Reduce number of CVE collisions dependency-check/dependency-check-son…

[jordannstrong]

…ar-plugin#682

Uses the CVE number as a line offset to reduce overlap.

[Reamer]

Can you please provide a screenshot of how the offset affects the SonarQube UI?

[jordannstrong]

Please let me know if this isn't what you meant, or if you'd like any other screenshots or information.

[jordannstrong]

Yes, with the result of the issue being attached to the lines at offset 202223305, instead of the entire line, allowing for multiple vulnerabilities on the same line without colliding. It's certainly not a complete solution, since if the vulnerability has no numbers in the name it will default to offset 0, allowing for collisions. Or if one line has multiple vulnerabilities with the same CVE. Otherwise, nothing changes visually, just the location that the issues are tracked internally by SonarQube.

[Reamer]

I don't like the solution with the offsets because it has an unclean taste. Since the solution probably works, I leave the pull request open for people who also want to solve the problem.