Open seanleblancicdtech opened 2 years ago
Is this a request for help?:
Is this a BUG REPORT or a FEATURE REQUEST? (choose one): BUG REPORT
Version of Anchore Engine and Anchore CLI if applicable:
Engine DB Version: 0.0.16 Engine Code Version: 1.1.0
What happened:
Got a false positive for jars related to Netty.
What did you expect to happen:
Expected Netty jars to not get flagged. Example:
Getting lots of seemingly false positive on reactor-netty* jars, for example:
CRITICAL Vulnerability found in non-os package type (java) - /app/libs/reactor-netty-http-1.0.19.jar (CVE-2019-20445 - https://nvd.nist.gov/vuln/detail/CVE-2019-20445)
Is this a request for help?:
Is this a BUG REPORT or a FEATURE REQUEST? (choose one): BUG REPORT
Version of Anchore Engine and Anchore CLI if applicable:
Engine DB Version: 0.0.16 Engine Code Version: 1.1.0
What happened:
Got a false positive for jars related to Netty.
What did you expect to happen:
Expected Netty jars to not get flagged. Example:
Getting lots of seemingly false positive on reactor-netty* jars, for example:
CRITICAL Vulnerability found in non-os package type (java) - /app/libs/reactor-netty-http-1.0.19.jar (CVE-2019-20445 - https://nvd.nist.gov/vuln/detail/CVE-2019-20445)