DependencyCheck icon indicating copy to clipboard operation
DependencyCheck copied to clipboard

Published 20 hours ago verified publisher icon jeremylong

False Positive on play-cache, play-ehcache cachecontrol, shiro-cache

Open philipwhiuk opened this issue 3 years ago • 1 comments

A sample JVM (Scala) dependency can be obtained by Maven/SBT.

The conflicts are with a CPE for a Rust Library.

False positive on multiple Play Framework Scala libraries - e.g. play-cache_2.12-2.8.2.jar - which are reported as matching:

cpe:2.3:a:cache_project:cache:2.8.2

Maven

<dependency>
   <groupId>com.typesafe.play</groupId>
   <artifactId>play-cache_2.12</artifactId>
   <version>2.8.2</version>
</dependency>

philipwhiuk avatar Jan 07 '22 15:01 philipwhiuk

This appears to have resolved itself, cannot reproduce with an up-to-date maven plugin (7.1.0)

aikebah avatar Jun 08 '22 12:06 aikebah