DependencyCheck
DependencyCheck copied to clipboard
spring-context-support is sometimes not grouped with other springframework libraries
In the HTML report the library spring-context-support is sometimes not grouped with other springframework libraries but listed as a separate entry with the same vulnerability. This happens usually every second build. In the other builds it is listed under "Related Dependencies" of other springframework libraries.
pkg:maven/org.springframework/[email protected]
The problem occurs using version 5.3.2 of the maven plugin
In the maven log I do not see anything related to that problem.
May be it is a similar problem like #917.
Any chance you have an example pom.xml
or build.gradle
?
We run the check on a war file, here is the maven configuration:
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>${dependency-check-maven.version}</version>
<executions>
<execution>
<id>check</id>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
<configuration>
<formats>HTML,XML,JUNIT,JSON</formats>
<prettyPrint>false</prettyPrint>
<outputDirectory>${project.build.directory}/owasp</outputDirectory>
<dataDirectory>${data.owasp.home}</dataDirectory>
<nodeAnalyzerEnabled>false</nodeAnalyzerEnabled>
<opensslAnalyzerEnabled>false</opensslAnalyzerEnabled>
<ossindexAnalyzerEnabled>true</ossindexAnalyzerEnabled>
<centralAnalyzerEnabled>true</centralAnalyzerEnabled>
<nexusAnalyzerEnabled>false</nexusAnalyzerEnabled>
<enableExperimental>false</enableExperimental>
<autoUpdate>true</autoUpdate>
<failOnError>false</failOnError>
<skipDependencyManagement>true</skipDependencyManagement>
<skipProvidedScope>true</skipProvidedScope>
<skipSystemScope>true</skipSystemScope>
<skipRuntimeScope>true</skipRuntimeScope>
<suppressionFiles>
<suppressionFile>src/build/dependency-suppression.xml</suppressionFile>
</suppressionFiles>
<mavenSettings>
<proxy>
<host>${owasp.maven.proxy.host}</host>
<port>${owasp.maven.proxy.port}</port>
</proxy>
</mavenSettings>
<scanSet>
<FileSet>
<directory>../mydir</directory>
<includes>
<include>**/*.ear</include>
<include>**/*.war</include>
</includes>
</FileSet>
</scanSet>
</configuration>
</plugin>