Chad Wilson
Chad Wilson
Yeah, as I mentioned, an identical suppression rule is working fine on one project but not another so there must be something specific to the Gradle project, plugin or configuration...
@EugenMayer assuming you have confirmed it is coming from NVD rather than, say, OSSIndex could it be NVD cached data being different between your mvn and Gradle examples? Fix version...
> @chadlwilson i would not say i confirmed that, sorry. I would rather say i'am not even sure how. I ensure to wipe the CI cache / local cache to...
@EugenMayer As the docs indicate, only NVD data is cached. So purging it won't help if the issue is OSSIndex. You'll have to suppress until https://github.com/OSSIndex/vulns/issues/328 is addressed. Anyway, `CVE-2022-38752`...
As to the **root problem** here, it's possible to have something very strange going on. It seems like in some cases Dependency Check or its Gradle plugin is not actually...
Since this is an issue with a single CVE the upstream data should be fixed rather than doing so in OWASP dep check itself. I believe suppressions here are supposed...
Yeah, they responded pretty quickly to my request for review π
It can be re-opened, but unfortunately that doesn't really do anything for the resources with which to implement it. :) The alternative way with which to do this right now...
Sorry, I'm not sure what you are describing or asking for here. You've marked it as enhancement but you seem to be describing a bug? Multiple pipelines can definitely refer...
Let us know if you're able to supply more detail here and we can reopen.