The NUM COMPASS conformance checker provides an endpoint to validate example resources of the German Corona Consensus Dataset (GECCO). The app is part of the COMPASS (Coordination on mobile pandemic apps best practice and solution sharing) project, which aims to improve how apps are used to cope with pandemics.
It offers both validation of single resources, and a full conformance check that validates a set of test data generated by a NUM COMPASS app.
For full technical documentation, see the docs/ folder.
The vulnerability CVE-2021-44228 aka. log4shell (and the related vulnerability CVE-2021-45046) affects the common logging library log4j. While the NUN-COMPASS conformance checker does not have log4j as a direct dependency, it appears as a transitive dependency. We have modified the Gradle build configuration to explicitly exclude affected versions (those below 2.16). Users incorporating our code are urged to verify that vulnerable versions do not appear as transitive dependencies and to follow the mitigation guidance issued by Apache.