[FP]: False positive findings in Dependency Checker for bss chef service component #7386
Labels
Comments
|
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/13235657414 |
|
Looks like a proprietary library for which you'd have to create your own suppression. False positives like this are to be expected for proprietary libraries and to be assessed and handled by the users of such libraries. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Package URl
pkg:maven/com.bss.chef/[email protected]
CPE
cpe:2.3:a:chef:chef:1.4.4:snapshot::::::
CVE
CVE-2015-8559
ODC Integration
{"label" => "Docker"}
ODC Version
7.1.0
Description
Hi Team,
We are getting following vulnerabilities (CVEs) in Dependency Checker Tool findings, although as per our analysis we consider them as false positive.
CVEs details and our justification for false positive for each CVE is mentioned below.
Kindly check and get it fixed in Dependency Checker tool. So these false positive does not appear in scan report.
CVE-2015-8559
Justification: There vulnerability is related to chef infra client.
We include chef services jar only and does not include chef infra client packages. Hence we have consider this vulnerability as false postive.
The text was updated successfully, but these errors were encountered: