search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
5.93k stars 1.21k forks source link

[FP]: java-cfenv-boot detected as Spring Framework #6632

Closed aikebah closed 2 weeks ago

aikebah commented 2 weeks ago

Package URl

pkg:maven/io.pivotal.cfenv/java-cfenv-boot@3.1.3

CPE

cpe:2.3:a:vmware:spring_framework:3.1.3:*:*:*:*:*:*:*

CVE

CVE-2022-22965

ODC Integration

{"label"=>"Maven Plugin"}

ODC Version

9.0.9

Description

See #6415

github-actions[bot] commented 2 weeks ago

Maven Coordinates

<dependency>
   <groupId>io.pivotal.cfenv</groupId>
   <artifactId>java-cfenv-boot</artifactId>
   <version>3.1.3</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #6632
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/io\.pivotal\.cfenv/java-cfenv-boot@.*$</packageUrl>
   <cpe>cpe:/a:undefined:undefined</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/8870287212

github-actions[bot] commented 2 weeks ago

Maven Coordinates

<dependency>
   <groupId>io.pivotal.cfenv</groupId>
   <artifactId>java-cfenv-boot</artifactId>
   <version>3.1.3</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #6632
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/io\.pivotal\.cfenv/java-cfenv-boot@.*$</packageUrl>
   <cpe>cpe:/a:vmware:spring_framework</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/8870302473

aikebah commented 2 weeks ago

approved

github-actions[bot] commented 2 weeks ago

Suppress rule has been added to the generatedSuppressions branch.