DependencyCheck
DependencyCheck copied to clipboard
[FP]: jruby-readline confused for jruby itself
Package URl
pkg:maven/rubygems/[email protected]
CPE
cpe:/a:jruby:jruby
CVE
No response
ODC Integration
{"label"=>"Gradle Plugin"}
ODC Version
7.1.1
Description
https://github.com/jruby/jruby-readline is an independently versioned project (also see https://mvnrepository.com/artifact/rubygems/jruby-readline/1.3.7)
Bot cannot find the dependency as it's not a regular "jar" artifact in Maven Central. It's a JRuby java gem that relies on a special Gradle plugin/repository to resolve (and a dependency that is sometimes shaded into JRuby itself): See https://github.com/jruby/jruby-readline and https://mvnrepository.com/artifact/rubygems/jruby-readline/1.3.7
Failed to automatically evaluate the false positive. See: https://github.com/jeremylong/DependencyCheck/actions/runs/3172102215
Suggested suppression rule
<suppress base="true">
<notes><![CDATA[
FP per issue #4648
]]></notes>
<packageUrl regex="true">^pkg:maven/rubygems/jruby\-readline@.*$</packageUrl>
<cpe>cpe:/a:jruby:jruby</cpe>
</suppress>