search

jeremylong / DependencyCheck

OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
https://owasp.org/www-project-dependency-check/
Apache License 2.0
6.02k stars 1.21k forks source link

[FP]: spring-boot-jarmode-tools incorrectly identified as vmware:tools #6725

Closed MichaelVetter closed 1 day ago

MichaelVetter commented 2 weeks ago

Package URl

pkg:maven/org.springframework.boot/spring-boot-jarmode-tools@3.3.0

CPE

cpe:2.3:a:vmware:tools:3.3.0:*:*:*:*:*:*:*

CVE

No response

ODC Integration

{"label"=>"Maven Plugin"}

ODC Version

9.2.0

Description

No response

github-actions[bot] commented 2 weeks ago

Maven Coordinates

<dependency>
   <groupId>org.springframework.boot</groupId>
   <artifactId>spring-boot-jarmode-tools</artifactId>
   <version>3.3.0</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #6725
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/org\.springframework\.boot/spring-boot-jarmode-tools@.*$</packageUrl>
   <cpe>cpe:/a:vmware:tools</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/DependencyCheck/actions/runs/9514606574

aikebah commented 1 day ago

approved

github-actions[bot] commented 1 day ago

Suppress rule has been added to the generatedSuppressions branch.