Merge pull request #7153 from meiao/java-false-positive

newrelic · Apr 18, 2022 · 182c9fd · 182c9fd
2 parents 89e4831 + 2bef513
commit 182c9fd
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/...-agent/troubleshooting/large-number-false-positive-security-vulnerabilities.mdx b/...-agent/troubleshooting/large-number-false-positive-security-vulnerabilities.mdx
@@ -15,11 +15,11 @@ When a security scan is performed, it reports back with a high number of false p
 
 ## Cause
 
-The security scan flagged the jar files as vulnerable due to the class and method names we use to identify sources for instrumentation. However, the jar files only contain New Relic instrumentation code.
+The security scan flagged the jar files as vulnerable due to the class and method names we use to identify sources for instrumentation. However, the jar files only contain New Relic instrumentation code. Warnings for all jar files within the newrelic.jar are false positives.
 
 ## Solution
 
-Suppress the false positive warnings coming from the `instrumentation` package in the newrelic.jar with your scanning tool.
+Suppress the false positive warnings coming from the `instrumentation` package in the newrelic.jar with your scanning tool, including all jar files whose names match the modules listed in the [New Relic Java agent repository](https://github.com/newrelic/newrelic-java-agent/tree/main/instrumentation).
 
 For example, false positives discovered by the `DependencyCheck` project at [github.com/jeremylong/DependencyCheck](https://github.com/jeremylong/DependencyCheck) can be suppressed with: