index" of the project. As of right now, OpenHub has Spring AI at 75.68%. Unfortunately we require a score of 90% or higher to allow an OSS library to be used here.

Sadly the score doesn't provide a ton of details about exactly what aspects contribute to the score and how they are weighted, so I can't be very specific about suggested changes. All I can ask is that the project try to improve this score.

FWIW, I expect that this type of policy is going to be common for large firms in highly regulated industries, so this isn't just a "me" request. It's my guess that many users will eventually be impacted by this.

https://openhub.net/p/spring-ai