search

jeremylong / odc-falsepositives

throw away project to test dependency-check false positives
0 stars 1 forks source link

[FP]: log4j-slf4j-impl #8

Open jeremylong opened 2 years ago

jeremylong commented 2 years ago

Package URl

pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.12.1

CPE

cpe:2.3:a:apache:log4j:2.12.1:*:*:*:*:*:*:*

CVE

No response

ODC Integration

No response

ODC Version

6.5.3

Description

No response

github-actions[bot] commented 2 years ago

Maven Coordinates

<dependency>
   <groupId>org.apache.logging.log4j</groupId>
   <artifactId>log4j-slf4j-impl</artifactId>
   <version>2.12.1</version>
</dependency>

Suppression rule:

<suppress base="true">
   <notes><![CDATA[
   FP per issue #8
   ]]></notes>
   <packageUrl regex="true">^pkg:maven/org\.apache\.logging\.log4j/log4j-slf4j-impl@.*$</packageUrl>
   <cpe>cpe:/a:apache:log4j</cpe>
</suppress>

Link to test results: https://github.com/jeremylong/odc-falsepositives/actions/runs/1864158226