You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
False positive on custom built library ST-1.0.0-SNAPSHOT.jar - reported as cpe:/a:shadow_project:shadow:4.4
The library is named "Shadow Test" and being identified as "shadow". The CVE reported belongs to "shadow".
<!-- Custom Library Unavailable in Maven Central -->
<dependency>
<groupId>com.test</groupId>
<artifactId>ST</artifactId>
<version>1.0.0-SNAPSHOT</version>
</dependency>
Thank you for the report. However, as this is a custom library specific to your environment you will need to include the suppression rule in a suppression file maintained within your organization. Please see the article on suppressing false positives: https://jeremylong.github.io/DependencyCheck/general/suppression.html
False positive on custom built library ST-1.0.0-SNAPSHOT.jar - reported as cpe:/a:shadow_project:shadow:4.4
The library is named "Shadow Test" and being identified as "shadow". The CVE reported belongs to "shadow".
Sample jar, pom, & reports included in zip:
FalsePositive.zip
Originally reported under the Jenkins Dependency Check OWASP plugin but was redirected to the core DependencyCheck module:
https://issues.jenkins-ci.org/browse/JENKINS-47845
The text was updated successfully, but these errors were encountered: