Jeremy Long
Jeremy Long
ODC isn't correctly handling release candidates and milestones when the NVD is including these in the CPE. This will take a bit more to resolve than most FP reports.
As with #2819 I have been unable to reproduce. If you can provide a sample project we can look into the FP. Also note - false positives are expected when...
To match on hashes would require one to maintain a database of hash to CPE. There is no completely open source database that I know of that maps hashes to...
I agree with the PR - but it would be a breaking change. This will get merged, but we might have a release or two happen before we move to...
@naftolib We would need a little more information about your project to help - as you appear to be using the exact same syntax that was tested and is documented:...
This looks like it would require a LOT of refactoring of the plugin as the `@Option` attribute does not work with extensions. As recommended by the gradle documentation all of...
Can you provide the build.gradle for `not-elasticsearch` as well?
My best guess is that there is something earlier in the debug log that may indicate what is going on. The docker container for ODC is currently using Java 11...
There is a reported bug about the `dependencyCheckUpdate` with `autoUpdate=false` - this is an incompatible configuration/task combination. If you have an empty database directory and execute with `autoUpdate=false` ODC will...
@spanierm as a test could you try Zulu 13?