[FP]: Multiple False positives found in dependency check scan #7383
Comments
|
Error parsing package url: jre-8u431-linux-x64.rpm: jfr.jar. Error: Error: Invalid purl: missing required "pkg" scheme component Please correct the package URL - consider copying the package url from the HTML report. |
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/13234611865 |
|
ODC 7.1.0 is outdated as indicated on #7384 I cannot reproduce the FPs with an up-to-date CLI |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
jre-8u431-linux-x64.rpm: jfr.jar
CPE
cpe:2.3:a:oracle:jrockit:1.8.0.431
CVE
CVE-2009-1006
ODC Integration
None
ODC Version
7.1.0
Description
False Positives ticket.docx
Multiple false positives vulnerabilities were identified while running dependency checker scan. I have mentioned only one CVE in the ticket. Since there are numerous CVE's filing multiple reports is time consuming, so I have attached a document with all the CVE's and the justification for them being False positive. Please consider the same.
The text was updated successfully, but these errors were encountered: