Closed Whisper40 closed 2 years ago
Any example sbom that gives false negatives?
We are not able to identify affected projects, next time that this type of issue occured i will add sbom of false negative project.
@Whisper40, I think that you will find that the vuln is being picked up in Dependency-Track... but in a non-obvious way.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Current Behavior:
Steps to Reproduce:
Add thousands of spring projects, with many spring's version
Expected Behavior:
We should be able to see what project is affected by this vulnerability, as fast as possible. For sure, we have affected projects.
Environment:
Additional Details:
NVD : https://nvd.nist.gov/vuln/detail/CVE-2022-22965