Hans Aikema

@HarshalSuple @YaminiLupane can one of you validate that my hand-crafted suppression for this issue actually works? (I'm quite confident based on the info provided in the ticket, but I don't...

@mushu999 Thanks for pinging on this issue, I somehow missed the response of @Akash-2001-git Should land in the hosted suppressions soon

You provide far too little information on your scan results to be able to tell... You'll have to judge for yourself from the information in the report, taking into account...

(part of) the html report itself, indicating which files were discovered that were identified to be the CPE to which the CVE is linked and what their discovered 'evidences' are...

approved

Is rooted in a difference in package URL ODC uses `pkg:composer/symfony/[email protected]`, whereas apparently OSSIndex uses `pkg:composer/symfony/[email protected]`

As a work-around you could use a locally build version with a dirty-hack patch applied that will add the package-url in the form that OSSIndex requires. It will duplicate every...

approved @Jan5366x sorry for the long wait, suppression of FP should be live soon

Suspected to be a side-effect of the Ecosystem issue mentioned in #6358

The output that the Golang Mod Analyzer shows you in the error message is the output generated by go (`go list -m -json -mod=readonly -all`) and just handed to you...